IETF Logo Mail Archive

RE: IPv6 prefix lengths - how long?

"Templin (US), Fred L" <Fred.L.Templin@boeing.com> Mon, 10 June 2019 16:54 UTC

Return-Path: <Fred.L.Templin@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFCD712003E for <ipv6@ietfa.amsl.com>; Mon, 10 Jun 2019 09:54:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0DbD63-zJTC for <ipv6@ietfa.amsl.com>; Mon, 10 Jun 2019 09:53:59 -0700 (PDT)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0CA512013D for <ipv6@ietf.org>; Mon, 10 Jun 2019 09:53:58 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/DOWNSTREAM_MBSOUT) with SMTP id x5AGrubc015295; Mon, 10 Jun 2019 12:53:56 -0400
Received: from XCH16-07-08.nos.boeing.com (xch16-07-08.nos.boeing.com [144.115.66.110]) by clt-mbsout-02.mbs.boeing.net (8.14.4/8.14.4/UPSTREAM_MBSOUT) with ESMTP id x5AGrnxM014092 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL) for <ipv6@ietf.org>; Mon, 10 Jun 2019 12:53:49 -0400
Received: from XCH16-07-10.nos.boeing.com (144.115.66.112) by XCH16-07-08.nos.boeing.com (144.115.66.110) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1713.5; Mon, 10 Jun 2019 09:53:48 -0700
Received: from XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5]) by XCH16-07-10.nos.boeing.com ([fe80::1522:f068:5766:53b5%2]) with mapi id 15.01.1713.004; Mon, 10 Jun 2019 09:53:48 -0700
From: "Templin (US), Fred L" <Fred.L.Templin@boeing.com>
To: IPv6 IPv6 List <ipv6@ietf.org>
Subject: RE: IPv6 prefix lengths - how long?
Thread-Topic: IPv6 prefix lengths - how long?
Thread-Index: AdUdWDM1mJg5pl6kT8S3G6kXbWvfXABVL2QAABaa3YAACQqL9QAXUs2AAABBkYAACFrioA==
Date: Mon, 10 Jun 2019 16:53:48 +0000
Message-ID: <bd98b965334c43969b9f29662e7993b8@boeing.com>
References: <ee811897e2d2438e9c3592012b725ac3@boeing.com> <CAO42Z2xyenxV+z58VW_h4skbWz14hyVt2pUd32tLZ826UoZKZA@mail.gmail.com> <9826C993-3670-4D7B-8709-B3FDE2A79359@gmail.com> <EEBC9697-18A1-41DF-95FB-33D0F5098620@consultant.com> <CABNhwV2fX9LrwzuJX297CoF1XNNM2U=m22QSVWEtaS9PQkM3Dg@mail.gmail.com> <CABNhwV3hA27hmdi4+WfK5ZhNPvta_d9anZA0+TJ2Uuj78kx4Cg@mail.gmail.com> <CABNhwV0rOT461e2Oc0S6e_fK_2zaLQ7Wk5sCFJCFO3xqeH2a9g@mail.gmail.com>
In-Reply-To: <CABNhwV0rOT461e2Oc0S6e_fK_2zaLQ7Wk5sCFJCFO3xqeH2a9g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [137.137.12.6]
x-tm-snts-smtp: 5FB8F5F4046FDF0E2D4CF68342559C830E8B0C4D09212A7C699EB041C3C2BF712000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/IdCNYp3BhTZTyE3aEkl1y_QoZgc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jun 2019 16:54:01 -0000

Two points I pulled out of the many points that were made were that 1) prefixes that are
overly long can be trivially enumerated by an attacker, and 2) prefixes should be aligned
on nibble boundaries.

I really resonate with point 1), and with Host Address Availability (RFC7934) we see that
it is good to allow hosts (nodes) to configure many IPv6 addresses - perhaps even very
many. I agree with the points that there are already vast numbers of /64s available for
delegation, and /64 has many nice properties including RFC7934 support and intractable
address enumeration. But, if we want to go longer than /64 and still satisfy those
properties, how long would that be - /96?

Point 2) I am not as sure on. Why is it important for prefixes to land on even nibble
boundaries? I can easily delegate a /63 today for example, and I don't see anything
wrong with that. Are we saying that that should be disallowed?

Fred

v2.23.0 | Report a Bug | By Email