Re: Feedback on draft-gont-6man-stable-privacy-addresses-01
Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 14 April 2012 14:56 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEDEB21F8630 for <ipv6@ietfa.amsl.com>; Sat, 14 Apr 2012 07:56:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.514
X-Spam-Level:
X-Spam-Status: No, score=-100.514 tagged_above=-999 required=5 tests=[AWL=-1.123, BAYES_00=-2.599, MANGLED_BELOW=2.3, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XF6WGS-uB7tc for <ipv6@ietfa.amsl.com>; Sat, 14 Apr 2012 07:56:36 -0700 (PDT)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 44C4B21F861B for <ipv6@ietf.org>; Sat, 14 Apr 2012 07:56:36 -0700 (PDT)
Received: by wgbdr13 with SMTP id dr13so2677109wgb.13 for <ipv6@ietf.org>; Sat, 14 Apr 2012 07:56:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:organization:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=ZiNJO/j/vQMg5AhOdE+rON8+ZZeiyREW/vmVayoHBEM=; b=YJ50Y3XV5eWdkAcdHRp6+Wj52OuK9Anj5HRTUFCW3kCpe3DjXbn0uOSuoSJvhlL6w/ 7++IBO21Z643V4Xt0sW/q1lb+hX6EP5cmxl1EI9do8nSuxtKcqFWw7kr8Z/ghJUyE/ph gNbFh1/26ZqNfRy3fH1ikl60LlhPctuN0h+we0g3ayMIFwBzaP9S4HCF8+rmUXKH3yD5 wLYE7CnzXtVouS+ImOi9J8oOdKKc7WrYgH5cd2pGVclgvw5FxRsF/Q0FUXyVb6lbrd4L MSJ+a8dbHLVUVJlYPRAHg0UKzN5T3M0gDSmJN4yXyFCR4QHJ53GW+S5tsM2D3W4CIXC9 PP2g==
Received: by 10.216.132.222 with SMTP id o72mr3011381wei.95.1334415395446; Sat, 14 Apr 2012 07:56:35 -0700 (PDT)
Received: from [192.168.1.69] (host-2-102-219-159.as13285.net. [2.102.219.159]) by mx.google.com with ESMTPS id fn2sm8208189wib.0.2012.04.14.07.56.33 (version=SSLv3 cipher=OTHER); Sat, 14 Apr 2012 07:56:34 -0700 (PDT)
Message-ID: <4F89901F.1090401@gmail.com>
Date: Sat, 14 Apr 2012 15:56:31 +0100
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: Fernando Gont <fgont@si6networks.com>
Subject: Re: Feedback on draft-gont-6man-stable-privacy-addresses-01
References: <E7607B61-9889-43A9-B86B-133BD4238BA2@gmail.com> <1334276068.3945.408.camel@karl> <4F882A44.3080305@si6networks.com> <1334363774.3945.541.camel@karl> <9DDD54D3-5A69-499B-8496-119641348B1F@ecs.soton.ac.uk> <EMEW3|289e913e0066f2de615a1e1b85762bcbo3DBUc03tjc|ecs.soton.ac.uk|9DDD54D3-5A69-499B-8496-119641348B1F@ecs.soton.ac.uk> <4F89851D.1030504@si6networks.com>
In-Reply-To: <4F89851D.1030504@si6networks.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: Tim Chown <tjc@ecs.soton.ac.uk>, 6man Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Apr 2012 14:56:37 -0000
On 2012-04-14 15:09, Fernando Gont wrote: > On 04/14/2012 12:30 PM, Tim Chown wrote: >> I while ago I put this one forward, which is an alternative to >> Fernando's suggestion that you have to set the whole address: >> >> http://tools.ietf.org/html/draft-chown-6man-tokenised-ipv6-identifiers-00 >> >> This was based on existing implementations, in Solaris and Linux (as >> a demonstrator), with the potential for simpler renumbering in mind. > > Does this really help renumbering? e.g., if you have ACLs, they are > based on the whole IPv6 address, rather than on the IID... This is linked to the whole question of why people assign static addresses and how that interacts with renumbering. By getting rid of the MAC address (so that the server address doesn't depend on the network interface hardware) you are part way to static addresses, and one can imagine a prefix-renumbering mechanism that could handle this. Of course here we want an IID that is not only stable but is also well-known; servers don't get address privacy ;-). Fully static addresses are a pain in renumbering, but that discussion belongs in 6RENUM (draft-carpenter-6renum-static-problem). Brian Bian > >> It's probably the complete antithesis of what Fernando is trying to >> achieve, but is aimed at the type of (server) systems that would >> probably be DNS-advertised anyway. > > Note that having an address advertised in the DNS does not necessarily > means that predictable addresses are not useful to an attacker. > > For example, let's assume that you know that a network link hosts 100 > different servers, each with a different domain. > > If their addresses are not predictable, and the attacker wants to find > all of them, he may have to rely on a "dictionary" attack. However, if > the addresses *are* predictable, he could just sweep the interested part > of the address space. > > Note: I still don't understand the use case for this technology, or how > the IIDs would be selected (but since they seem to be > manually-generated, I'd expect them to be "low-byte", such as ::1, ::2, > etc.). > > Thanks! > > Best regards,
- Consensus call on adopting: <draft-gont-6man-stab… Bob Hinden
- RE: Consensus call on adopting: <draft-gont-6man-… Manfredi, Albert E
- Re: Consensus call on adopting: <draft-gont-6man-… Karl Auer
- Re: Consensus call on adopting: <draft-gont-6man-… Brian E Carpenter
- Re: Consensus call on adopting: <draft-gont-6man-… Eliot Lear
- Re: Consensus call on adopting: <draft-gont-6man-… Tim Chown
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Feedback on draft-gont-6man-stable-privacy-addres… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Karl Auer
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Washam Fan
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Karl Auer
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Tim Chown
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Karl Auer
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Tim Chown
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Brian E Carpenter
- Tokenized addresses (was: Re: Feedback on draft-g… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- RE: Feedback on draft-gont-6man-stable-privacy-ad… Christian Huitema
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- RE: Feedback on draft-gont-6man-stable-privacy-ad… Christian Huitema
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- RE: Feedback on draft-gont-6man-stable-privacy-ad… Christian Huitema
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Tina TSOU
- Re: Consensus call on adopting: <draft-gont-6man-… Jong-Hyouk Lee
- Re: Consensus call on adopting: <draft-gont-6man-… Eliot Lear
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Eliot Lear
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Dominik Elsbroek
- Re: Consensus call on adopting: <draft-gont-6man-… Mohacsi Janos
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Mohacsi Janos
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Ole Trøan
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Bob Hinden
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… RJ Atkinson
- Re: Consensus call on adopting: <draft-gont-6man-… Randy Bush
- Re: Consensus call on adopting: <draft-gont-6man-… Bob Hinden
- Re: Consensus call on adopting: <draft-gont-6man-… Randy Bush
- Re: Consensus call on adopting:<draft-gont-6man-s… Brian E Carpenter