IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

神明達哉 <jinmei@wide.ad.jp> Fri, 20 May 2016 16:05 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C80912B011 for <ipv6@ietfa.amsl.com>; Fri, 20 May 2016 09:05:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Level:
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DK2EAczr_gpH for <ipv6@ietfa.amsl.com>; Fri, 20 May 2016 09:05:57 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3E4212D50F for <ipv6@ietf.org>; Fri, 20 May 2016 09:04:56 -0700 (PDT)
Received: by mail-io0-x22e.google.com with SMTP id f8so18609641ioe.3 for <ipv6@ietf.org>; Fri, 20 May 2016 09:04:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=AyxW7z1ThFRD0WGuoo1lnnUjDgYdMWpljbnUKpBxwZw=; b=fx8Kq84U6ZEQxBYkOlWJJ5CJIrbE8CBUregZmHslhNIWhwdg+sO4aPdA3kEwrGN3sE KtUgVc6uLBCpjw3BYEaa4k16jy/nIy0d5T5LB2iRQHU4m4jSIgUOz0i+NxEawRL9G1D8 KAxtXuhDx3/ouU5NaDNrflmSfvfvcbeJUgzezDQUaVku5BMMrXxfqJQffPsdDy/GzheO VluLl3ytmdQHJlCZHXPHZhC/Wc3HdMZooE0K98uh9qYXgRkrnXtsdXsIO7GcipRdkksq uOkK+zxb8v4MwHPMI/kbTVFTWI2uulVvoO/GygrJNIarlKNoKTbpGoggismglHfb59Gl uBgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=AyxW7z1ThFRD0WGuoo1lnnUjDgYdMWpljbnUKpBxwZw=; b=LkjWub2z8SWsQuoeYDhicpz8w+zxEocoFlDv/BDXgNPH6ZWBBl+5URF9JC2Cbdk8Ve fmtVSmQ3/SY0nEv3rU59aqFVhBkACfkuzzj+KoZekZ4rG1MBC1bvcLW6lubK25+P/05K OP8tt/GiImiC6phizDZb6blXORzsCyqEZsyyf0Jrw+jQb8rBneV0tSKC44e21ve7YqIK T8YfG1eRitjKKeoa+w12VHE55VpOAMop/jUzOHnE5Wze1iOTQroj4EN/hlM2M5YmAFpB IkiJtB7/TUVAFzG8MjoXEHhfo6Bkeal4yFuutrH9uQLHb6ro7NXXj4hezbgG1nKB+dpa EWxw==
X-Gm-Message-State: AOPr4FV7uPqtz2a0ZBrV087ZjxV5/7DNxBM2qDInwej8rvzcGUqcSVM/jo3OVrh0QP9kcS5xVcrr7U6csqdxTg==
MIME-Version: 1.0
X-Received: by 10.107.58.213 with SMTP id h204mr3860734ioa.172.1463760295990; Fri, 20 May 2016 09:04:55 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.19.218 with HTTP; Fri, 20 May 2016 09:04:55 -0700 (PDT)
In-Reply-To: <E13EFAE7-2191-4B19-957D-B7DBA78B6C78@employees.org>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <CAJE_bqdZ_D7jsDdWQ2FJpLH9cXveYfcye0W2J_mSi-7bYBrOKA@mail.gmail.com> <B849F263-9F99-48E8-B903-8FE7D2CDF277@cooperw.in> <CAJE_bqd1AWOuwvQcGzHg+dAWoump29g14HEA1BoVErXDXSMxaw@mail.gmail.com> <573BCFD0.8090801@si6networks.com> <CAJE_bqfKUbO7C6LnxOOUCVBU9e679_=159Yu6Ti0zhOGDuw98Q@mail.gmail.com> <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in> <CAKD1Yr23S4yHM=31VXTJq7t11P3__GEbbRhM0c085gBjQEGi-Q@mail.gmail.com> <19ae94cd-849f-0622-54bc-42cbad51368a@gmail.com> <CAKD1Yr1YN6SnUNp0HKqTNg6G0egkLveCOTG_7pHo9Zq3OFP4=g@mail.gmail.com> <a65c2157-044e-6207-314e-833313e5d458@gmail.com> <CAKD1Yr0e3NuLCFK2N35FymoQmx4UUH-83rkQxtUB1RJbwNzY9A@mail.gmail.com> <E13EFAE7-2191-4B19-957D-B7DBA78B6C78@employees.org>
Date: Fri, 20 May 2016 09:04:55 -0700
X-Google-Sender-Auth: SG78eBBh9yu-qaRxXzCPiOpyF4w
Message-ID: <CAJE_bqczeopdc2qRU2aiY9-+6zS3oKzhJVPWQyQHJ-k46Nr5KQ@mail.gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Ole Troan <otroan@employees.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/_dvd5B1uF7QRH0gskuK0KYIdFrE>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 May 2016 16:06:00 -0000

