RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
Mark Smith <markzzzsmith@gmail.com> Tue, 11 July 2017 23:54 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E49FC12F287 for <ipv6@ietfa.amsl.com>; Tue, 11 Jul 2017 16:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.496
X-Spam-Level:
X-Spam-Status: No, score=-1.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j-XTm6Z_k3OE for <ipv6@ietfa.amsl.com>; Tue, 11 Jul 2017 16:54:40 -0700 (PDT)
Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5FC812EC10 for <ipv6@ietf.org>; Tue, 11 Jul 2017 16:54:39 -0700 (PDT)
Received: by mail-ua0-x230.google.com with SMTP id w19so4891645uac.0 for <ipv6@ietf.org>; Tue, 11 Jul 2017 16:54:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=liiJ81L0Blta3Ox8RD5slMiMxkT4Cvv7s/l+cEbS1bs=; b=FBCN1TK3om6mcgG3U0+mrKiDfKyMSWZdI46bWtE7lGUH1RsIWUZU74QoTwU6yb82My N/egjFXvgB8F8VCvCEXZsocRd/4QUF9523tTR7WVsP02BAfOKkAQReIhl3kt/xmypA39 QEFCxUnnokk+hBC01v7VKnkJ3VXvlgIZ1eOvOSh0S2flLZUMMqjDzwUx1p/YNbcJtdvL DxKbPIgLwzCKnOZp7KUbzC/VNV5Hu6WUen2CuMwins0UTH10qyM5ZjflsuaTGTDf3V/1 wS88El1mOO62Z2BC6CLYO+3rB9HGP55SHvMykS0pxX5Y00wgsfMfaMZAZkZGaIQ5bmMD yvHg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=liiJ81L0Blta3Ox8RD5slMiMxkT4Cvv7s/l+cEbS1bs=; b=latpV14mb5dMEJJF3OYZz73qln9nNC4Mg8qCZgL5A1JU1Z/r8FASeL1j/8ZkuR6ycX Cg93vZWL3w1bLickJlY3ADXO745P7J6SoKd24aKWLw5SEbO+vN1T6XtB7c6lZyR78cjR I8aKcgBRl89J+o7sASyBILxLKH6hT14v3J2TrC1k0JqngKbGolMaMeoIilBdrCaB+mi2 nvvCUCmNlrcaJYJFFSf5hcpDul1QJyd/GoidWNEdKlcIWFrNnWzehrJQXgXU6kepA7Bh mpXvkbD9pRvEP84SyMLbnW947pymgOP9On/pJB3AK3GshMA1QiFVS74py5RRcjfQX/K1 5ajQ==
X-Gm-Message-State: AIVw111AGeEukwrh3HustECzk0jO8Ovpgx1ZTWoyCZcGjFH70QiviOQK WUmXscsvt7HuurZ8A2n+GX+9+wBjlA==
X-Received: by 10.159.41.163 with SMTP id s32mr1370364uas.90.1499817278935; Tue, 11 Jul 2017 16:54:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.81.100 with HTTP; Tue, 11 Jul 2017 16:54:38 -0700 (PDT)
Received: by 10.176.81.100 with HTTP; Tue, 11 Jul 2017 16:54:38 -0700 (PDT)
In-Reply-To: <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com>
References: <CAN-Dau2zgthR2w9e5ZVUdGc-vm+YvK2uTUJ8O=vrcv0jNc58RA@mail.gmail.com> <CAKD1Yr2+Si_tzNF8p6ASf4=StgFSX9Gm3TEj9iiqdE2gHQaNmQ@mail.gmail.com> <CAN-Dau03r_CKW53kegaLa=F_R_RG4cWaCT1j6idrqPm9UuN03A@mail.gmail.com> <5963BF27.1050300@foobar.org> <ff09ffcd-df65-4033-8018-fbe7ae98cff8@gmail.com> <6bf7f3d0e9c047b1b86d4bcc220f8705@XCH15-06-11.nw.nos.boeing.com> <CAN-Dau1bxm5y0v_6kUBc_ym39bSSxepjdwrzcS7YHWD=CV9-bw@mail.gmail.com> <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 12 Jul 2017 09:54:38 +1000
Message-ID: <CAO42Z2x+282VK7nMFHjcCz9tBmJ_=d4OhkiRZFZDLcZhakGB1Q@mail.gmail.com>
Subject: RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
To: "Manfredi, Albert E" <albert.e.manfredi@boeing.com>
Cc: 6man WG <ipv6@ietf.org>, David Farmer <farmer@umn.edu>
Content-Type: multipart/alternative; boundary="001a114bd63e2398c00554136c6e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/DfvmdC3YJzwZgMnj6wnzu8FOgV8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2017 23:54:42 -0000
On 12 Jul. 2017 03:21, "Manfredi, Albert E" <albert.e.manfredi@boeing.com> wrote: From: David Farmer [mailto:farmer@umn.edu] > IPv6 as currently defined does actually require IIDs to be 64 bits, > if this wasn't the case then you could use subnets of any length > without any special requirements or considerations. And in general, you can. I think this is a stumbling block. There are examples where 64-bit IIDs are still required, and there are examples where they were required for reasons that no longer apply. But as of now, if you use static addresses, or similarly DHCPv6, you're not limited. Everything works fine with shorter IIDs. This is not recognising that there are more than operational or functional properties of addresses. They have privacy and security properties too. As an example, the stateful DHCPv6 server in OpenWRT currently compromises those security and privacy properties as it is enabled by default, as the range of IIDs it uses is the same size as the DHCPv4 server's address range e.g. 100 addresses. (OpenWRT supports both SLAAC and Stateful DHCPv6 by default, my hosts that support both had great private/secure addresses through SLAAC and terrible ones through DHCPv6) In IPv4, this is less of a concern, because NAT provided a layer of security and privacy to individual hosts' addresses, in particular to residential users. If we advocate for removing NAT from IPv6, or more accurately advocate end-to-end addressing, we need to provide alternate methods to restore the privacy and security provided by NAT. Those methods should also not be reliant on devices or functions in the network, because the hosts that need them the most are also very portable (i.e., smartphones and laptops), and are easily and commonly attached to untrustable public networks. If you use SLAAC, you are limited to 64-bit IIDs, but that limitation is self-imposed, to try to keep other-than-64-bit-IIDs from becoming too easy to configure. In principle, it would be easy enough to remove that 64-bit limitation from SLAAC. I'm opposed to continue to imply that 64-bit IIDs are "required," other than in cases like SLAAC, ULAs, LLAs. That word "required" is what causes the pushback. Bert -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
- IPv6 Routing & ND vs. Addressing, (Was: Re: <draf… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Lorenzo Colitti
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Nick Hilliard
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… 神明達哉
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Simon Hobson
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Ole Troan
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… 神明達哉
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Mark Smith
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Suresh Krishnan
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Mark Smith
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Simon Hobson
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Lorenzo Colitti
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Joel M. Halpern
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… 神明達哉
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… DY Kim
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Mark Smith
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Lorenzo Colitti
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Mark Smith
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Fred Baker
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Philip Homburg
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Simon Hobson
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Lorenzo Colitti
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Philip Homburg
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Philip Homburg
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Manfredi, Albert E
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Ole Troan
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Nick Hilliard
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Ole Troan
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Nick Hilliard
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… David Farmer
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Ole Troan
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Mark Smith
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Pascal Thubert (pthubert)
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Pascal Thubert (pthubert)
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Mark Smith
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Ole Troan
- RE: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Pascal Thubert (pthubert)
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Nick Hilliard
- Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <… Brian E Carpenter