IETF Logo Mail Archive

Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>

Eliot Lear <lear@cisco.com> Wed, 18 April 2012 09:38 UTC

Return-Path: <lear@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C915F21F85DF for <ipv6@ietfa.amsl.com>; Wed, 18 Apr 2012 02:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.55
X-Spam-Level:
X-Spam-Status: No, score=-110.55 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5j3hF3But-Gy for <ipv6@ietfa.amsl.com>; Wed, 18 Apr 2012 02:38:08 -0700 (PDT)
Received: from ams-iport-1.cisco.com (ams-iport-1.cisco.com [144.254.224.140]) by ietfa.amsl.com (Postfix) with ESMTP id 5BE9321F8566 for <ipv6@ietf.org>; Wed, 18 Apr 2012 02:38:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=lear@cisco.com; l=1812; q=dns/txt; s=iport; t=1334741888; x=1335951488; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=YOR3iTBcTCuuwBc+FbMHhaD+1mZR5tExADvdbi5wMpo=; b=Xh9vVp4oNCIP/04y5b9OZ/b7RwA8Gg50+WJ+E4QuuYaGcAuXNztCXTvw EkCU9KpwTmQciJl+JdQ0cFT7FlpS9l09ZjkXvlcFvol0cBYDDG19RB+la x/RW76sJEzxDUKlgm0mfdE9OYtXuAJo58kx5PP7ekzAcMITtYx7Tg36xq g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAPeKjk+Q/khN/2dsb2JhbABEhWaoQoMVgQeCCQEBAQQSARBVARALDgoCAgUWCwICCQMCAQIBRQYNAQcBAR6HbZlljRCTFIEvjiGBGASVb45QgWmCaQ
X-IronPort-AV: E=Sophos;i="4.75,441,1330905600"; d="scan'208";a="135504857"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-1.cisco.com with ESMTP; 18 Apr 2012 09:37:58 +0000
Received: from ams3-vpn-dhcp4471.cisco.com (ams3-vpn-dhcp4471.cisco.com [10.61.81.118]) by ams-core-4.cisco.com (8.14.3/8.14.3) with ESMTP id q3I9bv6L003564; Wed, 18 Apr 2012 09:37:58 GMT
Message-ID: <4F8E8B75.4030605@cisco.com>
Date: Wed, 18 Apr 2012 11:37:57 +0200
From: Eliot Lear <lear@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>
Subject: Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>
References: <E7607B61-9889-43A9-B86B-133BD4238BA2@gmail.com> <4F87DF53.7030009@cisco.com> <4F881C9A.3050908@si6networks.com>
In-Reply-To: <4F881C9A.3050908@si6networks.com>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, IPv6 WG Mailing List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2012 09:38:12 -0000

Dear Fernando,

My apologies for the delayed response:

On 4/13/12 2:31 PM, Fernando Gont wrote:
> hI, Eliot,
>
> On 04/13/2012 10:09 AM, Eliot Lear wrote:
>> At one point you write that the intent is to replace EUI-64-based
>> addresses (Section 5).  
> Exactly.
>
>
>> But that doesn't seem to jibe with what you
>> write in the intro about RFC-4941.  
> Could you please cite the "conflicting" text?

Yes, I'm looking at the quoted paragraphs (I'm not quite sure from where
you're quoting):
>      As noted in [RFC4941], "anytime a fixed identifier is used in
>       multiple contexts, it becomes possible to correlate seemingly
>       unrelated activity using this identifier".  Therefore, since
>       "privacy addresses" [RFC4941] do not eliminate the use of fixed
>       identifiers for server-like functions, they only *partially*
>       mitigate the correlation of host activities (see Section 7 for
>       some example attacks that are still possible with privacy
>       addresses).  Therefore, it is vital that the privacy

And so on.  In essence you set up an argument against 4941 but that
isn't really your argument for the draft and so I don't really know what
it's doing there.  But perhaps that's not as important as this:

>
>
>> I am concerned that adopting this
>> mechanism will make matters worse if this mechanism is being used as an
>> alternative to CGAs, as opposed to EUI-64s..
> I don't follow. Could you clarify your concern?

You argue that this is an alternative to EUI-64s.  But in practice I am
concerned that people will not use this as an alternative to EUI-64s,
but instead as an alternative to CGAs, thus improving tracibility (not
generally a good thing).  Please explain what I'm missing (I'm sure it's
a lot).


Eliot

v2.23.0 | Report a Bug | By Email