IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Etienne-Victor Depasquale <edepa@ieee.org> Fri, 19 June 2020 11:11 UTC

Return-Path: <edepa@ieee.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74AB43A0869 for <ipv6@ietfa.amsl.com>; Fri, 19 Jun 2020 04:11:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbJEj6SJSYLj for <ipv6@ietfa.amsl.com>; Fri, 19 Jun 2020 04:11:49 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E52523A0829 for <ipv6@ietf.org>; Fri, 19 Jun 2020 04:11:48 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id c12so6806546qtq.11 for <ipv6@ietf.org>; Fri, 19 Jun 2020 04:11:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9FgnVBwL0pOvbEWkoKRkGJrF5MySGsMMCSSHna5f8nM=; b=EwNMDXaplD9kx2Y/Mhdm2+xg5Hm674UmVs8lQIwj4jffZSZE32qd7gIj34nI+OwEr2 sCQkHyh6NZixUz89Qn5RJ1mVMcyNIEtpMwQ2WFKdaY8fyGOFAeh6IjSZs40cd3H7ygOV QW2EXYVci7o0+dF5O5x5SdwKfpErnZU341WQo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9FgnVBwL0pOvbEWkoKRkGJrF5MySGsMMCSSHna5f8nM=; b=BysP3EPMouxvnr94JoF0HGj5sOu1/VdE8i7AtNE575QOSc7cQqYs3PvYCh1DJ4i62I kpu87Fd5OVNJwFr5dHyqjajO7ufhU5eo+wh9E5Lw8hvkYkxF5AiXTeFqnasKFxEruWel GGdvGI2jHKZVfZypXA7xljYpyrRAfkJEoyTU+X5UqEe/ko/GxW4H8TZeZXKd4+FBWF/f psD8kq3JHKrj7pbhFBb6yNTPMN0rziVmSujgE3iRNAy2OoIzz/oFraV3XrpcDlvJ8yLF 1+Zqgae8A4I6dn6svrzH1OagR+a5L8TumerMpt+KvD7w+BD/e9K4DRTic9XxCbu5DTFB HKCw==
X-Gm-Message-State: AOAM531rSw2tLDCnYPOFTgYcSuHTm3FOygdqwtU8UzN6Fa1l/RpMfDGz 4ABPA2oj8nBUkrKm9Ju17re6n0sEEEnAXF8DJgV9iw==
X-Google-Smtp-Source: ABdhPJykrMD1omD0Jgt3KsSf/jh+wpuwXj3mP2XIxhvnoS7YiLy5QkKC+Imv5xILdGto4Md2dBjt6UcbcgTTCcXj8VQ=
X-Received: by 2002:ac8:2f0f:: with SMTP id j15mr457174qta.72.1592565107775; Fri, 19 Jun 2020 04:11:47 -0700 (PDT)
MIME-Version: 1.0
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com> <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com> <7854355a-3eca-0bc4-10bf-e9ec124e8fa6@gmail.com> <CAO42Z2yMQAiEFhQ8r5g5NAUVjw6GHX0oJNCX0yz95p_qbt3ZGQ@mail.gmail.com> <CAAcx0vA78=T8fHmj=JhcKP0L9tNiN4E5b-68Z8L3W_13pnUtMg@mail.gmail.com> <CAO42Z2zSsv1XSX1ze9a7DHPRN8=iMSCfQx0bNT+L-mrj+FyLaA@mail.gmail.com>
In-Reply-To: <CAO42Z2zSsv1XSX1ze9a7DHPRN8=iMSCfQx0bNT+L-mrj+FyLaA@mail.gmail.com>
From: Etienne-Victor Depasquale <edepa@ieee.org>
Date: Fri, 19 Jun 2020 13:11:07 +0200
Message-ID: <CAAcx0vAkRYeGaQOX-rrLXyxup4DQ_W5gf2MAFFjG8bB4mWoXhw@mail.gmail.com>
Subject: Re: 64bit MAC addresses and SLAAC
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Alexandre Petrescu <alexandre.petrescu@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000088028a05a86df59f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ISQ7hraFBVd5qI5Ooz0LwPfzYhA>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2020 11:11:51 -0000

>
> Right tool for the job


Agreed.

And here's another point.

Is it fair to say that the drive to converge on IP in so many aspects of
telecommunication makes it the first choice?
Definitely.

