IETF Logo Mail Archive

Re: default-iids ready for WGLC? (Re: I-D Action: draft-ietf-6man-default-iids-10.txt)

Lorenzo Colitti <lorenzo@google.com> Thu, 17 March 2016 13:19 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1C8212D935 for <ipv6@ietfa.amsl.com>; Thu, 17 Mar 2016 06:19:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0-DL-f73kB9P for <ipv6@ietfa.amsl.com>; Thu, 17 Mar 2016 06:19:47 -0700 (PDT)
Received: from mail-yw0-x22a.google.com (mail-yw0-x22a.google.com [IPv6:2607:f8b0:4002:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99BDB12D547 for <ipv6@ietf.org>; Thu, 17 Mar 2016 06:19:39 -0700 (PDT)
Received: by mail-yw0-x22a.google.com with SMTP id g3so99393390ywa.3 for <ipv6@ietf.org>; Thu, 17 Mar 2016 06:19:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=aDRSZ7yApHF+eUCRHiDD7TaY5RjKXRABwog4GIIkSEA=; b=OTKBtSzG3jP+5xYBscvK/oVmYYjvVq34GIJ9TloZGG/1ioDyHaw2TEI2YTnxYkr9SV DaYQ10ewWKVfvlqgvLNRgu524E98Indp5qFpJAdH3Vq3M39ZKsPWG3kF/SOcHeX5WCPi uePuUNIsLSYgvt2VI6cpUMH7ZuT41JVKg9eANOiQm+7WMy1I76NGmCuBrJ07bevYCFc5 QIK9W/2NtOXpyXp7kChounySgPm5rSI8b7+p4WGmiC4LGXN4n2Elmu1HEexAJFShmECn qqAzvjwBhVICBi1S8pgzVKYeV7Lck5pucn6+bkgaFPTBkeqD7sxoVEbQbH7kfWM+AxWb IQPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=aDRSZ7yApHF+eUCRHiDD7TaY5RjKXRABwog4GIIkSEA=; b=RlVWsVWutrWebIMvGwHrCT3EoVwSnReGYRW5Xi4cPA81AW1RjAiqAB42h/mim0KKv7 emDyPWTUvYGPua3R10DOzpoC98bqLn85/fRfeoF0VzwFpj8KMcMG20EQtIyqBl+OLxiv FthB7iztOuITzOV9hH41GqOpH+XgFwHpNHa+Y0784HnREBXfezB9cAfY3NjQAtWoFeDA e9wE46spYKSn5ggoHQyNYblZqEBPLuPZ8gtHUZgt71vRZMbZV27m2E22ahoK9Vc5uvy6 PteuJ1DcTJ+A5EFqkCNdT0/vwTJUn0JLEworamGYJlnXRSYjM159HctsXumpIcDd4ZF2 2jRw==
X-Gm-Message-State: AD7BkJKkOhY4L9yJFGCotxlEgDnXib1MCq+3LtQqC1gQSMJSYukDKkxZe8GPWAp08jngmP6u6/8wkUxLTtgCAImF
X-Received: by 10.129.108.199 with SMTP id h190mr3864512ywc.160.1458220778789; Thu, 17 Mar 2016 06:19:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.19.65 with HTTP; Thu, 17 Mar 2016 06:19:19 -0700 (PDT)
In-Reply-To: <56C454F3.30003@si6networks.com>
References: <20160217110334.12586.6254.idtracker@ietfa.amsl.com> <56C454F3.30003@si6networks.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Thu, 17 Mar 2016 22:19:19 +0900
Message-ID: <CAKD1Yr2=vK8_txebpUQD1=Ha1aLoBLqMb3HQpvum1js4ODbQGQ@mail.gmail.com>
Subject: Re: default-iids ready for WGLC? (Re: I-D Action: draft-ietf-6man-default-iids-10.txt)
To: Fernando Gont <fgont@si6networks.com>
Content-Type: multipart/alternative; boundary="001a114db67286c44c052e3e7bb0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/QhARiBIL8YYhoT3Q54VaPkgzJuc>
Cc: "6man-chairs@tools.ietf.org" <6man-chairs@tools.ietf.org>, "draft-ietf-6man-default-iids@tools.ietf.org" <draft-ietf-6man-default-iids@tools.ietf.org>, IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2016 13:19:49 -0000

On Wed, Feb 17, 2016 at 8:09 PM, Fernando Gont <fgont@si6networks.com>
wrote:

> This rev addresses the feedback received on-list, mostly y Alex, Brian,
> and Ray.
>
> I personally think that this one should be ready for WGLC.
>

I have various objections to this document.

First: I don't see why the document require that the link layers MUST
provide stable identifiers. What if a link layer or a host does not want a
stable identifier? What about privacy threats?

I do not support the recommendation to use RFC7217 because doing so creates
a false sense of security. RFC 7217 and similar schemes provide protection
against some threats but not others. Randomizing the link-layer provides
much better protection, and is what other parts of the IETF are moving
towards - see for example draft-ietf-dhc-anonymity-profile, which pretty
much takes MAC address randomization as a given.

I-D.ietf-dhc-stable-privacy-addresses is in state dead and should be
removed.

In various places, the document talks about "the interface identifier".
This does not match reality because most IPv6 hosts have more than one IPv6
address formed using more than one IID.

I don't see how it's useful or constructive to suddenly declare billions of
implementations no longer compliant with specs that have been current for
nearly 20 years (e.g., RFC2464 is from 1998).

Instead of a sweeping update to lots of IPv6-over-foo documents, I'd much
rather see a best current practice that suggests that hosts do something
sane to address this sort of threat. "Something sane" should probably be
MAC address randomization, but could also be RFC7217+RFC4941, etc.

Regards,
Lorenzo

v2.23.0 | Report a Bug | By Email