IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Mark Smith <markzzzsmith@gmail.com> Thu, 18 June 2020 07:50 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21B653A0F0B for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 00:50:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RErz5D0LTHAB for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 00:50:44 -0700 (PDT)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 547073A0F0A for <ipv6@ietf.org>; Thu, 18 Jun 2020 00:50:44 -0700 (PDT)
Received: by mail-oi1-x22a.google.com with SMTP id t25so4253421oij.7 for <ipv6@ietf.org>; Thu, 18 Jun 2020 00:50:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=QxTVbYprTEhQbKm7F0EaU5AzM6QSo4ylZK+GfLFhE5E=; b=MK5EC23vaUnB1lGvTAzJtp5wAR8LNp2D88qPbbmQQVg0ixpryt6N7eyId0FtDegiw4 8kr/7OsG1pbkriLuE3q5lqLBzQd74031eR9yuVQ/YWi1Va9R/Bv2iHHkqjCUdlNRQWhN dF4qfPpHyRgr7ugb5vPo+P6LfuD3TQ+LHRRaUIY500/hrzB5ASG+xRN4U9CKkawa1yUu OJ0mZaVTofYoW1X8ei9JjdZCe6AdD32Dkm5RDz/Kg0aHVOjuIlvSfCXIU2UCmbvjttQS 8nRUtHi77WbXHWng1WTpRowFCip0aAYtB1avx8/ZJEk7TrQxoLhtTF/oF8MZdXql4F/R pFXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QxTVbYprTEhQbKm7F0EaU5AzM6QSo4ylZK+GfLFhE5E=; b=o1px9VbvyVg/1gkjfJ5klb/XyBuBVkrvPkqyFQ/bQEaKkqOfzOu1qK5xzJswyUD2Zz E4hlfmquCMsK4VN/a9qN4cPvZqBVc6wqBt3NWnOINGPznuvxpApuCaJ8fpFA8iVmgnuf CrtLN7OsEl0JmD0Yjs9N4tHkIVqovmQgikCbWTjcQBl7ck4Q+z1Fir7uKH2hiWhGqkB3 S31AQDj3ZmlDto8AUDhTEECs908DdIwES5WJfI7PGKW8T4aR+VTlERovvPjCK3qSfSr6 YdjnjBWRgTbP48q0zN/fRZ7NQuqvPyBxBvDoaA/tOvDTBHNIimHliVhVlisS7eD10Wnm YNEg==
X-Gm-Message-State: AOAM531GcvPBl4Bp1rU5RaTM96Anyd5LLJvhWr9IbDD5PHmY5/P6uj64 iu1XfobGRMsgY9WPiGVHLYMrFZi2BTghnDPZ3Lw=
X-Google-Smtp-Source: ABdhPJzgCQkmmKup4qK+8fPyhyND+VUz8yRBM1OOt1G/l5brVoziHcZ5mHE6S5YbgfOP/yus2OypBDqs33Qj24/6eBI=
X-Received: by 2002:aca:a9cd:: with SMTP id s196mr1864210oie.164.1592466643455; Thu, 18 Jun 2020 00:50:43 -0700 (PDT)
MIME-Version: 1.0
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com>
In-Reply-To: <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 18 Jun 2020 17:50:33 +1000
Message-ID: <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com>
Subject: Re: 64bit MAC addresses and SLAAC
To: Etienne-Victor Depasquale <edepa@ieee.org>
Cc: Philip Homburg <pch-ipv6-ietf-6@u-1.phicoh.com>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000099930b05a85708d8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/KkiZqM2ZeZQUedju6H8qnJRDpF4>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 07:50:46 -0000

On Thu, 18 Jun 2020, 16:30 Etienne-Victor Depasquale, <edepa@ieee.org>
wrote:

> Philip,
>
> " I also wonder, a device that cannot afford a couple SHa2 hashes? Then
> that
> device is probably insecure and should not be connect to the internet
> anyhow  "
>
> I haven't got any data to make a case.. What I can see is a WSN scenario,
> with some features in it, as follows.
>
> One important operating principle with WSNs is to prolong lifetime.
> When a node turns off, its loss may cause network-wide effects, like RPL
> DODAG tree re-formation.
>
> Sensors are output devices, oriented towards their border router for
> access to the Internet.
> Is it fair to say that they're single-purpose devices, supporting no
> (little?) more than a RESTful interface to their data acquisition?
> I think so.
>
> Does it make sense to load sensors with generation of semantically opaque
> interface identifiers?
> Yes - but only after understanding its impact through a network-scoped
> study of WSN lifetime.
>

So I have a couple of IoT IPv6 books from about 10 years ago, and they talk
about these battery powered devices having AES implementations to encrypt
the radio layer.

So it seems AES was cheap enough to do in battery powered IoT devices 10
years ago, so I would assume it is even cheaper to do now.

I understand crypto algorithms can also be used as a hash generator, so
perhaps the AES in these things can be used to generate hashes for RFC7217
stable IDs.

Regards,
Mark.



> Alternatively:
> keep link-layer addresses in IPv6 IIDs,
> without allowing unauthorized data collection from the nodes,
> by implementing access control to the nodes at the (mains-powered) border
> router.
>
> Etienne
>
> On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg <
> pch-ipv6-ietf-6@u-1.phicoh.com> wrote:
>
>> >   Of course the caveat there with unmanaged network and SOHO and Mobile
>> >where manual or DHCPV6 is not possible or viable.
>>
>> Why is DHCPv6 not possible? Of course there is the Android problem.
>> But I doubt that a low power IoT device would share a wifi-link with an
>> Android device.
>>
>> >    In those cases SLAAC is preferred, but then we have the crux of
>> >    issue and the decision tree on privacy random IID and its overhead
>> >    if its not necessary versus modified EUI64.
>> >    tree of course the underlying operational impacts of random
>> >    versus  stable IID double edged sword operator or individuals
>> >    decision to pick which works best for their use case.  In the
>> >    end net-net is what is simplest to deploy and least overhead
>> >    but also meets the desired goal is generally the thought for
>> >    picking the IID generation solution. For that SLAAC wins out in
>> >    that decision for the use case described above.
>>
>> A stable, unique pseudo random IID per prefix basically requires one
>> SHA2-HMAC (or equivalent in SHA3 or other modern hash function) per
>> prefix.
>>
>> I cannot imagine that computing 2 SHA2 hashes has a significant amount
>> of energy use compared to link attachment and duplicate address detection.
>>
>> This computation is once per prefix, so it becomes an issue if the
>> devices frequently attaches to new links. In which case tracking
>> protection
>> becomes important.
>>
>> I also wonder, a device that cannot afford a couple SHa2 hashes? Then that
>> device is probably insecure and should not be connect to the internet
>> anyhow.
>>
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>>
>
>
> --
> Ing. Etienne-Victor Depasquale
> Assistant Lecturer
> Department of Communications & Computer Engineering
> Faculty of Information & Communication Technology
> University of Malta
> Web. https://www.um.edu.mt/profile/etiennedepasquale
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email