On Fri, Jun 19, 2020 at 12:20 PM Mark Smith <markzzzsmith@gmail.com> wrote:

>
>
> On Fri, 19 Jun 2020, 19:18 Etienne-Victor Depasquale, <edepa@ieee.org>
> wrote:
>
>> But there are certainly computing&communicating platforms not powerful
>>> enough to run AES.
>>
>>
>>>
>>  So IPv6 is probably not the right protocol for those devices.
>>
>>
>>
>> That "probably" is the saving grace :)
>>
>> I'd go for IPv6 on any communicating device and give in to alternatives
>> with very great reluctance.
>>
>
>
> "Right tool for the job", as my father taught me.
>
> I'm also reminded of how good a blade screwdriver is at opening a paint
> can, except that doing that ruins the blade screwdriver for undoing screws!
> Buy a cheap blade screwdriver and call it a "paint can opener", making it
> then the right tool for the job, and also accepting that it can't be
> reliably used as a screwdriver anymore.
>
>
>
>
>
>>
>>
>> On Fri, Jun 19, 2020 at 12:04 AM Mark Smith <markzzzsmith@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Fri, 19 Jun 2020, 00:30 Alexandre Petrescu, <
>>> alexandre.petrescu@gmail.com> wrote:
>>>
>>>>
>>>>
>>>> Le 18/06/2020 à 09:50, Mark Smith a écrit :
>>>> >
>>>> >
>>>> <snip>
>>>> >
>>>> >
>>>> > So I have a couple of IoT IPv6 books from about 10 years ago, and
>>>> they
>>>> > talk about these battery powered devices having AES implementations
>>>> to
>>>> > encrypt the radio layer.
>>>> >
>>>> > So it seems AES was cheap enough to do in battery powered IoT devices
>>>> 10
>>>> > years ago, so I would assume it is even cheaper to do now.
>>>> >
>>>> > I understand crypto algorithms can also be used as a hash generator,
>>>> so
>>>> > perhaps the AES in these things can be used to generate hashes for
>>>> > RFC7217 stable IDs.
>>>>
>>>> Probably AES is not an issue on some platforms, in terms of having
>>>> enough cycles.
>>>>
>>>> But there are certainly computing&communicating platforms not powerful
>>>> enough to run AES.
>>>>
>>>
>>> So IPv6 is probably not the right protocol for those devices.
>>>
>>> It's great to try to use IPv6 for everything, but it doesn't mean IPv6
>>> must be used for everything.
>>>
>>> IPv6 is a general purpose internetworking protocol, so it isn't going to
>>> be optimal for all cases.
>>>
>>> At some point, the compromises or costs of using IPv6 will outweigh the
>>> benefits of using a general commodity protocol. At that point, the expense
>>> of a better suited and more specific protocol to suit the problem protocol
>>> is worth paying.
>>>
>>> The IoT applications being discussed are local network only
>>> applications. Since an internetworking protocol solves a much bigger
>>> problem - internetworking hosts attached to a network of networks, using an
>>> internetworking protocol to solve a local network application problem is
>>> always going to involve a compromise - accepting a larger packet overhead
>>> because of using an address space that is far larger than it needs to be to
>>> solve the problem.
>>>
>>> Unfortunately we don't really have a middle ground, general purpose, yet
>>> local network only protocol. MPLS is close, but not really general purpose
>>> enough.
>>>
>>> Now that IPv4 can't solve the Internet internetworking problem (hence
>>> invention of IPv6), perhaps we should repurpose it to use for local network
>>> only application problems..
>>>
>>> Regards,
>>> Mark.
>>>
>>>
>>>
>>>> And, it is not only a matter of energy consumption or time it takes to
>>>> compute.
>>>>
>>>> There are very many additional aspects involved in using crypto
>>>> technology, at all layers from 0 to Political.  Bind them all to an IP
>>>> address?
>>>>
>>>> Alex
>>>>
>>>> >
>>>> > Regards,
>>>> > Mark.
>>>> >
>>>> >
>>>> >
>>>> >     Alternatively:
>>>> >     keep link-layer addresses in IPv6 IIDs,
>>>> >     without allowing unauthorized data collection from the nodes,
>>>> >     by implementing access control to the nodes at the (mains-powered)
>>>> >     border router.
>>>> >
>>>> >     Etienne
>>>> >
>>>> >     On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg
>>>> >     <pch-ipv6-ietf-6@u-1.phicoh.com
>>>> >     <mailto:pch-ipv6-ietf-6@u-1.phicoh.com>> wrote:
>>>> >
>>>> >          >   Of course the caveat there with unmanaged network and
>>>> SOHO
>>>> >         and Mobile
