IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Fernando Gont <fgont@si6networks.com> Sun, 22 May 2016 01:28 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B781112D5D7 for <ipv6@ietfa.amsl.com>; Sat, 21 May 2016 18:28:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VX5Oc2QccBik for <ipv6@ietfa.amsl.com>; Sat, 21 May 2016 18:28:28 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9D5BB12D5D1 for <ipv6@ietf.org>; Sat, 21 May 2016 18:28:27 -0700 (PDT)
Received: from [152.207.83.17] (unknown [152.207.83.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id CB001803E3; Sun, 22 May 2016 03:28:22 +0200 (CEST)
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: Lorenzo Colitti <lorenzo@google.com>, Alissa Cooper <alissa@cooperw.in>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <CAJE_bqdZ_D7jsDdWQ2FJpLH9cXveYfcye0W2J_mSi-7bYBrOKA@mail.gmail.com> <B849F263-9F99-48E8-B903-8FE7D2CDF277@cooperw.in> <CAJE_bqd1AWOuwvQcGzHg+dAWoump29g14HEA1BoVErXDXSMxaw@mail.gmail.com> <573BCFD0.8090801@si6networks.com> <CAJE_bqfKUbO7C6LnxOOUCVBU9e679_=159Yu6Ti0zhOGDuw98Q@mail.gmail.com> <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in> <CAKD1Yr23S4yHM=31VXTJq7t11P3__GEbbRhM0c085gBjQEGi-Q@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <573E5C54.6040504@si6networks.com>
Date: Thu, 19 May 2016 20:37:40 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr23S4yHM=31VXTJq7t11P3__GEbbRhM0c085gBjQEGi-Q@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/KTqGNoIr9COO0J_58FkSosnI82o>
Cc: Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>, 神明達哉 <jinmei@wide.ad.jp>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 May 2016 01:28:32 -0000

On 05/19/2016 02:10 AM, Lorenzo Colitti wrote:
> On Thu, May 19, 2016 at 2:19 PM, Alissa Cooper <alissa@cooperw.in
> <mailto:alissa@cooperw.in>> wrote:
> 
>     The draft makes just about a clear a statement in this vein as is
>     possible:
> 
>     "By default, nodes SHOULD NOT employ IPv6 address generation schemes
>        that embed the underlying link-layer address in the IID.”
> 
>     Note that this statement does not prohibit anything, nor does it
>     make a normative (in the moral sense) judgment. It just states the
>     recommendation, which is the point of the document.
> 
>     I appreciate that not everyone on the list agrees with this
>     recommendation. But I find the claim that this recommendation is
>     unclear to be difficult to understand. That is, I can’t think of a
>     way to convey the same recommendation that would be clearer. If you
>     can, please suggest text.
> 
> 
> Alissa,
> 
> I don't think anybody is claiming that the recommendation itself is
> difficult to understand. What is difficult to understand is how the
> document justifies that claim.
> 
> It looks like the main argument used to justify this recommendation is
> major privacy risks. But embedding a link layer identifier into an IP
> address is not a major [1] privacy risk. It is only embedding a *STABLE*
> link-layer address that is a major privacy risk.
> 
> Recommending that link-layer address be embedded only if they are
> ephemeral would address the privacy concerns just as well as (or maybe
> even better) than the approach proposed in this document.
> 
> I think what people are do not understand is why this document
> recommends one but not the other. I certainly don't.
> 
> Cheers,
> Lorenzo
> 
> [1] I argue that cross-referencing IPX traffic to IP traffic is not a
> major privacy risk because IPX is so uncommon.

1) Do you have data to back the claim that such traffic is uncommon?

2) As noted by Brian, this was just an example. You cannot tell e.g.
what other protocols will do in the future, where they might also embed
the same link-layer address, etc.

3) Your approach wastes 18 bits of entropy for no reason. RFC7217 doesn't

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email