IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Mark Smith <markzzzsmith@gmail.com> Fri, 19 June 2020 10:20 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C89093A095F for <ipv6@ietfa.amsl.com>; Fri, 19 Jun 2020 03:20:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ENc7IlZxSI5q for <ipv6@ietfa.amsl.com>; Fri, 19 Jun 2020 03:20:44 -0700 (PDT)
Received: from mail-oo1-xc2a.google.com (mail-oo1-xc2a.google.com [IPv6:2607:f8b0:4864:20::c2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1A323A0953 for <ipv6@ietf.org>; Fri, 19 Jun 2020 03:20:44 -0700 (PDT)
Received: by mail-oo1-xc2a.google.com with SMTP id 127so1782571ooc.9 for <ipv6@ietf.org>; Fri, 19 Jun 2020 03:20:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=F+lnBsMEw12HQWeLWveechiur2sjC990nZzFO0+gB9o=; b=M03xneQP6SMj1ECtousErIIJ6Er3yCR1w2a0NRUXkRj8GrCvcsX1BE7uy1jaPZ+Q2y 9jy1WhP29rqljLqSrV75h1+yiceFKmggUqgr/qh1eyjEr0o3CXv5li82KveCJyf7AIoN 78cxb7hrkK95vDWuSbIuvhRz1gnhiAo7aqCIu9UAghVM5bl+12oPTW5OpuvezQpB/Nit m2EHzKMXv6+eV276JXOno1Hsl/yrRyHpfbkdQ1+G7lZm6QG++lrCJYVCbrziysH0hkKa f83Hb4elZA/x4VBZYjlbedykaxMiIWgQPNU+qBgE00dVr4dOIRl+MH/OZ/ToJn7F/u93 7vsg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=F+lnBsMEw12HQWeLWveechiur2sjC990nZzFO0+gB9o=; b=jdutcVvt8WRaNnkV2czOpbSH9ldu0d4BIXCv8YGbisGdOhXZpIqT5E96+uBeL0MjUv ZrC3ULaYqaOl5/nnXdA+tytbRas0MZfTosoSU9RlVaqkcJ8H3+27fMbdtjeqsLUAZtHi KzXPnQ9ei5DOP8lWry12PBDjNsCH2EKZ563zS6GDiuS16MVH0bq67boGMb7OuhECLvpZ OHJxjyJaPVv8h1fb55aq5c8oEwgscbCE+hzdlCkUIG60Wed1kWFEv06e8bnqqzV4LKRV JRd93BXhvLBXqo5S6/LRuDwQJsVljRQR0RER/qcqsLfma7X15tMxs0xVLsqm2A1ojIKe wW1A==
X-Gm-Message-State: AOAM532+emPrViKqjXsV76aS0n17aHgLGmglvETqZd2aenxQz+9EkzUB cANeQs4878asqyGZlylVcEMv0qF7DCUoEKUPBrY=
X-Google-Smtp-Source: ABdhPJz/lUA+vBHqGt60hMlHH16oNTiWpvamkXELMRJzK/Xo6dW0pnZCmMsg2tOt5Gi93yfST7K3hKrqMCj3fboBHbM=
X-Received: by 2002:a4a:6c7:: with SMTP id 190mr2636543ooj.4.1592562043901; Fri, 19 Jun 2020 03:20:43 -0700 (PDT)
MIME-Version: 1.0
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com> <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com> <7854355a-3eca-0bc4-10bf-e9ec124e8fa6@gmail.com> <CAO42Z2yMQAiEFhQ8r5g5NAUVjw6GHX0oJNCX0yz95p_qbt3ZGQ@mail.gmail.com> <CAAcx0vA78=T8fHmj=JhcKP0L9tNiN4E5b-68Z8L3W_13pnUtMg@mail.gmail.com>
In-Reply-To: <CAAcx0vA78=T8fHmj=JhcKP0L9tNiN4E5b-68Z8L3W_13pnUtMg@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 19 Jun 2020 20:20:33 +1000
Message-ID: <CAO42Z2zSsv1XSX1ze9a7DHPRN8=iMSCfQx0bNT+L-mrj+FyLaA@mail.gmail.com>
Subject: Re: 64bit MAC addresses and SLAAC
To: Etienne-Victor Depasquale <edepa@ieee.org>
Cc: Alexandre Petrescu <alexandre.petrescu@gmail.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e8dad805a86d3e32"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/JtN1c0616waif3nw95PC-RS_kdI>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Jun 2020 10:20:47 -0000

