IETF Logo Mail Archive

Re: Errata for RFC4862

Tim Chown <Tim.Chown@jisc.ac.uk> Thu, 12 January 2017 14:29 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E05831293EB for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 06:29:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.11
X-Spam-Level:
X-Spam-Status: No, score=-4.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=jisc365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 52jD5v87lEnn for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 06:29:42 -0800 (PST)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [146.101.78.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8645F129417 for <ipv6@ietf.org>; Thu, 12 Jan 2017 06:29:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc365.onmicrosoft.com; s=selector1-jisc-ac-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Yz0R5J/O8g1SdYjg+36XoLQs4gw46hJLIGcNbRs8hpQ=; b=HTgXxGaCR42goxlMrG8cmNx0rCvanshBi++cZjkDqcPm8HpMHjktEpsR7XRKjRPIcyLSLllFXxTaf7Ixw0u3R6Drh/zirl+xYfCRXUxqOgOGpwyJNppIMgdoseVnDdgLGC1XTHLnidh1OQRkYxZITan46nG668XYat2BzebkVBk=
Received: from EUR02-AM5-obe.outbound.protection.outlook.com (mail-am5eur02lp0146.outbound.protection.outlook.com [213.199.180.146]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-9-TdJsRQX-NQOsEIPNMOZkGg-1; Thu, 12 Jan 2017 14:29:34 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1138.eurprd07.prod.outlook.com (10.163.188.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.845.6; Thu, 12 Jan 2017 14:29:33 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::5973:c4fc:6c1c:27c2]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::5973:c4fc:6c1c:27c2%14]) with mapi id 15.01.0845.014; Thu, 12 Jan 2017 14:29:33 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Mark Smith <markzzzsmith@gmail.com>
Subject: Re: Errata for RFC4862
Thread-Topic: Errata for RFC4862
Thread-Index: AQHSaXBn5ebqxyUYbEyFjv7/ZjHe0aEv2MYAgAHTMACAAHGEgIAAJXQAgAKqxIA=
Date: Thu, 12 Jan 2017 14:29:33 +0000
Message-ID: <9F634A38-468F-46B6-81D5-17D96223F163@jisc.ac.uk>
References: <CAO42Z2xH9wqXKFjtAbv6isQ3cG1=FNUmkNFq2DGJdqj9BFDVaQ@mail.gmail.com> <E459F5B0-D088-4D74-B92A-9A8671249716@employees.org> <4921ADB7-42A6-443E-B639-A3F6F300B13C@jisc.ac.uk> <CAJE_bqesE0Y+0mpmkWHji+JGhPAtmWJx4LjA4Kz+8ij+Li0E4g@mail.gmail.com> <CAO42Z2xWT2gNmwjALCLbxXwBw94nmkn-if4cXXBECAsRLPxxxQ@mail.gmail.com>
In-Reply-To: <CAO42Z2xWT2gNmwjALCLbxXwBw94nmkn-if4cXXBECAsRLPxxxQ@mail.gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3259)
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [194.82.140.195]
x-ms-office365-filtering-correlation-id: 57be8f33-8da7-4eae-80fe-08d43af76d7a
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM3PR07MB1138;
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1138; 7:MjAnonq1a41k88hkd6+wL5EAyesJwY5G94kgvaeTd1O3oWcnSyybM70x9KnM4b+yzo9bNP33Gp4EBXRH4dUSNjUvGiMB2FZKUQDjrRrlQ3eRRdbdRgkc8CI775ezBzA2ifIst27Qp9wAiSYnY2iCrQylw8VT/UU0BrA7nV9ptREQVinJuzcWlLAHX/3+HzHIoxs8OlmhEYC7oaCWvsGOrGyt63T8cPPi4mAz88+Az/APfCPZlSvCLJYRKCQP/CfjW5653E/+vLl+1BdQuskNMdq7wifOAcQPQhgy8JsloeCeKaEevg5OBe38C+jD+qO6hSQiRhn7YzHPqLBGTQILAKjKKFnXMHSStzI/jwPO4xp2FlTCjMlrCIsE2cI51IPQUGc+Ayt1jC5bRShk7jbWEdhOvnZugJQPtVRi2Kgy5xOLIUO2DNrptCwZVbPo9zgIejoNFDwETyd8Hw+sZFEzrQ==; 20:mA6y4EtN5J5K5Sm4ISm1z2ZiraXsFBbVzdEpsAZzSsVDcnvIWFzt7J7VfWKESuP6Hoq+qQ9fY3d/ct4Ct3hjCrzqZAQnkZpdubyUDZWdGlOBk+rhI6bEWKnUfjz24+Uzdtu7y/kXxItPtT0oBAK/JIdlPwTlB7eF1WkxXWmPElM=
x-microsoft-antispam-prvs: <AM3PR07MB1138FF5DF7751B66837808CDD6790@AM3PR07MB1138.eurprd07.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(274715658323672);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6041248)(20161123560025)(20161123562025)(20161123555025)(20161123564025)(6072148); SRVR:AM3PR07MB1138; BCL:0; PCL:0; RULEID:; SRVR:AM3PR07MB1138;
x-forefront-prvs: 018577E36E
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(39450400003)(199003)(377454003)(24454002)(189002)(8676002)(97736004)(81166006)(3280700002)(8936002)(50226002)(3660700001)(101416001)(33656002)(54896002)(6512007)(5250100002)(81156014)(76176999)(2900100001)(50986999)(6306002)(106356001)(105586002)(106116001)(36756003)(86362001)(102836003)(6116002)(92566002)(68736007)(93886004)(74482002)(3846002)(4326007)(38730400001)(229853002)(54906002)(2906002)(1411001)(57306001)(39060400001)(7736002)(7906003)(82746002)(66066001)(42882006)(6486002)(83716003)(6506006)(189998001)(5660300001)(6916009)(236005)(606005)(99286003)(2950100002)(6436002)(7116003)(110136003)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1138; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2017 14:29:33.3329 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1138
X-MC-Unique: TdJsRQX-NQOsEIPNMOZkGg-1
Content-Type: multipart/alternative; boundary="_000_9F634A38468F46B681D517D96223F163jiscacuk_"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/7KsPoqh1a5ZmByJtVE2ZIFRpXkg>
Cc: 6man WG <ipv6@ietf.org>, 神明達哉 <jinmei@wide.ad.jp>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 14:29:50 -0000

