IETF Logo Mail Archive

Re: rfc4941bis: Invalid addresses used by ongoing sessions

Tom Herbert <tom@herbertland.com> Thu, 13 February 2020 19:34 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 161C71201CE for <ipv6@ietfa.amsl.com>; Thu, 13 Feb 2020 11:34:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iL5wojntLhSN for <ipv6@ietfa.amsl.com>; Thu, 13 Feb 2020 11:34:40 -0800 (PST)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DACBD1201AA for <6man@ietf.org>; Thu, 13 Feb 2020 11:34:39 -0800 (PST)
Received: by mail-ed1-x532.google.com with SMTP id dc19so8230377edb.10 for <6man@ietf.org>; Thu, 13 Feb 2020 11:34:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oo2ewXwOJIHZ8oQyXwYAsoFDsfWmcyiJKl6AOP9tdTs=; b=xAkaalsqrjuR4C6lzPZRDBr36RErI+UlbJugeTilXEPF7YmtwyqdFMLKdRPcXFrUqr WkWVMb5VL5kpKha3HqLLLjt83pdgexu7gkdu75O1A4jpJo8KPEnm2urUODXhHUbJxqL+ WEWnVgmiaYLZZGwAQuzU1hLvByJ5Mf49118IhWO9qyKYBBmzLlGSm3uFSIiyrACnYaYU wYbi80w84zvDwUyERE5590cYG/0BPiQp2Oct7kMVWG8VZr8UpXbqsv9VytrHs/fa/PGQ c1pyoalKR4UA15dq+J9N6vSyUWOsLhjgZ42AGo/DAsf4JBB2oKHgXH1JkUIyWv4mNx6s W09w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oo2ewXwOJIHZ8oQyXwYAsoFDsfWmcyiJKl6AOP9tdTs=; b=X41tmZU7ntBbwzFnrizeweTrQkHtZdZQHRNKYg6kaHntaHrTBmAhhl4qKzSn3aMWaX Zl6PDP1f1czCSaTluDKhAvttySkFXj8kC/KjYcvxUZPlwXvVGM1Q/igZTD0+OhGxRvNl 1TxHH+kUfCuR845563q6ATQdEtHaSTHXFrMtj/R2+uS5KjweKRAy5fZCNfS3Kdt0I37h HKohnxT3FIva7zotAtNTL0SHopn8xj9nCRcGJm5KYk6vF4QuvJfqRiPxmI+77Uzxhe1M CtZh+nGfi55GiaWFYB6Cwy3I4LfKYwjDDpcE6MEPhoJIxAfTBL7J0CAGV5FlmoHZcx+0 MLgA==
X-Gm-Message-State: APjAAAVKfww0gJKRMLCdq7jwHLLvOrOIOEc+UKy0FHRzYxiWMD15hTu9 hjpr05XBFZcM0uqu0LLE/mOKluqWoiLMbhncCULkqe8+5PQ=
X-Google-Smtp-Source: APXvYqzoZ12RuiNE9Xo9hV2FktB6F+cenmjVC38wIhDdk5QUg2g9KtQktOWF+Sb04Xrdk4QZwSD0uX1FGGqPGVvDwps=
X-Received: by 2002:a05:6402:6c2:: with SMTP id n2mr15990742edy.241.1581622478117; Thu, 13 Feb 2020 11:34:38 -0800 (PST)
MIME-Version: 1.0
References: <c6ba9a00-cb44-2022-5009-34211966518c@si6networks.com> <CABNhwV0mb8dL_4Ef5UxAbcRbP18nH9Ztvx8XHJ0Z0GM-NaCwgw@mail.gmail.com> <CAO42Z2zB6gpKwZ=DfRVEbURNyKPJWAOqLqrFvW8T_uc59=9tiw@mail.gmail.com> <675eba6f-942e-82d9-e28d-de960d36d3b2@si6networks.com> <CAO42Z2wrSZEoSKuSeo0iTLpc6ybSheQN=ba9G02OY2XvZscEOw@mail.gmail.com>
In-Reply-To: <CAO42Z2wrSZEoSKuSeo0iTLpc6ybSheQN=ba9G02OY2XvZscEOw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 13 Feb 2020 11:34:26 -0800
Message-ID: <CALx6S34XUoX0g2zCwby1Mz=MwrPKp+5uLGsHtwjfJikmX462Cg@mail.gmail.com>
Subject: Re: rfc4941bis: Invalid addresses used by ongoing sessions
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Fernando Gont <fgont@si6networks.com>, 6MAN <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YfauPjsDeEvyY0L698rnquBWITM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 19:34:42 -0000

