IETF Logo Mail Archive

Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 10 September 2020 11:36 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09D933A08D8 for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 04:36:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.277
X-Spam-Level:
X-Spam-Status: No, score=-0.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.948, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9MOF01S3R8zA for <ipv6@ietfa.amsl.com>; Thu, 10 Sep 2020 04:36:02 -0700 (PDT)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E98C43A08D4 for <ipv6@ietf.org>; Thu, 10 Sep 2020 04:36:01 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 08ABZxZh019114 for <ipv6@ietf.org>; Thu, 10 Sep 2020 13:35:59 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id D799E205547 for <ipv6@ietf.org>; Thu, 10 Sep 2020 13:35:59 +0200 (CEST)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id CC682205542 for <ipv6@ietf.org>; Thu, 10 Sep 2020 13:35:59 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 08ABZxUY023472 for <ipv6@ietf.org>; Thu, 10 Sep 2020 13:35:59 +0200
Subject: Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard
To: ipv6@ietf.org
References: <159969199185.9541.8823907519726516405@ietfa.amsl.com> <CAKD1Yr1fVnhr3ZM64vLxtXg-9WAKemDuzW2gMupviv-i9V-GiA@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <16bd1438-90fd-4d78-f5df-993450810cce@gmail.com>
Date: Thu, 10 Sep 2020 13:35:59 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr1fVnhr3ZM64vLxtXg-9WAKemDuzW2gMupviv-i9V-GiA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/CcEQRazzoWuEXGBx1SHb9j_8iZs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 11:36:04 -0000


Le 10/09/2020 à 13:26, Lorenzo Colitti a écrit :
> Having read this document again, I have the following concerns.
> 
> 1. I think it should not include section 3.3.2. The reason is that it
>  needlessly suggests an algorithm that is much more complex than
> simply using an existing random number generator which all nodes
> likely already have.

I object to that I-D paragraph at least because it says this "SHOULD
produce an output of at least 64 bits."  It should be of a more variable
length.  It is not 'at least 64bit'.

I do not oppose to the existence of that section 3.3.2.  But how would
it cope with other generated Interface Identifiers, like HIT (Host
Identity Tag) or ORCHIDs.  These are too RFCs on the Standards Track.
They too are generated by a crypto function, they too are 64bit length.
  Still they are different than this F().

As for implementation of it, think that there are already
implementations of generating Interface IDs out there, and I think none
respects what either of these documents says.

(we do have a couple of Internet Drafts under preparation, and code,
about this variable length 64bit, but for some reason it takes more
private interest and review than expected...)

Alex


> 2. I think the text mentioning shorter IID lengths (3.3.1 bullet #2)
> is not useful to implementers, because all it says is that it is
> possible to implement a behaviour that for in all practical cases is
> forbidden by RFC 4291. 3. This normative text:
> 
> 1.  Process the Prefix Information Option as defined in [RFC4862], 
> adjusting the lifetimes of existing temporary addresses.  If a 
> received option may extend the lifetimes of temporary addresses, with
> the overall constraint that no temporary addresses should ever remain
> "valid" or "preferred" for a time longer than (TEMP_VALID_LIFETIME)
> or (TEMP_PREFERRED_LIFETIME - DESYNC_FACTOR) respectively.
> 
> does not seem to mean anything because the second sentence lacks a
> verb. If a received option may extend the lifetime of temporary
> addressess... then what should the implementation do? The text
> doesn't say.
> 
> 4. This text:
> 
> Note that, except for the transient period when a temporary address
> is being regenerated, in normal operation at most one temporary
> address per prefix should be in a non-deprecated state at any given
> time on a given interface.
> 
> seems excessive because it immediately makes all current
> implementations non-compliant. It also does not seem like a good
> thing to limit the number of temporary addresses in general. If an
> implementation wants to create more than one for extra privacy (e.g.,
> to use different IPv6 addresses for different applications), it
> should be free to do so. This text is also not true if a user changes
> TEMP_VALID_LIFETIME to a value that is not exactly 2x
> TEMP_PREFERRED_LIFETIME. Users are explicitly permitted to change
> these values in section 3.8.
> 
> 5. Should this text:
> 
> The TEMP_PREFERRED_LIFETIME value MUST be less than the 
> TEMP_VALID_LIFETIME value.
> 
> really say "less than"? Shouldn't it say "less than or equal to"?
> 
> On Thu, Sep 10, 2020 at 7:55 AM The IESG <iesg-secretary@ietf.org 
> <mailto:iesg-secretary@ietf.org>> wrote:
> 
> 
> The IESG has received a request from the IPv6 Maintenance WG (6man)
> to consider the following document: - 'Temporary Address Extensions
> for Stateless Address Autoconfiguration in IPv6' 
> <draft-ietf-6man-rfc4941bis-10.txt> as Proposed Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to
> the last-call@ietf.org <mailto:last-call@ietf.org> mailing lists by 
> 2020-09-23. Exceptionally, comments may be sent to iesg@ietf.org
> <mailto:iesg@ietf.org> instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
> 
> Abstract
> 
> 
> This document describes an extension that causes nodes to generate 
> global scope addresses with randomized interface identifiers that 
> change over time.  Changing global scope addresses over time limits 
> the window of time during which eavesdroppers and other information 
> collectors may trivially perform address-based network activity 
> correlation when the same address is employed for multiple 
> transactions by the same node.  Additionally, it reduces the window 
> of exposure of a node via an address that becomes revealed as a 
> result of active communication.  This document obsoletes RFC4941.
> 
> 
> 
> 
> The file can be obtained via 
> https://datatracker.ietf.org/doc/draft-ietf-6man-rfc4941bis/
> 
> 
> 
> No IPR declarations have been submitted directly on this I-D.
> 
> 
> 
> 
> 
> -------------------------------------------------------------------- 
> IETF IPv6 working group mailing list ipv6@ietf.org
> <mailto:ipv6@ietf.org> Administrative Requests:
> https://www.ietf.org/mailman/listinfo/ipv6 
> --------------------------------------------------------------------
> 
> 
> -------------------------------------------------------------------- 
> IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> Requests: https://www.ietf.org/mailman/listinfo/ipv6 
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email