Re: Feedback on draft-gont-6man-stable-privacy-addresses-01
Fernando Gont <fgont@si6networks.com> Sun, 15 April 2012 14:29 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6163B21F87A4 for <ipv6@ietfa.amsl.com>; Sun, 15 Apr 2012 07:29:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.3
X-Spam-Level:
X-Spam-Status: No, score=-0.3 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MANGLED_OFF=2.3, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nD+lapA-jqK0 for <ipv6@ietfa.amsl.com>; Sun, 15 Apr 2012 07:29:49 -0700 (PDT)
Received: from srv01.bbserve.nl (unknown [IPv6:2a02:27f8:1025:18::232]) by ietfa.amsl.com (Postfix) with ESMTP id B598121F87A2 for <ipv6@ietf.org>; Sun, 15 Apr 2012 07:29:48 -0700 (PDT)
Received: from [2001:5c0:1400:a::32b] by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1SJQSW-0002KF-6A; Sun, 15 Apr 2012 16:29:44 +0200
Message-ID: <4F8ADB24.1050606@si6networks.com>
Date: Sun, 15 Apr 2012 16:28:52 +0200
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Fred Baker <fred@cisco.com>
Subject: Re: Feedback on draft-gont-6man-stable-privacy-addresses-01
References: <E7607B61-9889-43A9-B86B-133BD4238BA2@gmail.com> <1334276068.3945.408.camel@karl> <4F882A44.3080305@si6networks.com> <1334363774.3945.541.camel@karl> <CAAuHL_BCv2q=hDjTLmiviLoRRTbbyU+aSSQ0ETbDDQk==YfmLQ@mail.gmail.com> <C5B723A8-8A24-46BD-94E5-0BA2D8CCB460@cisco.com> <4F89DEE7.1080205@si6networks.com> <C91E67751B1EFF41B857DE2FE1F68ABA03CFD484@TK5EX14MBXC274.redmond.corp.microsoft.com> <8C04B19A-6E88-4544-8827-13BB4D672CFE@cisco.com> <4F8A3124.4090005@si6networks.com> <1BEEB247-8C36-4139-BF44-79E4993033E1@cisco.com>
In-Reply-To: <1BEEB247-8C36-4139-BF44-79E4993033E1@cisco.com>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Christian Huitema <huitema@microsoft.com>, "ipv6@ietf.org 6man" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2012 14:29:49 -0000
Hi, Fred, On 04/15/2012 05:54 AM, Fred Baker wrote: >> That said, a more general question would be: should we include the >> (numeric) interface index rather than e.g. a hardware-specific >> I-D? > > Hmmm. I would tend to think that's a small positive integer, which > isn't all that unique. Exactly. > Are you thinking of something different than I am? I don't think so. If you concern is security, bear in mind that the security of the mechanism relies on the cryptographic strength of F(), and the secret_key (and not on the "data" that is hashed. -- That said, the current I-D recommends to include the machine's serial number in the hash (as recommended by Steve Bellovin) as part of the data to be hashed (and this value is expected to be unknown at least to a remote attacker). If your concern is that two hosts might end up computing the same IID, then note that the recommendation is for the secret_key to be set to a random value, *and* as noted in the previous paragraph, we also recommend to include the machine's serial number as part of the data to be hashed (and this number is expected to vary from one node to another). This approach would lead to addresses that do not vary if you change the NIC (as we'd not be using the MAC address), and one might argue that is even more 2general" since, as you correctly noted, not all interfaced have IEEE addresses. IN any case, this is just an idea. I personally think that would be really cool. But I'd like you and others to comment. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Consensus call on adopting: <draft-gont-6man-stab… Bob Hinden
- RE: Consensus call on adopting: <draft-gont-6man-… Manfredi, Albert E
- Re: Consensus call on adopting: <draft-gont-6man-… Karl Auer
- Re: Consensus call on adopting: <draft-gont-6man-… Brian E Carpenter
- Re: Consensus call on adopting: <draft-gont-6man-… Eliot Lear
- Re: Consensus call on adopting: <draft-gont-6man-… Tim Chown
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Feedback on draft-gont-6man-stable-privacy-addres… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Karl Auer
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Washam Fan
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Karl Auer
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Tim Chown
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Karl Auer
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Tim Chown
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Brian E Carpenter
- Tokenized addresses (was: Re: Feedback on draft-g… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- RE: Feedback on draft-gont-6man-stable-privacy-ad… Christian Huitema
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- RE: Feedback on draft-gont-6man-stable-privacy-ad… Christian Huitema
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fred Baker
- RE: Feedback on draft-gont-6man-stable-privacy-ad… Christian Huitema
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Fernando Gont
- Re: Feedback on draft-gont-6man-stable-privacy-ad… Tina TSOU
- Re: Consensus call on adopting: <draft-gont-6man-… Jong-Hyouk Lee
- Re: Consensus call on adopting: <draft-gont-6man-… Eliot Lear
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Eliot Lear
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Dominik Elsbroek
- Re: Consensus call on adopting: <draft-gont-6man-… Mohacsi Janos
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Mohacsi Janos
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Ole Trøan
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… Bob Hinden
- Re: Consensus call on adopting: <draft-gont-6man-… Fernando Gont
- Re: Consensus call on adopting: <draft-gont-6man-… RJ Atkinson
- Re: Consensus call on adopting: <draft-gont-6man-… Randy Bush
- Re: Consensus call on adopting: <draft-gont-6man-… Bob Hinden
- Re: Consensus call on adopting: <draft-gont-6man-… Randy Bush
- Re: Consensus call on adopting:<draft-gont-6man-s… Brian E Carpenter