IETF Logo Mail Archive

Re: I-D Action: draft-ietf-6man-default-iids-11.txt

Mark Smith <markzzzsmith@gmail.com> Mon, 16 May 2016 07:40 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 858A212B00D for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 00:40:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.197
X-Spam-Level:
X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hzW2cTGZcPuz for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 00:40:32 -0700 (PDT)
Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0728512B00C for <ipv6@ietf.org>; Mon, 16 May 2016 00:40:31 -0700 (PDT)
Received: by mail-vk0-x231.google.com with SMTP id f66so203699512vkh.2 for <ipv6@ietf.org>; Mon, 16 May 2016 00:40:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=xzw07h0WAbRn8l3jp919Mtc/3/XWnL5Z1nVOBIpbxgw=; b=GkexiNsbeYJXO9T66LRGoiDlW7Q4vnNuB3e+tVG1mCpixbhSLzdQSMyZEZFGQecNLV cg+dmVhPd6vt54Z9NuBwJ001v3WJu0u0JklR9bG2Q/ABZ/f/cWAOO6XOtAU4TFStrmLl rmGiRYjU7C0dOnyXJc1jzDdpTuxn1uBbJBQSXxcMBK1ZcWWvQkac9ggfeRd77FmRqVHS U5vir7BvNNbcPKRkvfGD3cQA66fH/qHqK4zztWYuAP1j2S3VD8Zp82/ymDUXYstEIj+H FjNKlgetF1nFWx6AE3F2fHPLJsg2pok7mmnmKtpN9kRFnfUhIwIWuV564vFC4xuvpRm6 60YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=xzw07h0WAbRn8l3jp919Mtc/3/XWnL5Z1nVOBIpbxgw=; b=kske12lmLdirvOzF2ZVklRyKUX0UFcCdn8s+qy5h72ZbOxVEWSs7F42S1c2VIqRNrT r9wy4xmmltySTBHvMSEeJOGn/yarBiaJH6nPu+ubvajL/El5tOAGwwTn2h/hMco5q6uh ErDiORpINYzolZUfDVkLDl0ObN4sGRyB/g9kiL1rPDiilCv7re5tyEGhKQ54JI2CFt84 raBwnBnQ3qVEgTF0BzJBTyT0n0i63KQWwG34IjDRjrqF+O58Jo/mhTSOEgrquLpAxuPi egHKY+JfljsKtwNVPa13aw7Vrbj/pZSYeIbT6Km1bTv+jBHnPGLld4xwXPE/KLO4Qkl5 ZIHA==
X-Gm-Message-State: AOPr4FWl4YoxnuAtxmiZKyKoDfeacUP3ozWQnse6zx1H2WQmZB9a0Zottscy5lPBnysVCx+E5coNnreiLpzekw==
MIME-Version: 1.0
X-Received: by 10.31.146.144 with SMTP id u138mr13961123vkd.2.1463384430989; Mon, 16 May 2016 00:40:30 -0700 (PDT)
Received: by 10.176.4.55 with HTTP; Mon, 16 May 2016 00:40:30 -0700 (PDT)
Received: by 10.176.4.55 with HTTP; Mon, 16 May 2016 00:40:30 -0700 (PDT)
In-Reply-To: <8E1CCE051EDF4491953D6E093809DA68@WeiGengyuPC>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <CD39E9F1-4060-4884-91B3-5A974C3FFFF7@cooperw.in> <8E1CCE051EDF4491953D6E093809DA68@WeiGengyuPC>
Date: Mon, 16 May 2016 17:40:30 +1000
Message-ID: <CAO42Z2zAjtPGuoU30hswFM+VM3M8VQb7hfx9VMX03e8W59pKNQ@mail.gmail.com>
Subject: Re: I-D Action: draft-ietf-6man-default-iids-11.txt
From: Mark Smith <markzzzsmith@gmail.com>
To: weigengyu <weigengyu@bupt.edu.cn>
Content-Type: multipart/alternative; boundary="001a114374922dd9960532f0bde6"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/XfuGCyyD-oanN5gHYpe173LxcOk>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 07:40:34 -0000

Hi,

Fernando would have usually popped in by now. As he hasn't, I'll have a go.

The IIDs in this RFC are random in comparison to MAC address derived ones.
MAC address derived ones have a structure and values that can be predicted.

The IIDs are stable in comparison to RFC4942  privacy addresses, that
change every 24 hours.