On Tue, Feb 11, 2020 at 1:56 AM Mark Smith <markzzzsmith@gmail.com> wrote:
>
> On Tue, 11 Feb 2020 at 16:16, Fernando Gont <fgont@si6networks.com> wrote:
> >
> > On 10/2/20 23:25, Mark Smith wrote:
> > >
> > >
> > > On Tue, 11 Feb 2020, 13:13 Gyan Mishra, <hayabusagsm@gmail.com
> > > <mailto:hayabusagsm@gmail.com>> wrote:
> > >
> > >
> > >
> > >
> > >     On Mon, Feb 10, 2020 at 11:12 AM Fernando Gont
> > >     <fgont@si6networks.com <mailto:fgont@si6networks.com>> wrote:
> > >
> > >         Folks,
> > >
> > >         As currently specified, temporary addresses are removed when
> > >         they become
> > >         invalid (i.e., the Valid Lifetime expires).
> > >
> > >         Section 6 ("6.  Future Work") of the draft
> > >         (https://tools.ietf.org/id/draft-ietf-6man-rfc4941bis-06.txt) still
> > >         keeps the following text from RFC4941.
> > >
> > >         6.  Future Work
> > >
> > >             An implementation might want to keep track of which
> > >         addresses are
> > >             being used by upper layers so as to be able to remove a
> > >         deprecated
> > >             temporary address from internal data structures once no
> > >         upper layer
> > >             protocols are using it (but not before).  This is in contrast to
> > >             current approaches where addresses are removed from an
> > >         interface when
> > >             they become invalid [RFC4862], independent of whether or not
> > >         upper
> > >             layer protocols are still using them.  For TCP connections, such
> > >             information is available in control blocks.  For UDP-based
> > >             applications, it may be the case that only the applications have
> > >             knowledge about what addresses are actually in use.
> > >         Consequently, an
> > >             implementation generally will need to use heuristics in
> > >         deciding when
> > >             an address is no longer in use.
> > >
> > >
> > >         I wonder if this text should be:
> > >
> > >         1) moved more into the body of the document and made a "MAY"
> > >         (which for
> > >         TCP is very straightforward),
> > >
> > >         2) Be left "as is", or,
> > >
> > >         3) Removed from the document
> > >
> > >
> > >         The implications of #1 above is that it can't prevent long-lived
> > >         connections that employ temporary addresses from being torn
> > >         down, at the
> > >         expense of possibly increasing the number of concurrent IPv6
> > >         addresses.
> > >
> > >
> > >        Gyan> So for TCP apps it maybe easier to track via active TCB
> > >     blocks so those long lived connections could be tracked.  So those
> > >     long lived TCP connections would not be impacted and torn down.
> > >     Other apps using UDP may not be as easily tracked and so maybe using
> > >     the deprecated address, however due to difficulty of tracking maybe
> > >     torn down as a side effect of option #1.
> > >
> > >
> > >
> > > Long lived connections using temporary addresses should not be a
> > > consideration, because long lived connections should not be using
> > > temporary addresses.
> > >
> > > "Temporary" and "long lived" (persistent, stable) are opposites that can
> > > never be resolved.
> >
> > In that case, would you go for #2 above?
>
> Probably #2, although mainly because that text is in RFC 3041 and it
> hasn't caused issues since. I'm wondering if all the possible
> scenarios and consequences have been thought through though.
>
> > And, what's your position
> > regarding reducing the preferred and valid lifetimes?
> >
>
> I'm generally okay with the existing defaults, and would probably only
> change them if there is a specific reason to.
>
> If I was choosing the values today, I think I would have chosen 6
> hours for the preferred lifetime, and 24 hours for the valid lifetime.
>
> I would consider an application's connection that persists longer than
> 24 hours to be "long lived", and I don't think the sort of devices
> where temporary addresses provide the most privacy value (e.g.
> end-user PCs, smartphones etc) are likely to have application
> connections that are going to persist for more than or even close to
> 24 hours. It's unlikely that these devices maintain a connection to
> the same network for more than 24 hours e.g. they go to sleep
> disconnecting from the network, or get taken somewhere else etc.
>
> Humans have to sleep once every 24 hours, so having a "new identity"
> i.e. IID within a prefix each day would sound to me to be a reasonable
> default.
>
> The current values are probably quite conservative because of the
> context  - these original RFC3041 defaults was IIDs that persisted as
> long as the network card's hardware address existed - probably 3 to 5
> years typically, although possibly much longer (there's a 20 year old
> 100Mbps NIC in this 11 year old PC for example!). Reducing the
> persistence of a node's interface IID value from many years down to 1
> week was a very significant privacy improvement.

Mark,

Why, exactly, was it a very significant privacy improvement? Again, it
seems like almost all of this discussion is based on an intuition as
that temporary addresses help privacy and that shorter lifetimes
provide better privacy. For instance, a twenty-four hour lifetime
might make sense to be minimally invasive, but what does that mean for
providing privacy? Would an hour lifetime so much better privacy that
the inconvenience of kill existing connections is a reasonable
tradeoff. Conversely, what if there's no significant difference
between 24 hrs. and one week in terms of privacy? Why not make the
default one week and be even less invasive to the user?

Tom

>
> TL;DR, leave as they are just because there doesn't seem to be a
> strong reason to change them.
>
>
> Regards,
> Mark.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > Thanks!
> > --
> > Fernando Gont
> > SI6 Networks
> > e-mail: fgont@si6networks.com
> > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> >
> >
> >
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email