At Fri, 20 May 2016 09:04:09 +0200,
otroan@employees.org wrote:

> > > Let's all always keep in mind that the current text of the draft says that
> > > on every network, hosts SHOULD configure an IPv6 address that never changes
> > > until the end of time. I think that recommendation is irresponsible.
> >
> > Thus, I'm continuing to run my laptop with only an RFC4941 address for a few
> > days to see whether it has any negative impact at all. So far, so good.
> >
> > Excellent! Now, if we can only make this draft stop saying that that you SHOULD NOT do that...  :-)
>
> Everything has to be read in context. My reading of this document is that it says what an implementation SHOULD do _iff_ a stable IID is to be generated. It says nothing about what to do if a stable IID is not required.
>
> I find the current text quite clear on that, but clearly you don't.

It's not clear to me either.  I commented on this exact point in my
first response to the last call.  Its followup discussion actually
confused me further:
http://www.ietf.org/mail-archive/web/ipv6/current/msg24391.html

In this discussion, I suggested "clarifying that this recommendation
is only for environments where address stability is needed".  The
response to that part of comment refers to a paragraph of the
introduction section:

   The recommendations in this document apply only in cases where
   implementations otherwise would have configured a stable IPv6 IID
   containing a link layer address.  That is, this document does not
   change any existing recommendations concerning the use of temporary
   addresses as specified in [RFC4941], nor does it introduce any new
   requirements regarding when stable addresses are to be configured.
   Thus, the recommendations in this document simply improve the
   security and privacy properties of stable addresses.

At least to me, this is not the same as "this recommendation is only
for environments where address stability is needed".  So I tried to
understand the actual intent with followup questions, but the
subsequent discussions only introduced more confusion for me (because
of discussions on other points like whether using randomized
link-layer address is "extremely bad").

> Would it help with some sort of clearer applicability statement in
> this document? Can you propose text?

I've been unwilling to propose text as I didn't even understand the
authors' actual intent, but if it's actually that "it says what an
implementation SHOULD do _iff_ a stable IID is to be generated", I'd
suggest revising the above paragraph as follows:

   The recommendations in this document apply only in cases where
   implementations otherwise would have configured a stable IPv6 IID
   containing a link layer address.  For example, this document does
   not change any existing recommendations concerning the use of
   temporary addresses as specified in [RFC4941], nor do the
   recommendations apply to cases where the link layer address is not
   stable (e.g., it is periodically randomized) in the first place,
   nor does it introduce any new requirements regarding when stable
   addresses are to be configured.  Thus, the recommendations in this
   document simply improve the security and privacy properties of
   stable addresses.

If the intent of this document is really just that it applies iff a
stable IID is to be generated and does not make any judgment on, e.g.,
use of randomized link-layer addresses, this proposed text shouldn't
be a problem for anyone. (for some, it may seem to say the obvious and
therefore redundant, but given that whether randomized LL address is
good or bad was so controversial here, I think it's helpful to
explicitly clarify that).  But I was not sure if it's really
acceptable, especially for the authors, by seeing opinions like
the "extremely bad" comment.

To be clear, I'm not particularly an advocator of the use of
randomized link-layer addresses.  But I've seen this as one central
point concerning how to move forward for this document, so I believe
we should be at least clear on this in the document text.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email