On Fri, 19 Jun 2020, 19:18 Etienne-Victor Depasquale, <edepa@ieee.org>
wrote:

> But there are certainly computing&communicating platforms not powerful
>> enough to run AES.
>
>
>>
>  So IPv6 is probably not the right protocol for those devices.
>
>
>
> That "probably" is the saving grace :)
>
> I'd go for IPv6 on any communicating device and give in to alternatives
> with very great reluctance.
>


"Right tool for the job", as my father taught me.

I'm also reminded of how good a blade screwdriver is at opening a paint
can, except that doing that ruins the blade screwdriver for undoing screws!
Buy a cheap blade screwdriver and call it a "paint can opener", making it
then the right tool for the job, and also accepting that it can't be
reliably used as a screwdriver anymore.





>
>
> On Fri, Jun 19, 2020 at 12:04 AM Mark Smith <markzzzsmith@gmail.com>
> wrote:
>
>>
>>
>> On Fri, 19 Jun 2020, 00:30 Alexandre Petrescu, <
>> alexandre.petrescu@gmail.com> wrote:
>>
>>>
>>>
>>> Le 18/06/2020 à 09:50, Mark Smith a écrit :
>>> >
>>> >
>>> <snip>
>>> >
>>> >
>>> > So I have a couple of IoT IPv6 books from about 10 years ago, and they
>>> > talk about these battery powered devices having AES implementations to
>>> > encrypt the radio layer.
>>> >
>>> > So it seems AES was cheap enough to do in battery powered IoT devices
>>> 10
>>> > years ago, so I would assume it is even cheaper to do now.
>>> >
>>> > I understand crypto algorithms can also be used as a hash generator,
>>> so
>>> > perhaps the AES in these things can be used to generate hashes for
>>> > RFC7217 stable IDs.
>>>
>>> Probably AES is not an issue on some platforms, in terms of having
>>> enough cycles.
>>>
>>> But there are certainly computing&communicating platforms not powerful
>>> enough to run AES.
>>>
>>
>> So IPv6 is probably not the right protocol for those devices.
>>
>> It's great to try to use IPv6 for everything, but it doesn't mean IPv6
>> must be used for everything.
>>
>> IPv6 is a general purpose internetworking protocol, so it isn't going to
>> be optimal for all cases.
>>
>> At some point, the compromises or costs of using IPv6 will outweigh the
>> benefits of using a general commodity protocol. At that point, the expense
>> of a better suited and more specific protocol to suit the problem protocol
>> is worth paying.
>>
>> The IoT applications being discussed are local network only applications.
>> Since an internetworking protocol solves a much bigger problem -
>> internetworking hosts attached to a network of networks, using an
>> internetworking protocol to solve a local network application problem is
>> always going to involve a compromise - accepting a larger packet overhead
>> because of using an address space that is far larger than it needs to be to
>> solve the problem.
>>
>> Unfortunately we don't really have a middle ground, general purpose, yet
>> local network only protocol. MPLS is close, but not really general purpose
>> enough.
>>
>> Now that IPv4 can't solve the Internet internetworking problem (hence
>> invention of IPv6), perhaps we should repurpose it to use for local network
>> only application problems..
>>
>> Regards,
>> Mark.
>>
>>
>>
>>> And, it is not only a matter of energy consumption or time it takes to
>>> compute.
>>>
>>> There are very many additional aspects involved in using crypto
>>> technology, at all layers from 0 to Political.  Bind them all to an IP
>>> address?
>>>
>>> Alex
>>>
>>> >
>>> > Regards,
>>> > Mark.
>>> >
>>> >
>>> >
>>> >     Alternatively:
>>> >     keep link-layer addresses in IPv6 IIDs,
>>> >     without allowing unauthorized data collection from the nodes,
>>> >     by implementing access control to the nodes at the (mains-powered)
>>> >     border router.
>>> >
>>> >     Etienne
>>> >
>>> >     On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg
>>> >     <pch-ipv6-ietf-6@u-1.phicoh.com
>>> >     <mailto:pch-ipv6-ietf-6@u-1.phicoh.com>> wrote:
>>> >
>>> >          >   Of course the caveat there with unmanaged network and SOHO
