IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Lorenzo Colitti <lorenzo@google.com> Sat, 14 May 2016 01:55 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B631D12B011 for <ipv6@ietfa.amsl.com>; Fri, 13 May 2016 18:55:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DroF9nFbGknh for <ipv6@ietfa.amsl.com>; Fri, 13 May 2016 18:55:47 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F15512B007 for <ipv6@ietf.org>; Fri, 13 May 2016 18:55:47 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id d62so153589457iof.2 for <ipv6@ietf.org>; Fri, 13 May 2016 18:55:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/tq1YaBD4agl/EvBbhzSdWZWtbcTGkgECE3qzoydVzg=; b=Hj2fPoSrwnOABSPnB5VXTYcghP20empapbv3wcu3u2xOUfygidYSC5E8qu0R+qHSog S82aZ4sFm6JPebTPP2bmhocwf9/r2kpLhwtUHY9nqXWFnAVo2HMPdtztFRLFNzXx5izC OXBdUC2Q9/vIjGa2UYoABI0TrH+Ac8B7yweOtYhKQ6jZXYm4S8f8kcWP1ffzlHp/ub+I GJvaYyuAdWPd9uqBI9Nlq2z71WtCus65i/HEUcI8FRjCyuzd2UQhB47po/crwS7RmYXG i8mADtlQk+02blA+NcVFo3tGrQsB477eHjpkpEDO4B0DuHAi5dFtP7u0/89bjH/IUsz4 DatA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/tq1YaBD4agl/EvBbhzSdWZWtbcTGkgECE3qzoydVzg=; b=cYmi1RaTqxYtnfad4CmplrLUJvJ4WGQaT/1Sg1+2VqDxzn0Syw4POE+vUOly8+GhnY 9OuNx+k2yFEOCg9APRXcdS4AzD0x0+EidW7rD/YrqS/lhU2cZhh6DjmWhsXR3gn9qOCd Bd6mz9DLGu54y0DuE91+CZjouuP5xzZigqZLHGidaN+O2m1pT//FyMbuxljkDBls25ks V03FQ2ygHQvaiNmc9aQVIjzFps7qlo3oF0GAPPqNW0uZr/hMpschBR5ijZbBRo1dbJ6F oKhwh+jopab007i0QtKLD5ZC0G+9QpiI25ZjGhXFnNRYMmhWzLgufoG6jQrJembLFGxJ AuEQ==
X-Gm-Message-State: AOPr4FVL8tMvsshFpB2CmGl+HyO18DjSXRoItnLtiv2+eFzqLT54Zou+/1PuIlv6cug8Mhl3roO+ly6rH5C3HfPw
X-Received: by 10.107.175.67 with SMTP id y64mr3127474ioe.113.1463190946636; Fri, 13 May 2016 18:55:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.19.174 with HTTP; Fri, 13 May 2016 18:55:26 -0700 (PDT)
In-Reply-To: <6f2edbbc-d208-03a0-3c33-503a05c0bee8@gmail.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <6f2edbbc-d208-03a0-3c33-503a05c0bee8@gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Sat, 14 May 2016 10:55:26 +0900
Message-ID: <CAKD1Yr1So_tFFSr=sk8ew-UJG-dWK=U6N9mwJnwkZdNX=__SVQ@mail.gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="001a114464fe9d71810532c3b06c"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/SjMkN4YS0vEhZN1lxf4LiYa98cw>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2016 01:55:50 -0000

I continue to oppose this document.

This draft says that existing address generation mechanisms are bad for
privacy, and proceeds to change them. But there is nothing wrong with
the existing address generation mechanisms as if the link-layer addresses
are not stable, (e.g., random MAC addresses), and a growing body of IETF
work

This draft forbids implementations from using existing address generation
mechanisms using random MAC addresses, which is a perfectly valid way to
address the privacy problem this draft is purportedly solving, and is an
approach standardized in other IETF work, for example,
https://tools.ietf.org/html/draft-ietf-dhc-anonymity-profile-08#section-2.1
(now in RFC editor queue).

Here are several examples of how this draft forbids using address
generation mechanisms with random MAC addresses.

   The recommendations in this document apply only in cases where
   implementations otherwise would have configured a stable IPv6 IID
   containing a link layer address.
...
   In standardized recommendations for IPv6 IID generation meant to
   achieve particular security and privacy properties, it is therefore
   necessary to recommend against embedding link-layer addresses in IPv6
   IIDs.
...
   By default, nodes SHOULD NOT employ IPv6 address generation schemes
   that embed the underlying link-layer address in the IID.

These statements should not say "link-layer address". They should say
"stable link-layer-address" or "non-ephemeral link-layer-address" or
"link-layer address that are not known to be ephemeral".

Worse, consider this normative text:

   The entire text of Section 4 of [RFC2464] is replaced with the
   following text:

   ---------------- cut here -------------- cut here ----------------
   The Interface Identifier [AARCH] for an Ethernet interface MUST be
   generated as specified in [RFCXXXX].

This explicitly prohibits an implementation from taking a random MAC
address and forming an EUI-64 address out of it.

On Fri, May 13, 2016 at 5:43 AM, Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> With the clarifying references to RFC4941, I think this document is
> in good shape and ready to be advanced.
>
>     Brian
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email