Re: FW: New Version Notification for draft-huitema-6man-random-addresses-01.txt
Philip Homburg <pch-6man-1@u-1.phicoh.com> Fri, 07 August 2015 12:50 UTC
Return-Path: <pch-bBB316E3E@u-1.phicoh.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 895341A8852 for <ipv6@ietfa.amsl.com>; Fri, 7 Aug 2015 05:50:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.6
X-Spam-Level:
X-Spam-Status: No, score=-4.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2lVQyxyRCoal for <ipv6@ietfa.amsl.com>; Fri, 7 Aug 2015 05:50:48 -0700 (PDT)
Received: from stereo.hq.phicoh.net (stereo.hq.phicoh.net [130.37.15.35]) by ietfa.amsl.com (Postfix) with ESMTP id EE40B1A0062 for <6man@ietf.org>; Fri, 7 Aug 2015 05:50:45 -0700 (PDT)
Received: from stereo.hq.phicoh.net (localhost [::ffff:127.0.0.1]) by stereo.hq.phicoh.net with esmtp (Smail #91) id m1ZNh6i-0000CXC; Fri, 7 Aug 2015 14:50:44 +0200
Message-Id: <m1ZNh6i-0000CXC@stereo.hq.phicoh.net>
To: 6man@ietf.org
Subject: Re: FW: New Version Notification for draft-huitema-6man-random-addresses-01.txt
From: Philip Homburg <pch-6man-1@u-1.phicoh.com>
Sender: pch-bBB316E3E@u-1.phicoh.com
References: <20150804191128.19919.89014.idtracker@ietfa.amsl.com> <DM2PR0301MB065575D182597CD706D0C269A8760@DM2PR0301MB0655.namprd03.prod.outlook.com>
In-reply-to: Your message of "Tue, 4 Aug 2015 19:14:02 +0000 ." <DM2PR0301MB065575D182597CD706D0C269A8760@DM2PR0301MB0655.namprd03.prod.outlook.com>
Date: Fri, 07 Aug 2015 14:50:43 +0200
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/P15ftRIp9yShlmvrkz1wgj5GETs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 12:50:50 -0000
In your letter dated Tue, 4 Aug 2015 19:14:02 +0000 you wrote: >This is a new version of the draft that was discussed in Prague. I rewrote it >to focus on the "update to 7217," but also threw in an "update to 4941." I thi >nk it covers most of the feedback received in the WG. Hi Christian, Here are a few comments. In Section 2.2: "These conditions will be considered equivalent to disconnecting and then "reconnecting with a new link layer address. The previously used IPv6 "addresses will be discarded, and a new set of addreses will be assigned. Maybe you can put in a reference to an RFC if there is an RFC that describes the desired behavior. I would say that in this case, a host MUST set all valid times of addresses generated with the old IID to zero before connecting to the new link to make sure that no packets with old IPv6 address go out. "4.1. Update to RFC 4941" The way I understand RFC 4941, you leave older address as deprecated when generating a new one. Which means that older addresses may get used by running application after the MAC address change. I guess that when changing MAC addresses again all old address have to have the lifetimes set to zero explicitly. In Section 5.1: "The correlation over time still be possible for the lifetime of the link "layer address, and the location tracking will only be mitigated if link "layer addresses do change with location. I assumed that the premise of this draft is that MAC address will change. I.e. that is the starting point for this draft. "The practice will export the link-layer address value to all places where "the IPv6 address is used. This increase the potential "surface" for privacy "attacks, and is not desirable. Can you explain how such an attack would work? Just some random thoughts: 1) Given that essentially we want random IIDs to go with random MAC addresses then maybe the best recommendation is to only configure RFC 4941. I'm not sure that a randomized RFC 7217 would add any benfits over RFC 4941. The only thing is that RFC 7217 generates an IID whereas RFC 4941. However, in the context of RFC 4941, the addresses derived from the EUI-64 IIDs are essentially unused except for link local. 2) Alternatively, maybe add text to this draft to generate a new random IID whenever the MAC address is changed while explicitly setting the lifetimes of older addresses to zero. By adding that text and then advising against using RFC-4941 or RFC-7217 the draft becomes nicely self-contained.
- FW: New Version Notification for draft-huitema-6m… Christian Huitema
- Re: FW: New Version Notification for draft-huitem… Philip Homburg