IETF Logo Mail Archive

Re: Status of Privacy Extensions for Stateless Address Autoconfiguration in IPv6

Fernando Gont <fernando@gont.com.ar> Thu, 02 April 2020 13:47 UTC

Return-Path: <fernando@gont.com.ar>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B8D83A129C for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 06:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q5RCDzagB4qv for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 06:47:43 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 391A23A129A for <ipv6@ietf.org>; Thu, 2 Apr 2020 06:47:43 -0700 (PDT)
Received: from [192.168.0.10] (unknown [181.45.84.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id A31E883B44; Thu, 2 Apr 2020 15:47:38 +0200 (CEST)
Subject: Re: Status of Privacy Extensions for Stateless Address Autoconfiguration in IPv6
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: ipv6@ietf.org
References: <02C1F5E2-2CA6-4555-8623-D11E82A0B4E7@gmail.com> <b36015ea-6de5-f562-1328-0a047b1ad6ee@gmail.com> <2931a700-51e9-88bf-a3a6-113b3bdeaaa4@gmail.com> <007cd7e4-6a37-604b-2c25-940cfb2f0e79@si6networks.com> <aec5b715-8690-1922-8ec1-90b9de5a53a7@gmail.com> <0c6cd194-82d3-9b46-62a6-5aed9ee17715@gmail.com> <898c6a5b-2bf5-3bc0-f716-41f6e0ac60d9@gont.com.ar> <3e77d493-4d87-1d70-b69b-5f78c7424690@gmail.com> <5b01eaea-ff09-a771-f4ae-8ffcc5d18b07@gont.com.ar> <69c9b8b8-f945-aafd-4da0-899c1d49e7f3@gmail.com>
From: Fernando Gont <fernando@gont.com.ar>
Message-ID: <f50bd922-447c-ce50-c0a5-7a8fedbd8475@gont.com.ar>
Date: Thu, 02 Apr 2020 10:47:25 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <69c9b8b8-f945-aafd-4da0-899c1d49e7f3@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Jn8q9doMnyaOeRt5l4mngN-gvkg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 13:47:45 -0000

On 2/4/20 10:32, Alexandre Petrescu wrote:
> 
> Le 02/04/2020 à 15:16, Fernando Gont a écrit :
>> Alexandre,
>>
>> On 2/4/20 09:54, Alexandre Petrescu wrote:
>>> Le 02/04/2020 à 14:39, Fernando Gont a écrit :
>>>> On 2/4/20 09:25, Alexandre Petrescu wrote:
>>>>> would it it be possible to specify this:
>>>>>> However, the method discussed in
>>>>>>           this document could be employed for generating Interface 
>>>>>> IDs
>>>>>>           of any arbitrary length, albeit at the expense of reduced
>>>>>>           entropy (when employing Interface IDs smaller than 64 
>>>>>> bits) or enhanced entropy (when IID len longer than 64)
>>>>>
>>>>> (note 'IID longer than 64')
>>>>
>>>> Not sure what you mean.
>>>> 1) That's of course implied
>>>> 2) 2**64 is enough entropy for this kind of thing. Why would anyone 
>>>> do that??
>>>>
>>>> I miss the point you are trying to make...
>>>
>>> At some point you say less than 64 entropy might not be enough, and 
>>> that a limit is not clear.
>>
>> Nope neither me nor the document says that. The document says the 
>> obvious: the algorithm does not have any inherent requirement 
>> regarding the IID length. Of course, if you change the IID length, you 
>> change the entropy (the search space). (e.g., if you reduced the IID 
>> length, the entropy would be reduced).
>>
>>
>>> But similarly, more than 64 entropy might be more than enough - you 
>>> just dont say it.
>>
>> Let me put it bluntly: even 32 bits would be more than enough for this.
> 
> Yes, write that down.  I agree with you.  I do not know why not writing 
> it down.

Because this is not a document to discuss IID lengths. The current specs 
mandate /64. If that's changed, such document should do the appropriate 
analysis. There's no reason for this document to do that.




>>> You say 'it is implied', but there is silence, actually.
>>>
>>> There is nothing in I-D RFC4941bis, nor in RFC7421, that talks about 
>>> IID length longer than 64.
>>
>> 1) The current architecture doesn't have such a thing
> 
> All IPv6-over-foo docs request it, and the IPv6 Addr Arch requests it.

Exactly. There's no point in getting into a discussion about something 
that's not even allowed in the current specs.



[...]
>> 2) I personally don't think anybody would even think about IIDs longer 
>> than 64 bits. 64-bit IIDs already waste a big part of the address space.
> 
> ??  No, I dont think so.
> 
> I personally think IIDs longer than 64bit are absolutely necessary in 
> some contexts.  A SLAAC where a router that advertises a /56 in an RA, 
> might need the Host  to form a 72bit IID.

Write a draft, and propose that change. Until that, this document need 
to stick to existing specs.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

v2.23.0 | Report a Bug | By Email