Hi Mark,

On 10 Jan 2017, at 21:45, Mark Smith <markzzzsmith@gmail.com<mailto:markzzzsmith@gmail.com>> wrote:

On 11 Jan. 2017 6:32 am, "神明達哉" <jinmei@wide.ad.jp<mailto:jinmei@wide.ad.jp>> wrote:
At Tue, 10 Jan 2017 12:45:27 +0000,
Tim Chown <Tim.Chown@jisc.ac.uk<mailto:Tim.Chown@jisc.ac.uk>> wrote:

> My recollection of running renumbering experiments is that it’s the
> Preferred Lifetime that matters, i.e. when that is set to zero for a
> prefix, the prefix is marked as deprecated.  So when renumbering,
> you run with two prefixes advertised, old and new, setting the
> Preferred Lifetime to 0 on the old prefix (even though the Valid
> Lifetime is set to 2+ hours), so that the address with the new
> prefix is used for newly initiated communications (as per RFC 6724,
> Rule 3).

Yes, but I guess what Ole tried to point out (which I agree with) is
that the valid lifetime will also have to decrease to 0 eventually,
and this original text of RFC4862 allows such decrease operation
without requiring explicit authentication if done by gradually:

If that is the case (and I don't think it is, it creates the DoS opportunity that all other >2 hr checks attempt to defeat), then I think it needs to be far better and more explicitly explained, including the sequence of events.

What is the use case that can't be achieved by setting the preferred lifetime to zero, immediately deprecating the addresses (and a VL of 2 hours to cause them to disappear shortly).

If it is to remove addresses immediately from a host by setting the RA PIO VL to zero - actually that's not going to work, because seeing VL to zero will fail the greater than remaining time check.

It would be very laborious to try to remove an address by only being able to send a VL greater than the address's remaining time. Letting the address age out/expire naturally by itself by stopping sending the RA PIO for the prefix wolf be easier and I think quicker.

Yes, the process you describe is exactly what RFC 4192 recommends for renumbering, and which was tested on common OSes at the time that RFC was written. To begin the renumbering process, you run with PL 0 and VL 2hrs on the “old” prefix, and with normal values on the “new” prefix.  To transition to just the new prefix in use, you stop advertising the old prefix, such that addresses formed from it will become invalid and be removed, and during which time the address generated from the new prefix will be used due to RFC 6724 Rule 3.

So from that perspective, there’s no need to change RFC 4862 to allow an unauthenticated VL < 2hrs.

Tim


Regards,
Mark.


> >>     1.  If the received Valid Lifetime is greater than 2 hours or
> >>         greater than RemainingLifetime, set the valid lifetime of the
> >>         corresponding address to the advertised Valid Lifetime.


--
JINMEI, Tatuya

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org<mailto:ipv6@ietf.org>
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email