IETF Logo Mail Archive

Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)

Fernando Gont <fgont@si6networks.com> Fri, 09 June 2017 17:35 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E069129426 for <ipv6@ietfa.amsl.com>; Fri, 9 Jun 2017 10:35:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Km1v0sZ8tdQ for <ipv6@ietfa.amsl.com>; Fri, 9 Jun 2017 10:35:08 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D683712944A for <ipv6@ietf.org>; Fri, 9 Jun 2017 10:35:07 -0700 (PDT)
Received: from [192.168.0.185] (unknown [105.50.131.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 17610828D6; Fri, 9 Jun 2017 19:35:23 +0200 (CEST)
Subject: Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)
To: Lorenzo Colitti <lorenzo@google.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Job Snijders <job@instituut.net>, Erik Kline <ek@google.com>, 6man WG <ipv6@ietf.org>
References: <CAO42Z2ziUZnK+n2f9N_Xvb5TZBppApXgNSmDsRLxaT1_taLvFw@mail.gmail.com> <4a6969ba-4cd3-ba30-2f3b-9ec4cc3fcf60@si6networks.com> <CAKD1Yr2x_EevJ37NnOg59Xk5+r3YYHmHEQKg_YCCSycuPpBzwA@mail.gmail.com> <bb3abd49-5ddc-076c-64a4-fe5f7dcd47d1@si6networks.com> <CAKD1Yr2ay5Hn_vdc14jJ7WQbgJzMZ_SE+n1S0ZpYMQ5CoPQ0sg@mail.gmail.com> <089d5e62-360a-9daf-339e-397ab0f4361f@si6networks.com> <CAKD1Yr2Gdke8tecVuywH76YQAFFFdA9oyJOjwo3ptiJfyF8h8g@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <63613823-fd24-7758-b40f-cad961de565e@si6networks.com>
Date: Fri, 09 Jun 2017 20:34:33 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr2Gdke8tecVuywH76YQAFFFdA9oyJOjwo3ptiJfyF8h8g@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/RNNkkxRNUacVmo0HTuDUFxi3Xnw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jun 2017 17:35:09 -0000

On 06/09/2017 06:04 AM, Lorenzo Colitti wrote:
> On Fri, Jun 9, 2017 at 9:35 AM, Fernando Gont <fgont@si6networks.com> wrote:
>>> But they could. If the server had a /64 prefix, then it could store
>>> useful information in the 64 bits. For example, SNI (which sends
>>> information in the clear) might not be necessary any more.
>>
>> We're talking about entropy here. If you want entropy, randomize your
>> IPv6 address (RFC7217), rather than set it manually.
> 
> Well, but the entropy that we care about is not the entropy of the IP
> address, but the entropy of the network communications. Those can be
> achieved by using many IP addresses in parallel.

Huh?

We're talking about entropy of addresses. If you're going to use 64 bits
and randomize addresses in such space, fine.

If you're going to use 64 bits just to use the low-order 16-bits, then
you've wasted a lot of bits.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email