IETF Logo Mail Archive

RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)

Mark Smith <markzzzsmith@gmail.com> Tue, 11 July 2017 23:54 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49FC12F287 for <ipv6@ietfa.amsl.com>; Tue, 11 Jul 2017 16:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.496
X-Spam-Level:
X-Spam-Status: No, score=-1.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-XTm6Z_k3OE for <ipv6@ietfa.amsl.com>; Tue, 11 Jul 2017 16:54:40 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5FC812EC10 for <ipv6@ietf.org>; Tue, 11 Jul 2017 16:54:39 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id w19so4891645uac.0 for <ipv6@ietf.org>; Tue, 11 Jul 2017 16:54:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=liiJ81L0Blta3Ox8RD5slMiMxkT4Cvv7s/l+cEbS1bs=; b=FBCN1TK3om6mcgG3U0+mrKiDfKyMSWZdI46bWtE7lGUH1RsIWUZU74QoTwU6yb82My N/egjFXvgB8F8VCvCEXZsocRd/4QUF9523tTR7WVsP02BAfOKkAQReIhl3kt/xmypA39 QEFCxUnnokk+hBC01v7VKnkJ3VXvlgIZ1eOvOSh0S2flLZUMMqjDzwUx1p/YNbcJtdvL DxKbPIgLwzCKnOZp7KUbzC/VNV5Hu6WUen2CuMwins0UTH10qyM5ZjflsuaTGTDf3V/1 wS88El1mOO62Z2BC6CLYO+3rB9HGP55SHvMykS0pxX5Y00wgsfMfaMZAZkZGaIQ5bmMD yvHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=liiJ81L0Blta3Ox8RD5slMiMxkT4Cvv7s/l+cEbS1bs=; b=latpV14mb5dMEJJF3OYZz73qln9nNC4Mg8qCZgL5A1JU1Z/r8FASeL1j/8ZkuR6ycX Cg93vZWL3w1bLickJlY3ADXO745P7J6SoKd24aKWLw5SEbO+vN1T6XtB7c6lZyR78cjR I8aKcgBRl89J+o7sASyBILxLKH6hT14v3J2TrC1k0JqngKbGolMaMeoIilBdrCaB+mi2 nvvCUCmNlrcaJYJFFSf5hcpDul1QJyd/GoidWNEdKlcIWFrNnWzehrJQXgXU6kepA7Bh mpXvkbD9pRvEP84SyMLbnW947pymgOP9On/pJB3AK3GshMA1QiFVS74py5RRcjfQX/K1 5ajQ==
X-Gm-Message-State: AIVw111AGeEukwrh3HustECzk0jO8Ovpgx1ZTWoyCZcGjFH70QiviOQK WUmXscsvt7HuurZ8A2n+GX+9+wBjlA==
X-Received: by 10.159.41.163 with SMTP id s32mr1370364uas.90.1499817278935; Tue, 11 Jul 2017 16:54:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.81.100 with HTTP; Tue, 11 Jul 2017 16:54:38 -0700 (PDT)
Received: by 10.176.81.100 with HTTP; Tue, 11 Jul 2017 16:54:38 -0700 (PDT)
In-Reply-To: <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com>
References: <CAN-Dau2zgthR2w9e5ZVUdGc-vm+YvK2uTUJ8O=vrcv0jNc58RA@mail.gmail.com> <CAKD1Yr2+Si_tzNF8p6ASf4=StgFSX9Gm3TEj9iiqdE2gHQaNmQ@mail.gmail.com> <CAN-Dau03r_CKW53kegaLa=F_R_RG4cWaCT1j6idrqPm9UuN03A@mail.gmail.com> <5963BF27.1050300@foobar.org> <ff09ffcd-df65-4033-8018-fbe7ae98cff8@gmail.com> <6bf7f3d0e9c047b1b86d4bcc220f8705@XCH15-06-11.nw.nos.boeing.com> <CAN-Dau1bxm5y0v_6kUBc_ym39bSSxepjdwrzcS7YHWD=CV9-bw@mail.gmail.com> <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 12 Jul 2017 09:54:38 +1000
Message-ID: <CAO42Z2x+282VK7nMFHjcCz9tBmJ_=d4OhkiRZFZDLcZhakGB1Q@mail.gmail.com>
Subject: RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
To: "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
Cc: 6man WG <ipv6@ietf.org>, David Farmer <farmer@umn.edu>
Content-Type: multipart/alternative; boundary="001a114bd63e2398c00554136c6e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DfvmdC3YJzwZgMnj6wnzu8FOgV8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 23:54:42 -0000

On 12 Jul. 2017 03:21, "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
wrote:

From: David Farmer [mailto:farmer@umn.edu]

> IPv6 as currently defined does actually require IIDs to be 64 bits,
> if this wasn't the case then you could use subnets of any length
> without any special requirements or considerations.

And in general, you can. I think this is a stumbling block. There are
examples where 64-bit IIDs are still required, and there are examples where
they were required for reasons that no longer apply. But as of now, if you
use static addresses, or similarly DHCPv6, you're not limited. Everything
works fine with shorter IIDs.


This is not recognising that there are more than operational or functional
properties of addresses. They have privacy and security properties too.

As an example, the stateful DHCPv6 server in OpenWRT currently compromises
those security and privacy properties as it is enabled by default, as the
range of IIDs it uses is the same size as the DHCPv4 server's address range
e.g. 100 addresses. (OpenWRT supports both SLAAC and Stateful DHCPv6 by
default, my hosts that support both had great private/secure addresses
through SLAAC and terrible ones through DHCPv6)

In IPv4, this is less of a concern, because NAT provided a layer of
security and privacy to individual hosts' addresses, in particular to
residential users. If we advocate for removing NAT from IPv6, or more
accurately advocate end-to-end addressing, we need to provide alternate
methods to restore the privacy and security provided by NAT.

Those methods should also not be reliant on devices or functions in the
network, because the hosts that need them the most are also very portable
(i.e., smartphones and laptops), and are easily and commonly attached to
untrustable public networks.


If

you use SLAAC, you are limited to 64-bit IIDs, but that limitation is
self-imposed, to try to keep other-than-64-bit-IIDs from becoming too easy
to configure. In principle, it would be easy enough to remove that 64-bit
limitation from SLAAC.

I'm opposed to continue to imply that 64-bit IIDs are "required," other
than in cases like SLAAC, ULAs, LLAs. That word "required" is what causes
the pushback.

Bert

--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email