IETF Logo Mail Archive

Re: 答复: Re: Comments on <draft-gont-6man-stable-privacy-addresses-01>

Fernando Gont <fgont@si6networks.com> Wed, 18 April 2012 07:18 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C6D521F8546; Wed, 18 Apr 2012 00:18:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.431
X-Spam-Level: *
X-Spam-Status: No, score=1.431 tagged_above=-999 required=5 tests=[AWL=-3.264, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, MIME_8BIT_HEADER=0.3, MIME_CHARSET_FARAWAY=2.45, NO_RELAYS=-0.001, SARE_SUB_ENC_GB2312=1.345]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7E6v-PUt+Hcm; Wed, 18 Apr 2012 00:18:37 -0700 (PDT)
Received: from srv01.bbserve.nl (unknown [IPv6:2a02:27f8:1025:18::232]) by ietfa.amsl.com (Postfix) with ESMTP id 19ACB21F84B9; Wed, 18 Apr 2012 00:18:37 -0700 (PDT)
Received: from [2001:5c0:1000:a::325] by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1SKP9k-000557-6c; Wed, 18 Apr 2012 09:18:25 +0200
Message-ID: <4F8E6AB2.8030909@si6networks.com>
Date: Wed, 18 Apr 2012 04:18:10 -0300
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: zhou.sujing@zte.com.cn
Subject: Re: 答复: Re: Comments on <draft-gont-6man-stable-privacy-addresses-01>
References: <OF8A62C88C.E85DBAFA-ON482579E4.001AA5FC-482579E4.001BBC87@zte.com.cn>
In-Reply-To: <OF8A62C88C.E85DBAFA-ON482579E4.001AA5FC-482579E4.001BBC87@zte.com.cn>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="GB2312"
Content-Transfer-Encoding: 7bit
Cc: ipv6-bounces@ietf.org, IETF IPv6 <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2012 07:18:37 -0000

Hi, Zhou,

Please find my comments in-line...

On 04/18/2012 02:02 AM, zhou.sujing@zte.com.cn wrote:
>> Not sure what you mean. -- Having the DHCPv6 server implement
>> draft-gont-6man-stable-privacy-addresses might be interesting such that
>> stable addresses are leased to nodes state-lessly.
> 
> Will the DHCP server use the same secret key in computation of so many
>  random interface identifiers?

Yes. Note that F() should be cryptographically secure. And hence even if
the server had to compute say 1000 addresses, that wouldn't be an issue.


> If so, the computation of RID may need to be modified, 

As already noted on this thread, we might include a "retry" variable in
the hash (initialized to 0, but incremented by 1 each time DAD fails),
to be used to compute a new RID if DAD fails. In any case, no matter how
many the devices, were talking about 2**64 addresses here -- so you'd
have to be very unlucky for DAD to fail. :-)


> because there is
> little left to tweak (the only difference between
> clients is Modified_EUI64) in case address collision occurs.

In the case of using this algorithm with DHCPv6, I guess the UID would
be used instead of Modified_EUI64.


> and have you ever thought of refreshing the secret key in SLAAC?

If you refresh the secret key, you get a whole new set of addresses. My
take is that only in very rare circumstances you'd want to do this.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email