Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 14 May 2016 02:59 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 723CF12B009 for <ipv6@ietfa.amsl.com>; Fri, 13 May 2016 19:59:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QotXnxSm35y5 for <ipv6@ietfa.amsl.com>; Fri, 13 May 2016 19:59:41 -0700 (PDT)
Received: from mail-pf0-x22c.google.com (mail-pf0-x22c.google.com [IPv6:2607:f8b0:400e:c00::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AA31512B007 for <ipv6@ietf.org>; Fri, 13 May 2016 19:59:41 -0700 (PDT)
Received: by mail-pf0-x22c.google.com with SMTP id 206so48480789pfu.0 for <ipv6@ietf.org>; Fri, 13 May 2016 19:59:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=gNdlnx9Q4xjRrhIfq4y0jWjNMdkH77hSzn4TvX8CICA=; b=AYmZX0JLA+Uc38M5jS7gKl1sNhFn5m3/LnChKv3u4b9HckeUjIQpMdnfnz450KaMsy mGuwji+GEgZo5532K9N4hIN48fasvTo/uO11Oq3Ko2o5cZbvyzgK1IeXnPWLs/IJnFTy TwVtGpnx55eO5dFo6AF6jjF6Tpa+Hoh3cY5pXbGOT5ez8pUX9UI8G9BbVmQNw4S3m5aK VjSTYso1GoRmeXYjPF8DecpYm9l+aBxHZF00T2anb8YGz/j/ReLL4x8UHEGBq1FmWsS7 hi2fDMEiKe+gCXXvKnOy+wwG/4tQ3GR8P4kkSJj5Br56nCea95a23DgNWJNVmRdV0qR9 bBzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=gNdlnx9Q4xjRrhIfq4y0jWjNMdkH77hSzn4TvX8CICA=; b=CYQU75rxoU0Q0Mtt0qkLGRZUJculxqHUxxWoYN9soAUlp/aTt8zyDRheC4raBxp1CP uxSTlWmENbRACOYgRE09dM6QfCXFDd+Ao01Ita/vLko2oK/Yen4pJZ+Mt8lhZGeq3IeW 7WmKpIBq5tmrvfzSMZe77Ne24SSKduAMuPT879Ykd30xPU+xkzC4PwiqpoUUw8pUxUV1 wn4dQ8CTv/y7fNwmGt+LbaV5cbR4gOC2Jyxs3Bt6eVTyIbBXhGVJ2PbtTsl3NM5kMTcf 6AFD6kKNU/fRgqdGYTMzSLVIlrSo/P+5useLdoULwTOYFtia+iI3GdSvQi9ZFS30Vuo1 9f9w==
X-Gm-Message-State: AOPr4FWGVk9gAKtWLu3COrtn6xsY/SeN3o7qdvpIfMhtlva87tnUSOgNDojKfyL3DiV1zQ==
X-Received: by 10.98.100.71 with SMTP id y68mr28087240pfb.84.1463194781259; Fri, 13 May 2016 19:59:41 -0700 (PDT)
Received: from ?IPv6:2406:e007:56d8:1:28cc:dc4c:9703:6781? ([2406:e007:56d8:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id y128sm30511395pfb.13.2016.05.13.19.59.38 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 13 May 2016 19:59:40 -0700 (PDT)
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: Lorenzo Colitti <lorenzo@google.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <6f2edbbc-d208-03a0-3c33-503a05c0bee8@gmail.com> <CAKD1Yr1So_tFFSr=sk8ew-UJG-dWK=U6N9mwJnwkZdNX=__SVQ@mail.gmail.com> <11cf3f90-e693-a640-a372-f419a8f7a1a0@gmail.com> <CAKD1Yr0OPuSmp-OWG-+ZjDsHucQYTG2PMZw7jdiU=4kQqK+tyQ@mail.gmail.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <663debf7-cfba-b19b-92ef-89cc66b452d8@gmail.com>
Date: Sat, 14 May 2016 15:00:08 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr0OPuSmp-OWG-+ZjDsHucQYTG2PMZw7jdiU=4kQqK+tyQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/C73mE85PSU9SoX2pFfyCEnax1cU>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2016 02:59:44 -0000

On 14/05/2016 14:46, Lorenzo Colitti wrote:
> On Sat, May 14, 2016 at 11:45 AM, Brian E Carpenter <
> brian.e.carpenter@gmail.com> wrote:
> 
>>> This explicitly prohibits an implementation from taking a random MAC
>>> address and forming an EUI-64 address out of it.
>>
>> Which is a good thing, since otherwise a bad actor could correlate the
>> layer 2 and layer 3 addresses, which is actually impossible with IPv4
>> but a current weakness in IPv6.
>>
> 
> And this is a weakness because...?

Because if someone is trying to correlate different types of my traffic,
let's say something sent over IPX and something sent over IPv6, the task
will be made easier if the lower 48 bits are the same in both types of
traffic. (Obviously, someone on-link can use ND to correlate MAC address
and IP address, so we're talking about someone observing off-link packets.)

Not that I use IPX, but that is one case where off-link packets definitely
contain the MAC address.

    Brian