Re: OPS-DIR review of draft-6man-stable-privacy-addresses-16

Hannes Frederic Sowa <> Thu, 23 January 2014 01:15 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6C2761A010C; Wed, 22 Jan 2014 17:15:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.435
X-Spam-Status: No, score=-2.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.535] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id f-NNr6fGRa-C; Wed, 22 Jan 2014 17:15:15 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 06C521A00E7; Wed, 22 Jan 2014 17:15:14 -0800 (PST)
Received: by (Postfix, from userid 500) id 2CB201A0C293; Thu, 23 Jan 2014 02:15:12 +0100 (CET)
Date: Thu, 23 Jan 2014 02:15:12 +0100
From: Hannes Frederic Sowa <>
To: Tim Chown <>
Subject: Re: OPS-DIR review of draft-6man-stable-privacy-addresses-16
Message-ID: <>
References: <> <EMEW3|8f37f1d5d449ce20468ee92a0af181faq0M16n03tjc||>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <EMEW3|8f37f1d5d449ce20468ee92a0af181faq0M16n03tjc||>
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jan 2014 01:15:17 -0000


On Thu, Jan 23, 2014 at 01:05:28AM +0000, Tim Chown wrote:
> 2. In the algorithm section, there is a comment that interface names MUST remain the same across boots or down/up events for the stable privacy address to remain stable. I have (admittedly some time ago, and in rare cases) seen Linux installations where network interface names can ‘swap’, thus changing the address in use on the interface under the proposed algorithm, whereas with existing EUI64 SLAAC the IIDs would remain the same even if the interface name for a physical interface changed. This is probably rather more likely if replacing a network card on motherboard with on-board NIC(s).  Perhaps Fernando can comment on whether this is a realistic concern with modern OSes.

It is mostly solved. Currently earily user space reconfigures the names
of the network interface cards based on mac addresses. This also means
we cannot generate those addresses while kernel boot-up but must wait
until those renames have occured.

For the linux implementation we are currently more and more considering a pure
userspace implementation as we have problems with dad counter persistence and
possible address generation algorithm configurations.

> 3. I assume the IID may/will vary for a different OS run on the same host, e.g. where the host is dual-boot, or where a new OS installed (or the same OS re-installed). A different OS may well use a different F(), given that’s not specified.  With EUI-64, a dual-boot host would likely have the same address under either OS (well, not Windows any more…).  This may be worth making explicit.

Problem here is the sharing of the secret. Well, a different OS must read the
other OSes filesystem to get the secret needed for address generation.

Maybe we could install those secrets into some uEFI store but I am not an
expert on this.

> 6. I’d suggest not mentioning MD5.