Re: 64bit MAC addresses and SLAAC
Fernando Gont <fgont@si6networks.com> Wed, 17 June 2020 15:14 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9FBF83A0922 for <ipv6@ietfa.amsl.com>; Wed, 17 Jun 2020 08:14:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vr2bMOFF6McC for <ipv6@ietfa.amsl.com>; Wed, 17 Jun 2020 08:14:10 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E33F93A083A for <ipv6@ietf.org>; Wed, 17 Jun 2020 08:14:09 -0700 (PDT)
Received: from [IPv6:2800:810:464:1f7:e998:ff26:4eb6:2dc9] (unknown [IPv6:2800:810:464:1f7:e998:ff26:4eb6:2dc9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id B2C58280D4E; Wed, 17 Jun 2020 15:14:06 +0000 (UTC)
Subject: Re: 64bit MAC addresses and SLAAC
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>, sarikaya@ieee.org, Bob Hinden <bob.hinden@gmail.com>
Cc: IPv6 List <ipv6@ietf.org>
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com>
Date: Wed, 17 Jun 2020 12:13:26 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SQCmzhLxi_hi0MPYWK12S-iY2Zo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 15:14:24 -0000
On 17/6/20 08:16, Alexandre Petrescu wrote: [....] > > There are many problems with RFC7217 plus RFC8064, among which: > > - RFC8064 recommends simply stable IIDs; to do that it uses RFC7217 > which defines stables IIDs _within_ a subnet. That is an > inconsistency. A stable IID with a stable prefix is often needed for > mobility, and, a same IID within distinct prefixes might ease > administration; yet none of these two aspects seems mentioned. RFC8064 describes desired properties for stable addresses. RFC7217 specifies an algorithm that allows the generation of addresses with such properties. TL;DR : RFC7217 aims at producing IIDs that are stable within the same network, but that change as the node moves to other networks. The case of "same IID with distinct prefixes" is the same as using the same IID as the host moves from one network to another. And that's quite bad for privacy. PLease see RFC7721. > - neither RFC8064 nor RFC7217 mention the use of random numbers in MAC > addresses. Yet that is implemented in Windows at least. It doesn't, and it shouldn't. If you randomize MAC addresses, you may want to use temporary-only. rfc4941bis allows you to do that. > - RFC8064 is somehow not implemented in linux, even though linux does > offer privacy IIDs. Quite the contrary: Linux was the first implementation of RFC7217. RFC7217 is currently implemented in virtually all (*) host operating systems, including Mac OS, OpenBSD, and virtually all LInux distributions. There's a Linux kernel implementation, plus an implementation in systemd-networkd, NetworkManager, and dhcpcd. > The part of RFC8064 that is not implemented in > linux is the part that says that the IID length can be anything and > not necessarily 64. You are misreading RFC7217. RFC7217 simply says that the algorithm is not tied to any specific prefix length -- which, if one looks at the algorithm, should be evident. That said, the addressing architecture calls for 64-bit IIDs. > Because of these reasons, generally speaking about SLAAC and IID > generation, there might still be other necessary ways to generate IIDs > than just 64bit random IIDs. Easy to remember IIDs, same IIDs for > distinct interfaces, are a couple of new potential rules that come to mind. > > If so, probably the easiness of generating IP addresses containing MAC > addresses might also be a good idea in some context: just copy paste the > 64bit (random) MAC address to the last 8 bytes of the IP address. RFC8064 says you shouldn't. But, as "SHOULD/SHOULD NOTs" go, you may behave otherwise if you feel you know better. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Behcet Sarikaya
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- RE: 64bit MAC addresses and SLAAC Vasilenko Eduard
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: [EXTERNAL] 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- RE: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: 64bit MAC addresses and SLAAC Kerry Lynn
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Gyan Mishra
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Gyan Mishra
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Ole Troan
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: [EXTERNAL] 64bit MAC addresses and SLAAC Carsten Bormann
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- RE: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)