These addresses aren't meant to be an alternative to privacy addresses. A
host will likely have both, with privacy addresses preferred as source
addresses for outbound connections.

For cases where privacy addresses would cause issues because they change
relatively often, these addresses would be used eg. incoming (stable)
destination addresses for servers/services that are put in DNS (eg. HTTP
server), or router interface addresses, decoupling the router interface
address from the interface/line card MAC address, so that the interface
could be swapped (meaning new MAC address) without the router's IPv6
address charging.

Regards,
Mark.

On 9 May 2016 4:35 PM, "weigengyu" <weigengyu@bupt.edu.cn> wrote:
>
> Hi,
>
>
>> This document changes the default scheme for generating stable
>
>   Interface Identifiers with SLAAC to that specified in RFC7217,
>
> There is a question about RFC7217 as this draft is to promote it.
> In RFC7217,  in Page 6 and page 7,  "5.  Algorithm Specification"
> "1.  Compute a random (but stable) identifier with the expression:
>       RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key)
>       Where:
>       RID:
>          Random (but stable) Identifier
>       F():
>          A pseudorandom function (PRF) that MUST NOT be computable from
>          the outside (without knowledge of the secret key).  F() MUST
>          also be difficult to reverse, such that it resists attempts to
>          obtain the secret_key, even when given samples of the output
>          of F() and knowledge or control of the other input parameters.
>          F() SHOULD produce an output of at least 64 bits.  F() could
>          be implemented as a cryptographic hash of the concatenation of
>          each of the function parameters.  SHA-1 [FIPS-SHS] and SHA-256
>          are two possible options for F().  Note: MD5 [RFC1321] is
>          considered unacceptable for F() [RFC6151]. "
>
> It seems it is a concept error for RID.
> RID is not random or random identifier according to the context above.
>
> F() is an inreverse function, not a pseudorandom function.
> Within parameters of F(Prefix, Net_Iface, Network_ID, DAD_Counter,
secret_key),
> only the secret_key is generated by a pseudorandom function.
> But the secret_key is also a constant because it keeps unchanged after
being generated.
>
> There are not random features.
>
> The question is why it is called RID, Random ID?
>
>
> Regards,
>
> Gengyu WEI
> Network Technology Center
> School of Computer
> Beijing University of Posts and Telecommunications
> -----原始邮件----- From: Alissa Cooper
> Sent: Thursday, April 28, 2016 10:41 PM
> To: IETF IPv6 Mailing List
> Subject: Re: I-D Action: draft-ietf-6man-default-iids-11.txt
>
>
> This version incorporates comments based on discussion before and during
IETF 95 (thanks to Fernando for spinning the rev). I think this version
addresses the comments received and should be ready to move forward.
>
> Alissa
>
>
>> On Apr 27, 2016, at 5:49 PM, internet-drafts@ietf.org wrote:
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts
directories.
>> This draft is a work item of the IPv6 Maintenance of the IETF.
>>
>>        Title           : Recommendation on Stable IPv6 Interface
Identifiers
>>        Authors         : Fernando Gont
>>                          Alissa Cooper
>>                          Dave Thaler
>>                          Will Liu
>> Filename        : draft-ietf-6man-default-iids-11.txt
>> Pages           : 23
>> Date            : 2016-04-27
>>
>> Abstract:
>>   This document changes the default scheme for generating stable
>>   Interface Identifiers with SLAAC to that specified in RFC7217, and
>>   recommends against embedding link-layer addresses in IPv6 Interface
>>   Identifiers.  It formally updates RFC2464, RFC2467, RFC2470, RFC2491,
>>   RFC2492, RFC2497, RFC2590, RFC3146, RFC3572, RFC4291, RFC4338,
>>   RFC4391, RFC5072, and RFC5121, by removing the text in these RFCs
>>   that required the IPv6 Interface Identifiers to be derived from the
>>   underlying link-layer address, and replacing the aforementioned text
>>   with a pointer to this document.  Additionally, this document updates
>>   RFC3315 by specifying additional requirements on the generation of
>>   Interface Identifiers used in Dynamic Host Configuration Protocol
>>   version 6 (DHCPv6).  It also provides advice to system administrators
>>   who employ manual configuration.  This document does not change any
>>   existing recommendations concerning the use of temporary addresses as
>>   specified in RFC 4941.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-6man-default-iids/
>>
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-6man-default-iids-11
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-default-iids-11
>>
>>
>> Please note that it may take a couple of minutes from the time of
submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email