IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 18 June 2020 14:29 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5833A1149 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.671
X-Spam-Level:
X-Spam-Status: No, score=0.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-Ya90af6FP2 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:29:31 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BD693A0868 for <ipv6@ietf.org>; Thu, 18 Jun 2020 07:29:31 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IETTo1027107 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id A6CBD207BAE for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 9BAC9207B9A for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IETT6r026006 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200
Subject: Re: 64bit MAC addresses and SLAAC
To: ipv6@ietf.org
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com> <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <7854355a-3eca-0bc4-10bf-e9ec124e8fa6@gmail.com>
Date: Thu, 18 Jun 2020 16:29:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/KMdBFYe-bzu_78K30q5aH0fl2HE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 14:29:33 -0000


Le 18/06/2020 à 09:50, Mark Smith a écrit :
> 
> 
> On Thu, 18 Jun 2020, 16:30 Etienne-Victor Depasquale, <edepa@ieee.org 
> <mailto:edepa@ieee.org>> wrote:
> 
>     Philip,
> 
>     " I also wonder, a device that cannot afford a couple SHa2 hashes?
>     Then that
>     device is probably insecure and should not be connect to the internet
>     anyhow  "
> 
>     I haven't got any data to make a case... What I can see is a WSN
>     scenario, with some features in it, as follows.
> 
>     One important operating principle with WSNs is to prolong lifetime.
>     When a node turns off, its loss may cause network-wide effects, like
>     RPL DODAG tree re-formation.
> 
>     Sensors are output devices, oriented towards their border router for
>     access to the Internet.
>     Is it fair to say that they're single-purpose devices, supporting no
>     (little?) more than a RESTful interface to their data acquisition?
>     I think so.
> 
>     Does it make sense to load sensors with generation of semantically
>     opaque interface identifiers?
>     Yes - but only after understanding its impact through a
>     network-scoped study of WSN lifetime.
> 
> 
> So I have a couple of IoT IPv6 books from about 10 years ago, and they 
> talk about these battery powered devices having AES implementations to 
> encrypt the radio layer.
> 
> So it seems AES was cheap enough to do in battery powered IoT devices 10 
> years ago, so I would assume it is even cheaper to do now.
> 
> I understand crypto algorithms can also be used as a hash generator, so 
> perhaps the AES in these things can be used to generate hashes for 
> RFC7217 stable IDs.

Probably AES is not an issue on some platforms, in terms of having 
enough cycles.

But there are certainly computing&communicating platforms not powerful 
enough to run AES.

And, it is not only a matter of energy consumption or time it takes to 
compute.

There are very many additional aspects involved in using crypto 
technology, at all layers from 0 to Political.  Bind them all to an IP 
address?

Alex

> 
> Regards,
> Mark.
> 
> 
> 
>     Alternatively:
>     keep link-layer addresses in IPv6 IIDs,
>     without allowing unauthorized data collection from the nodes,
>     by implementing access control to the nodes at the (mains-powered)
>     border router.
> 
>     Etienne
> 
>     On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg
>     <pch-ipv6-ietf-6@u-1.phicoh.com
>     <mailto:pch-ipv6-ietf-6@u-1.phicoh.com>> wrote:
> 
>          >   Of course the caveat there with unmanaged network and SOHO
>         and Mobile
>          >where manual or DHCPV6 is not possible or viable.
> 
>         Why is DHCPv6 not possible? Of course there is the Android problem.
>         But I doubt that a low power IoT device would share a wifi-link
>         with an
>         Android device.
> 
>          >    In those cases SLAAC is preferred, but then we have the
>         crux of
>          >    issue and the decision tree on privacy random IID and its
>         overhead
>          >    if its not necessary versus modified EUI64.
>          >    tree of course the underlying operational impacts of random
>          >    versus  stable IID double edged sword operator or individuals
>          >    decision to pick which works best for their use case.  In the
>          >    end net-net is what is simplest to deploy and least overhead
>          >    but also meets the desired goal is generally the thought for
>          >    picking the IID generation solution. For that SLAAC wins
>         out in
>          >    that decision for the use case described above.
> 
>         A stable, unique pseudo random IID per prefix basically requires one
>         SHA2-HMAC (or equivalent in SHA3 or other modern hash function) per
>         prefix.
> 
>         I cannot imagine that computing 2 SHA2 hashes has a significant
>         amount
>         of energy use compared to link attachment and duplicate address
>         detection.
> 
>         This computation is once per prefix, so it becomes an issue if the
>         devices frequently attaches to new links. In which case tracking
>         protection
>         becomes important.
> 
>         I also wonder, a device that cannot afford a couple SHa2 hashes?
>         Then that
>         device is probably insecure and should not be connect to the
>         internet
>         anyhow.
> 
> 
>         --------------------------------------------------------------------
>         IETF IPv6 working group mailing list
>         ipv6@ietf.org <mailto:ipv6@ietf.org>
>         Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>         --------------------------------------------------------------------
> 
> 
> 
>     -- 
>     Ing. Etienne-Victor Depasquale
>     Assistant Lecturer
>     Department of Communications & Computer Engineering
>     Faculty of Information & Communication Technology
>     University of Malta
>     Web. https://www.um.edu.mt/profile/etiennedepasquale
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org <mailto:ipv6@ietf.org>
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email