IETF Logo Mail Archive

Re: Disabling temporary addresses by default?

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 30 January 2020 19:12 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD7D120219 for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 11:12:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.435
X-Spam-Level: *
X-Spam-Status: No, score=1.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hRzu2WoQnhPh for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 11:12:18 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9B0F5120170 for <ipv6@ietf.org>; Thu, 30 Jan 2020 11:12:18 -0800 (PST)
Received: from dooku.sandelman.ca (unknown [209.29.231.2]) by relay.sandelman.ca (Postfix) with ESMTPS id 25F381F45B for <ipv6@ietf.org>; Thu, 30 Jan 2020 19:12:17 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 34D081A373A; Thu, 30 Jan 2020 14:12:16 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: IPv6 List <ipv6@ietf.org>
Subject: Re: Disabling temporary addresses by default?
In-reply-to: <f02490c8-5f52-acf6-75e7-109d10d89740@si6networks.com>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <c4166907-b6c9-a4ef-fd59-cf539bbe0405@si6networks.com> <43D76C96-C16B-4BEB-B9B8-C68D53BCE63F@fugue.com> <fb5b8377-892d-2777-ef9b-4f9ddefa6c93@si6networks.com> <CAKD1Yr034_tu7ZoJ1FCfDYhNSN6igm-ZQyR4u3U+UDMr=huGOw@mail.gmail.com> <1af0b06d-f9d7-5ea1-27f3-b417eb9148fa@si6networks.com> <7606A049-318D-4526-917D-F2A801BF7050@cisco.com> <CAKD1Yr1d9kORFdoOJr22J_UDJ9hLPr6AQLyWuh7=bAQKa+aXGw@mail.gmail.com> <MN2PR11MB356588FC3E8A6410B725D159D80A0@MN2PR11MB3565.namprd11.prod.outlook.com> <CAKD1Yr35meRGh_POo_2jrHA_oazO1xUOG5G_rx43xNLFYHQsMQ@mail.gmail.com> <MN2PR11MB356526F01CAE1CADEF8E4472D80A0@MN2PR11MB3565.namprd11.prod.outlook.com> <CAKD1Yr0-rmyzz3y1d+pCpA0+tGuhSdjojaJovXUzVuyx6UdeLA@mail.gmail.com> <98179a48-8d86-4673-6c82-fc0022988862@foobar.org> <F84FEFAF-1F78-47D4-B3E0-981DCFD0CB58@employees.org> <CAKD1Yr11_SSUkCBuQ3-h+eRg0LPZQdhe+h7f0YZy9TiyRWj6mw@mail.gmail.com> <1F1CE807-5466-42B3-AA37-8C916EAB545C@gmail.com> <f02490c8-5 f52-acf6-75e7-109d10d89740@si6networks.com>
Comments: In-reply-to Fernando Gont <fgont@si6networks.com> message dated "Tue, 28 Jan 2020 19:42:45 -0300."
X-Mailer: MH-E 8.6; nmh 1.7.1-RC3; GNU Emacs 25.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 30 Jan 2020 14:12:16 -0500
Message-ID: <30545.1580411536@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/QaTKKOtxxEmhdaywAI4IGzZFz4s>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2020 19:12:20 -0000

Fernando Gont <fgont@si6networks.com> wrote:
    > In this respect, we have a few knobs to play with:

    > 1) Valid Lifetime and Temporary Lifetime timers

Agreed, and this is an important knob.

    > 2) Whether ongoing sessions should be allowed to continue using invalid
    > addresses

I was initially surprised that the old addresses were called invalid.
Non-temporary addresses do not go invalid at the end of the lifetime, as long
as the host receives another RA.

Clearly the host made them up, as long as it continues to defend them, it
seems like it is wrong to call them invalid.

I think that N=1 is the right value, but that hosts should be told how many
concurrent temporary addresses the network will tolerate.  We can, if you
like, define the counter to be X+1, so a value of "0" means the host can use
one temporary address, and you can't specify zero :-)

    > Option #2: Reduce the N ratio, but allow ongoing sessions to use invalid
    > addresses. This could be worse than legacy RFC4941 (if long lived sessions
    > last more than a week), since now temporary addresses would not have a
    > limited lifetime (the lifetime would only be limited wrt the ability to
    > employ them for new transport protocol instances)

That was, btw, always my historical understanding.  It turns to be wrong.

    > If I had to choose, I'd go for #1 or #3 above. If apps hint the network layer
    > about the addresses to use (e.g. stable addresses if they mean to use
    > long-lived connections), #1 is fine. OTOH, #3, the status quo, is more
    > concervative in this respect.

Maybe we suggest that OSes provide a knob to determine what kind of address
is provided to an application that expresses no preference, I could live with
this.


-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email