Re: Feedback on draft-gont-6man-stable-privacy-addresses-01

Fernando Gont <> Sun, 15 April 2012 14:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6163B21F87A4 for <>; Sun, 15 Apr 2012 07:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.3
X-Spam-Status: No, score=-0.3 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MANGLED_OFF=2.3, NO_RELAYS=-0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nD+lapA-jqK0 for <>; Sun, 15 Apr 2012 07:29:49 -0700 (PDT)
Received: from (unknown [IPv6:2a02:27f8:1025:18::232]) by (Postfix) with ESMTP id B598121F87A2 for <>; Sun, 15 Apr 2012 07:29:48 -0700 (PDT)
Received: from [2001:5c0:1400:a::32b] by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <>) id 1SJQSW-0002KF-6A; Sun, 15 Apr 2012 16:29:44 +0200
Message-ID: <>
Date: Sun, 15 Apr 2012 16:28:52 +0200
From: Fernando Gont <>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Fred Baker <>
Subject: Re: Feedback on draft-gont-6man-stable-privacy-addresses-01
References: <> <1334276068.3945.408.camel@karl> <> <1334363774.3945.541.camel@karl> <> <> <> <> <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Christian Huitema <>, " 6man" <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 15 Apr 2012 14:29:49 -0000

Hi, Fred,

On 04/15/2012 05:54 AM, Fred Baker wrote:
>> That said, a more general question would be: should we include the
>> (numeric) interface index rather than e.g. a hardware-specific
>> I-D?
> Hmmm. I would tend to think that's a small positive integer, which
> isn't all that unique. 


> Are you thinking of something different than I am?

I don't think so.

If you concern is security, bear in mind that the security of the
mechanism relies on the cryptographic strength of F(), and the
secret_key (and not on the "data" that is hashed. -- That said, the
current I-D recommends to include the machine's serial number in the
hash (as recommended by Steve Bellovin) as part of the data to be hashed
(and this value is expected to be unknown at least to a remote attacker).

If your concern is that two hosts might end up computing the same IID,
then note that the recommendation is for the secret_key to be set to a
random value, *and* as noted in the previous paragraph, we also
recommend to include the machine's serial number as part of the data to
be hashed (and this number is expected to vary from one node to another).

This approach would lead to addresses that do not vary if you change the
NIC (as we'd not be using the MAC address), and one might argue that is
even more 2general" since, as you correctly noted, not all interfaced
have IEEE addresses.

IN any case, this is just an idea. I personally think that would be
really cool. But I'd like you and others to comment.


Best regards,
Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492