>>>> >          >where manual or DHCPV6 is not possible or viable.
>>>> >
>>>> >         Why is DHCPv6 not possible? Of course there is the Android
>>>> problem.
>>>> >         But I doubt that a low power IoT device would share a
>>>> wifi-link
>>>> >         with an
>>>> >         Android device.
>>>> >
>>>> >          >    In those cases SLAAC is preferred, but then we have the
>>>> >         crux of
>>>> >          >    issue and the decision tree on privacy random IID and
>>>> its
>>>> >         overhead
>>>> >          >    if its not necessary versus modified EUI64.
>>>> >          >    tree of course the underlying operational impacts of
>>>> random
>>>> >          >    versus  stable IID double edged sword operator or
>>>> individuals
>>>> >          >    decision to pick which works best for their use case.
>>>> In the
>>>> >          >    end net-net is what is simplest to deploy and least
>>>> overhead
>>>> >          >    but also meets the desired goal is generally the
>>>> thought for
>>>> >          >    picking the IID generation solution. For that SLAAC wins
>>>> >         out in
>>>> >          >    that decision for the use case described above.
>>>> >
>>>> >         A stable, unique pseudo random IID per prefix basically
>>>> requires one
>>>> >         SHA2-HMAC (or equivalent in SHA3 or other modern hash
>>>> function) per
>>>> >         prefix.
>>>> >
>>>> >         I cannot imagine that computing 2 SHA2 hashes has a
>>>> significant
>>>> >         amount
>>>> >         of energy use compared to link attachment and duplicate
>>>> address
>>>> >         detection.
>>>> >
>>>> >         This computation is once per prefix, so it becomes an issue
>>>> if the
>>>> >         devices frequently attaches to new links. In which case
>>>> tracking
>>>> >         protection
>>>> >         becomes important.
>>>> >
>>>> >         I also wonder, a device that cannot afford a couple SHa2
>>>> hashes?
>>>> >         Then that
>>>> >         device is probably insecure and should not be connect to the
>>>> >         internet
>>>> >         anyhow.
>>>> >
>>>> >
>>>> >
>>>>  --------------------------------------------------------------------
>>>> >         IETF IPv6 working group mailing list
>>>> >         ipv6@ietf.org <mailto:ipv6@ietf.org>
>>>> >         Administrative Requests:
>>>> https://www.ietf.org/mailman/listinfo/ipv6
>>>> >
>>>>  --------------------------------------------------------------------
>>>> >
>>>> >
>>>> >
>>>> >     --
>>>> >     Ing. Etienne-Victor Depasquale
>>>> >     Assistant Lecturer
>>>> >     Department of Communications & Computer Engineering
>>>> >     Faculty of Information & Communication Technology
>>>> >     University of Malta
>>>> >     Web. https://www.um.edu.mt/profile/etiennedepasquale
>>>> >
>>>>  --------------------------------------------------------------------
>>>> >     IETF IPv6 working group mailing list
>>>> >     ipv6@ietf.org <mailto:ipv6@ietf.org <ipv6@ietf..org>>
>>>> >     Administrative Requests:
>>>> https://www.ietf.org/mailman/listinfo/ipv6
>>>> >
>>>>  --------------------------------------------------------------------
>>>> >
>>>> >
>>>> > --------------------------------------------------------------------
>>>> > IETF IPv6 working group mailing list
>>>> > ipv6@ietf.org
>>>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> > --------------------------------------------------------------------
>>>> >
>>>>
>>>> --------------------------------------------------------------------
>>>> IETF IPv6 working group mailing list
>>>> ipv6@ietf.org
>>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>>> --------------------------------------------------------------------
>>>>
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>>>
>>
>>
>> --
>> Ing. Etienne-Victor Depasquale
>> Assistant Lecturer
>> Department of Communications & Computer Engineering
>> Faculty of Information & Communication Technology
>> University of Malta
>> Web. https://www.um.edu.mt/profile/etiennedepasquale
>>
>

-- 
Ing. Etienne-Victor Depasquale
Assistant Lecturer
Department of Communications & Computer Engineering
Faculty of Information & Communication Technology
University of Malta
Web. https://www.um.edu.mt/profile/etiennedepasquale

v2.23.0 | Report a Bug | By Email