Re: 64bit MAC addresses and SLAAC
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 18 June 2020 14:29 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F5833A1149 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.671
X-Spam-Level:
X-Spam-Status: No, score=0.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z-Ya90af6FP2 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:29:31 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BD693A0868 for <ipv6@ietf.org>; Thu, 18 Jun 2020 07:29:31 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IETTo1027107 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id A6CBD207BAE for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 9BAC9207B9A for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IETT6r026006 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:29:29 +0200
Subject: Re: 64bit MAC addresses and SLAAC
To: ipv6@ietf.org
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com> <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <7854355a-3eca-0bc4-10bf-e9ec124e8fa6@gmail.com>
Date: Thu, 18 Jun 2020 16:29:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/KMdBFYe-bzu_78K30q5aH0fl2HE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 14:29:33 -0000
Le 18/06/2020 à 09:50, Mark Smith a écrit : > > > On Thu, 18 Jun 2020, 16:30 Etienne-Victor Depasquale, <edepa@ieee.org > <mailto:edepa@ieee.org>> wrote: > > Philip, > > " I also wonder, a device that cannot afford a couple SHa2 hashes? > Then that > device is probably insecure and should not be connect to the internet > anyhow " > > I haven't got any data to make a case... What I can see is a WSN > scenario, with some features in it, as follows. > > One important operating principle with WSNs is to prolong lifetime. > When a node turns off, its loss may cause network-wide effects, like > RPL DODAG tree re-formation. > > Sensors are output devices, oriented towards their border router for > access to the Internet. > Is it fair to say that they're single-purpose devices, supporting no > (little?) more than a RESTful interface to their data acquisition? > I think so. > > Does it make sense to load sensors with generation of semantically > opaque interface identifiers? > Yes - but only after understanding its impact through a > network-scoped study of WSN lifetime. > > > So I have a couple of IoT IPv6 books from about 10 years ago, and they > talk about these battery powered devices having AES implementations to > encrypt the radio layer. > > So it seems AES was cheap enough to do in battery powered IoT devices 10 > years ago, so I would assume it is even cheaper to do now. > > I understand crypto algorithms can also be used as a hash generator, so > perhaps the AES in these things can be used to generate hashes for > RFC7217 stable IDs. Probably AES is not an issue on some platforms, in terms of having enough cycles. But there are certainly computing&communicating platforms not powerful enough to run AES. And, it is not only a matter of energy consumption or time it takes to compute. There are very many additional aspects involved in using crypto technology, at all layers from 0 to Political. Bind them all to an IP address? Alex > > Regards, > Mark. > > > > Alternatively: > keep link-layer addresses in IPv6 IIDs, > without allowing unauthorized data collection from the nodes, > by implementing access control to the nodes at the (mains-powered) > border router. > > Etienne > > On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg > <pch-ipv6-ietf-6@u-1.phicoh.com > <mailto:pch-ipv6-ietf-6@u-1.phicoh.com>> wrote: > > > Of course the caveat there with unmanaged network and SOHO > and Mobile > >where manual or DHCPV6 is not possible or viable. > > Why is DHCPv6 not possible? Of course there is the Android problem. > But I doubt that a low power IoT device would share a wifi-link > with an > Android device. > > > In those cases SLAAC is preferred, but then we have the > crux of > > issue and the decision tree on privacy random IID and its > overhead > > if its not necessary versus modified EUI64. > > tree of course the underlying operational impacts of random > > versus stable IID double edged sword operator or individuals > > decision to pick which works best for their use case. In the > > end net-net is what is simplest to deploy and least overhead > > but also meets the desired goal is generally the thought for > > picking the IID generation solution. For that SLAAC wins > out in > > that decision for the use case described above. > > A stable, unique pseudo random IID per prefix basically requires one > SHA2-HMAC (or equivalent in SHA3 or other modern hash function) per > prefix. > > I cannot imagine that computing 2 SHA2 hashes has a significant > amount > of energy use compared to link attachment and duplicate address > detection. > > This computation is once per prefix, so it becomes an issue if the > devices frequently attaches to new links. In which case tracking > protection > becomes important. > > I also wonder, a device that cannot afford a couple SHa2 hashes? > Then that > device is probably insecure and should not be connect to the > internet > anyhow. > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org <mailto:ipv6@ietf.org> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > > > -- > Ing. Etienne-Victor Depasquale > Assistant Lecturer > Department of Communications & Computer Engineering > Faculty of Information & Communication Technology > University of Malta > Web. https://www.um.edu.mt/profile/etiennedepasquale > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org <mailto:ipv6@ietf.org> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Behcet Sarikaya
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- RE: 64bit MAC addresses and SLAAC Vasilenko Eduard
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: [EXTERNAL] 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- RE: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: 64bit MAC addresses and SLAAC Kerry Lynn
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Gyan Mishra
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Gyan Mishra
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Ole Troan
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: [EXTERNAL] 64bit MAC addresses and SLAAC Carsten Bormann
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- RE: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)