Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard
Lorenzo Colitti <lorenzo@google.com> Thu, 10 September 2020 11:27 UTC
Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4ACA03A08CF for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 04:27:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 10tigKKphVfW for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 04:27:00 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 588093A08BA for <ipv6@ietf.org>; Thu, 10 Sep 2020 04:27:00 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id j2so6622258ioj.7 for <ipv6@ietf.org>; Thu, 10 Sep 2020 04:27:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=P5xeJ/H5NJGUK6tEmUAnuILu6aQCydD1IH3PE1J4SGg=; b=gRyPpLDcOrYUcLRYLI1WnM8wHsIZW1c/apoWmf+ER2wsTC6bwJg56QCFuBhG8K7Lr/ PoHg4pFahPhYKRAEI7SVgIu/1RXY2CM6i1Vh1G7sjf+DM1dpQ57ma5Ern6F7YoIyyQLJ hI4+feI1KwK1B0XhlIWG7kFqLWPmXMlRF9M2G3/Mofz+UYI4PRqNl8zqjZukAE/Oxuu0 8g7IQuH/i7eBktX67lmO/WOn9MA49oPCA6fdGjqeO2y9WYy1+XUdNfXdSe2szJdJ94jC 7bqfE8GvV2GOEXlVUd5gaFpUJAQG2bEULDek7hxxaGcd2UWsIgG12BnqR3cuJkJ6b4yW lweA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=P5xeJ/H5NJGUK6tEmUAnuILu6aQCydD1IH3PE1J4SGg=; b=jglu+dRoUqe56J1i73op5ft7LL5Vw1OyFq6X5cb7xRDGMtfyt0hT4+vqy7LcdWYPoe eDxBFQwUhE2IaLLsFomW+iSc7OS7gZOYOqEvt7RUgnM7BQIyL6QMFdE/TIdw+QmnVCqk G6FS0cNgm0fHE7EtoUv2PkP36qIztUFCYPudXMkgQ8aIgiDyNwuv8RsUWqb68iZNvyww wdaruTpsYqaWvHdcrVxYD2DInmjBMq8VrGQWhBxUhqDWNPJcNc8ZpwKTkG8wVMZqMFDL wxnZi/bFs1UrE6TKYosFDHoraeb3BStcCUvckuNog+7HtypkSB0PJ9oqFDJSGtdYEPlk HExg==
X-Gm-Message-State: AOAM530pA54qaS45HGSQUJNVo7HToXbGA55fJXNnsfc7Rw3/KJiyzOpX torg+2yI/Z2wUhLfpsHdldMDQHDTTZDEEdBnNooBcg==
X-Google-Smtp-Source: ABdhPJw3FKt8+wPsMwGAk4N/MBQ5m6f2v2uVjuLGhNst/6eztS1JfZtAioJ+B3QezAO3BeZPl7dRtkNvtOqP7o+SC9s=
X-Received: by 2002:a05:6602:240c:: with SMTP id s12mr6986156ioa.5.1599737219328; Thu, 10 Sep 2020 04:26:59 -0700 (PDT)
MIME-Version: 1.0
References: <159969199185.9541.8823907519726516405@ietfa.amsl.com>
In-Reply-To: <159969199185.9541.8823907519726516405@ietfa.amsl.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 10 Sep 2020 20:26:47 +0900
Message-ID: <CAKD1Yr1fVnhr3ZM64vLxtXg-9WAKemDuzW2gMupviv-i9V-GiA@mail.gmail.com>
Subject: Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard
To: last-call@ietf.org
Cc: draft-ietf-6man-rfc4941bis@ietf.org, IETF IPv6 Mailing List <ipv6@ietf.org>, 6man Chairs <6man-chairs@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000b1a4e105aef3d84c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/6cpvoUrOS0X6N1vyQD51egu9F8o>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 11:27:02 -0000
Having read this document again, I have the following concerns.
1. I think it should not include section 3.3.2. The reason is that it
needlessly suggests an algorithm that is much more complex than simply
using an existing random number generator which all nodes likely already
have.
2. I think the text mentioning shorter IID lengths (3.3.1 bullet #2) is not
useful to implementers, because all it says is that it is possible to
implement a behaviour that for in all practical cases is forbidden by RFC
4291.
3. This normative text:
1. Process the Prefix Information Option as defined in [RFC4862],
adjusting the lifetimes of existing temporary addresses. If a
received option may extend the lifetimes of temporary addresses,
with the overall constraint that no temporary addresses should
ever remain "valid" or "preferred" for a time longer than
(TEMP_VALID_LIFETIME) or (TEMP_PREFERRED_LIFETIME -
DESYNC_FACTOR) respectively.
does not seem to mean anything because the second sentence lacks a verb. If
a received option may extend the lifetime of temporary addressess... then
what should the implementation do? The text doesn't say.
4. This text:
Note that, except for the
transient period when a temporary address is being regenerated, in
normal operation at most one temporary address per prefix should be
in a non-deprecated state at any given time on a given interface.
seems excessive because it immediately makes all current implementations
non-compliant. It also does not seem like a good thing to limit the number
of temporary addresses in general. If an implementation wants to create
more than one for extra privacy (e.g., to use different IPv6 addresses for
different applications), it should be free to do so. This text is also not
true if a user changes TEMP_VALID_LIFETIME to a value that is not exactly
2x TEMP_PREFERRED_LIFETIME. Users are explicitly permitted to change these
values in section 3.8.
5. Should this text:
The TEMP_PREFERRED_LIFETIME value MUST be less than the
TEMP_VALID_LIFETIME value.
really say "less than"? Shouldn't it say "less than or equal to"?
On Thu, Sep 10, 2020 at 7:55 AM The IESG <iesg-secretary@ietf.org> wrote:
>
> The IESG has received a request from the IPv6 Maintenance WG (6man) to
> consider the following document: - 'Temporary Address Extensions for
> Stateless Address Autoconfiguration
> in IPv6'
> <draft-ietf-6man-rfc4941bis-10.txt> as Proposed Standard
>
> The IESG plans to make a decision in the next few weeks, and solicits final
> comments on this action. Please send substantive comments to the
> last-call@ietf.org mailing lists by 2020-09-23. Exceptionally, comments
> may
> be sent to iesg@ietf.org instead. In either case, please retain the
> beginning
> of the Subject line to allow automated sorting.
>
> Abstract
>
>
> This document describes an extension that causes nodes to generate
> global scope addresses with randomized interface identifiers that
> change over time. Changing global scope addresses over time limits
> the window of time during which eavesdroppers and other information
> collectors may trivially perform address-based network activity
> correlation when the same address is employed for multiple
> transactions by the same node. Additionally, it reduces the window
> of exposure of a node via an address that becomes revealed as a
> result of active communication. This document obsoletes RFC4941.
>
>
>
>
> The file can be obtained via
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc4941bis/
>
>
>
> No IPR declarations have been submitted directly on this I-D.
>
>
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
- Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (T… The IESG
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Lorenzo Colitti
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Alexandre Petrescu
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Nick Hilliard
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Philip Homburg
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Lorenzo Colitti
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Brian E Carpenter
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… 神明達哉
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Brian E Carpenter
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… 神明達哉
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Alexandre Petrescu
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Fernando Gont
- Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt… Alexandre Petrescu