IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 18 June 2020 14:26 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5C793A112F for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.671
X-Spam-Level:
X-Spam-Status: No, score=0.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UtHIwfVgkWjH for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:26:07 -0700 (PDT)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55B1D3A1097 for <ipv6@ietf.org>; Thu, 18 Jun 2020 07:26:07 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IEQ5j9032749 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:26:05 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id A1D01207B8F for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:26:05 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 9667D20712F for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:26:05 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IEQ5tZ022255 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:26:05 +0200
Subject: Re: 64bit MAC addresses and SLAAC
To: ipv6@ietf.org
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <8890ebb0-3cfc-9040-56e7-f4fa0e211014@gmail.com>
Date: Thu, 18 Jun 2020 16:26:05 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/XlIRkqVloTfmC91TR82HqV9ycqo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 14:26:09 -0000


Le 18/06/2020 à 08:29, Etienne-Victor Depasquale a écrit :
> Philip,
> 
> " I also wonder, a device that cannot afford a couple SHa2 hashes? Then that
> device is probably insecure and should not be connect to the internet
> anyhow  "
> 
> I haven't got any data to make a case.. What I can see is a WSN 
> scenario, with some features in it, as follows.
> 
> One important operating principle with WSNs is to prolong lifetime.
> When a node turns off, its loss may cause network-wide effects, like RPL 
> DODAG tree re-formation.
> 
> Sensors are output devices, oriented towards their border router for 
> access to the Internet.
> Is it fair to say that they're single-purpose devices, supporting no 
> (little?) more than a RESTful interface to their data acquisition?
> I think so.
> 
> Does it make sense to load sensors with generation of semantically 
> opaque interface identifiers?
> Yes - but only after understanding its impact through a network-scoped 
> study of WSN lifetime.
> 
> Alternatively:
> keep link-layer addresses in IPv6 IIDs,
> without allowing unauthorized data collection from the nodes,
> by implementing access control to the nodes at the (mains-powered) 
> border router.

The alternative makes sense.

Alex

> 
> Etienne
> 
> On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg 
> <pch-ipv6-ietf-6@u-1.phicoh.com <mailto:pch-ipv6-ietf-6@u-1.phicoh.com>> 
> wrote:
> 
>      >   Of course the caveat there with unmanaged network and SOHO and
>     Mobile
>      >where manual or DHCPV6 is not possible or viable.
> 
>     Why is DHCPv6 not possible? Of course there is the Android problem.
>     But I doubt that a low power IoT device would share a wifi-link with an
>     Android device.
> 
>      >    In those cases SLAAC is preferred, but then we have the crux of
>      >    issue and the decision tree on privacy random IID and its overhead
>      >    if its not necessary versus modified EUI64.
>      >    tree of course the underlying operational impacts of random
>      >    versus  stable IID double edged sword operator or individuals
>      >    decision to pick which works best for their use case.  In the
>      >    end net-net is what is simplest to deploy and least overhead
>      >    but also meets the desired goal is generally the thought for
>      >    picking the IID generation solution. For that SLAAC wins out in
>      >    that decision for the use case described above.
> 
>     A stable, unique pseudo random IID per prefix basically requires one
>     SHA2-HMAC (or equivalent in SHA3 or other modern hash function) per
>     prefix.
> 
>     I cannot imagine that computing 2 SHA2 hashes has a significant amount
>     of energy use compared to link attachment and duplicate address
>     detection.
> 
>     This computation is once per prefix, so it becomes an issue if the
>     devices frequently attaches to new links. In which case tracking
>     protection
>     becomes important.
> 
>     I also wonder, a device that cannot afford a couple SHa2 hashes?
>     Then that
>     device is probably insecure and should not be connect to the internet
>     anyhow.
> 
> 
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org <mailto:ipv6@ietf.org>
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
> 
> 
> 
> -- 
> Ing. Etienne-Victor Depasquale
> Assistant Lecturer
> Department of Communications & Computer Engineering
> Faculty of Information & Communication Technology
> University of Malta
> Web. https://www.um.edu.mt/profile/etiennedepasquale
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email