Re: Status of Privacy Extensions for Stateless Address Autoconfiguration in IPv6
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 02 April 2020 13:57 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCA4E3A12E6 for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 06:57:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.668
X-Spam-Level:
X-Spam-Status: No, score=0.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WgQii_Qtvtbc for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 06:57:37 -0700 (PDT)
Received: from cirse-smtp-out.extra.cea.fr (cirse-smtp-out.extra.cea.fr [132.167.192.148]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB8423A12E2 for <ipv6@ietf.org>; Thu, 2 Apr 2020 06:57:36 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 032DvWmV021646; Thu, 2 Apr 2020 15:57:32 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id C97D3209F12; Thu, 2 Apr 2020 15:57:32 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id BA5C2201BF0; Thu, 2 Apr 2020 15:57:32 +0200 (CEST)
Received: from [10.11.240.70] ([10.11.240.70]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 032DvWJu018913; Thu, 2 Apr 2020 15:57:32 +0200
Subject: Re: Status of Privacy Extensions for Stateless Address Autoconfiguration in IPv6
To: Fernando Gont <fernando@gont.com.ar>
Cc: ipv6@ietf.org
References: <02C1F5E2-2CA6-4555-8623-D11E82A0B4E7@gmail.com> <b36015ea-6de5-f562-1328-0a047b1ad6ee@gmail.com> <2931a700-51e9-88bf-a3a6-113b3bdeaaa4@gmail.com> <007cd7e4-6a37-604b-2c25-940cfb2f0e79@si6networks.com> <aec5b715-8690-1922-8ec1-90b9de5a53a7@gmail.com> <0c6cd194-82d3-9b46-62a6-5aed9ee17715@gmail.com> <898c6a5b-2bf5-3bc0-f716-41f6e0ac60d9@gont.com.ar> <3e77d493-4d87-1d70-b69b-5f78c7424690@gmail.com> <5b01eaea-ff09-a771-f4ae-8ffcc5d18b07@gont.com.ar> <69c9b8b8-f945-aafd-4da0-899c1d49e7f3@gmail.com> <f50bd922-447c-ce50-c0a5-7a8fedbd8475@gont.com.ar>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <909882b4-4dc3-a2b2-31a8-950f1f1d6109@gmail.com>
Date: Thu, 02 Apr 2020 15:57:32 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <f50bd922-447c-ce50-c0a5-7a8fedbd8475@gont.com.ar>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/_k4fC_zCBn0ZiqnCFPC8NeTmB4I>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 13:57:39 -0000
Le 02/04/2020 à 15:47, Fernando Gont a écrit : > On 2/4/20 10:32, Alexandre Petrescu wrote: >> >> Le 02/04/2020 à 15:16, Fernando Gont a écrit : >>> Alexandre, >>> >>> On 2/4/20 09:54, Alexandre Petrescu wrote: >>>> Le 02/04/2020 à 14:39, Fernando Gont a écrit : >>>>> On 2/4/20 09:25, Alexandre Petrescu wrote: >>>>>> would it it be possible to specify this: >>>>>>> However, the method discussed in >>>>>>> this document could be employed for generating >>>>>>> Interface IDs >>>>>>> of any arbitrary length, albeit at the expense of reduced >>>>>>> entropy (when employing Interface IDs smaller than 64 >>>>>>> bits) or enhanced entropy (when IID len longer than 64) >>>>>> >>>>>> (note 'IID longer than 64') >>>>> >>>>> Not sure what you mean. >>>>> 1) That's of course implied >>>>> 2) 2**64 is enough entropy for this kind of thing. Why would anyone >>>>> do that?? >>>>> >>>>> I miss the point you are trying to make... >>>> >>>> At some point you say less than 64 entropy might not be enough, and >>>> that a limit is not clear. >>> >>> Nope neither me nor the document says that. The document says the >>> obvious: the algorithm does not have any inherent requirement >>> regarding the IID length. Of course, if you change the IID length, >>> you change the entropy (the search space). (e.g., if you reduced the >>> IID length, the entropy would be reduced). >>> >>> >>>> But similarly, more than 64 entropy might be more than enough - you >>>> just dont say it. >>> >>> Let me put it bluntly: even 32 bits would be more than enough for this. >> >> Yes, write that down. I agree with you. I do not know why not >> writing it down. > > Because this is not a document to discuss IID lengths. The current specs > mandate /64. If that's changed, such document should do the appropriate > analysis. There's no reason for this document to do that. True. It might be this is not a right time to advance this document to IESG. Maybe address first that IID length in the IPv6 Addr Arch document. Until then, any privacy work might be irrelevant. Security is a chain: weakest link breaks it all. Alex, LF/HF 1 > > > > >>>> You say 'it is implied', but there is silence, actually. >>>> >>>> There is nothing in I-D RFC4941bis, nor in RFC7421, that talks about >>>> IID length longer than 64. >>> >>> 1) The current architecture doesn't have such a thing >> >> All IPv6-over-foo docs request it, and the IPv6 Addr Arch requests it. > > Exactly. There's no point in getting into a discussion about something > that's not even allowed in the current specs. > > > > [...] >>> 2) I personally don't think anybody would even think about IIDs >>> longer than 64 bits. 64-bit IIDs already waste a big part of the >>> address space. >> >> ?? No, I dont think so. >> >> I personally think IIDs longer than 64bit are absolutely necessary in >> some contexts. A SLAAC where a router that advertises a /56 in an RA, >> might need the Host to form a 72bit IID. > > Write a draft, and propose that change. Until that, this document need > to stick to existing specs. > > Thanks,
- Status of Privacy Extensions for Stateless Addres… Bob Hinden
- Re: Status of Privacy Extensions for Stateless Ad… Brian E Carpenter
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Fernando Gont
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Fernando Gont
- Re: Status of Privacy Extensions for Stateless Ad… Fernando Gont
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Fernando Gont
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu
- Re: Status of Privacy Extensions for Stateless Ad… Fernando Gont
- Re: Status of Privacy Extensions for Stateless Ad… Alexandre Petrescu