>>> >         and Mobile
>>> >          >where manual or DHCPV6 is not possible or viable.
>>> >
>>> >         Why is DHCPv6 not possible? Of course there is the Android
>>> problem.
>>> >         But I doubt that a low power IoT device would share a wifi-link
>>> >         with an
>>> >         Android device.
>>> >
>>> >          >    In those cases SLAAC is preferred, but then we have the
>>> >         crux of
>>> >          >    issue and the decision tree on privacy random IID and its
>>> >         overhead
>>> >          >    if its not necessary versus modified EUI64.
>>> >          >    tree of course the underlying operational impacts of
>>> random
>>> >          >    versus  stable IID double edged sword operator or
>>> individuals
>>> >          >    decision to pick which works best for their use case.
>>> In the
>>> >          >    end net-net is what is simplest to deploy and least
>>> overhead
>>> >          >    but also meets the desired goal is generally the thought
>>> for
>>> >          >    picking the IID generation solution. For that SLAAC wins
>>> >         out in
>>> >          >    that decision for the use case described above.
>>> >
>>> >         A stable, unique pseudo random IID per prefix basically
>>> requires one
>>> >         SHA2-HMAC (or equivalent in SHA3 or other modern hash
>>> function) per
>>> >         prefix.
>>> >
>>> >         I cannot imagine that computing 2 SHA2 hashes has a significant
>>> >         amount
>>> >         of energy use compared to link attachment and duplicate address
>>> >         detection.
>>> >
>>> >         This computation is once per prefix, so it becomes an issue if
>>> the
>>> >         devices frequently attaches to new links. In which case
>>> tracking
>>> >         protection
>>> >         becomes important.
>>> >
>>> >         I also wonder, a device that cannot afford a couple SHa2
>>> hashes?
>>> >         Then that
>>> >         device is probably insecure and should not be connect to the
>>> >         internet
>>> >         anyhow.
>>> >
>>> >
>>> >
>>>  --------------------------------------------------------------------
>>> >         IETF IPv6 working group mailing list
>>> >         ipv6@ietf.org <mailto:ipv6@ietf.org>
>>> >         Administrative Requests:
>>> https://www.ietf.org/mailman/listinfo/ipv6
>>> >
>>>  --------------------------------------------------------------------
>>> >
>>> >
>>> >
>>> >     --
>>> >     Ing. Etienne-Victor Depasquale
>>> >     Assistant Lecturer
>>> >     Department of Communications & Computer Engineering
>>> >     Faculty of Information & Communication Technology
>>> >     University of Malta
>>> >     Web. https://www.um.edu.mt/profile/etiennedepasquale
>>> >
>>>  --------------------------------------------------------------------
>>> >     IETF IPv6 working group mailing list
>>> >     ipv6@ietf.org <mailto:ipv6@ietf.org <ipv6@ietf..org>>
>>> >     Administrative Requests:
>>> https://www.ietf.org/mailman/listinfo/ipv6
>>> >
>>>  --------------------------------------------------------------------
>>> >
>>> >
>>> > --------------------------------------------------------------------
>>> > IETF IPv6 working group mailing list
>>> > ipv6@ietf.org
>>> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> > --------------------------------------------------------------------
>>> >
>>>
>>> --------------------------------------------------------------------
>>> IETF IPv6 working group mailing list
>>> ipv6@ietf.org
>>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>>> --------------------------------------------------------------------
>>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
>
> --
> Ing. Etienne-Victor Depasquale
> Assistant Lecturer
> Department of Communications & Computer Engineering
> Faculty of Information & Communication Technology
> University of Malta
> Web. https://www.um.edu.mt/profile/etiennedepasquale
>

v2.23.0 | Report a Bug | By Email