IETF Logo Mail Archive

Re: 64bit MAC addresses and SLAAC

Mark Smith <markzzzsmith@gmail.com> Thu, 18 June 2020 22:04 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78EE13A1004 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 15:04:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.597
X-Spam-Level:
X-Spam-Status: No, score=-0.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ue4Ulx2NF3WY for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 15:04:18 -0700 (PDT)
Received: from mail-oi1-x22f.google.com (mail-oi1-x22f.google.com [IPv6:2607:f8b0:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 775693A1007 for <ipv6@ietf.org>; Thu, 18 Jun 2020 15:04:18 -0700 (PDT)
Received: by mail-oi1-x22f.google.com with SMTP id x202so6562401oix.11 for <ipv6@ietf.org>; Thu, 18 Jun 2020 15:04:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YnutYOW2CTkrJmUkdXdOryK1mQwreJJENx/RQ/2YNHM=; b=NUQFYa58Ce2QI9Bc3AUqXfdx+26GpCGXrFAEYyDVBHwXUb4In2OWI2whRVWiiTQF0n yVzXDS4k3RDfCnLpRbMFu0hgnz5o8hHG3hxsYiKJmGno0+YkDyK9czfFL/M7j1/JDLvk 0+AE2yEAneG1BrTIPt86wg1rYmh+wIwTSWdrAeB4B+ag3Kga9HnnvnVOf9kdAfTmrajL WQ6lqwIvfnHHfM2VC1bV8f7qfORV+vBfZM8y6Ddp1Dt/wXpGP38maa0UHJfJiwErve3J Bhz7RfxV8vF+mdzLXuhPaj7tgX5SKDNawWpXyw13hdNYuwVDAR70L5qpugd0P1iWuhk2 TNJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YnutYOW2CTkrJmUkdXdOryK1mQwreJJENx/RQ/2YNHM=; b=XQ2tKFvbYJAiSTMQ2sQqq0E1V0iPmYrTclLgT4u/oy3pPdC1STkEnwj85D9f016O6z A33LGjQc2yuuZfo6+xCTinZf1wPE61Ut7BcNeCzOvAUytFToYjwiNPiGLkM7p2wO8CQL 39mui4BqwYXKlTspfFazMa77dNlNMilsBxtpDHCSH56pMtLZusKVbjWs0nXbm39iVYrR xZAKNly2y1zRKQojfpFuigVk4rQomuaNwC5WQbIzv09MBIe8e4sXPNYA6DvIBPlHbL+H xp2qwRgo5C+Cikb1GOIkXqhnXU8cBsIa50f6t5sZSZ5cDISG89umIyzerY1mAy4k2fQ5 nJsQ==
X-Gm-Message-State: AOAM531YhWFkvRCSOjgOc5DTKxizlOPRUXYe+aQ7Q63bnumIRMuIh+Fx Gq/hiXBL/4Wvgryru+tTNx7tQ/xElIWe9Ko3sEo=
X-Google-Smtp-Source: ABdhPJzwYCjYrGrLLcK7ZReyiChN26Opl1V3K58qvaP8j8TiHytSpooWX77HfIkEF4FFLDUClbfTSj/+XBejiIYrybI=
X-Received: by 2002:a54:401a:: with SMTP id x26mr852486oie.54.1592517857751; Thu, 18 Jun 2020 15:04:17 -0700 (PDT)
MIME-Version: 1.0
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net> <CAAcx0vB8WZ+JneWk-TRKVF0PFPoYDZCEYqOCT_sc2W6ZqeeXNw@mail.gmail.com> <CAO42Z2xG8sD3A_pqVCD6YH6ZpYWwmbLJFvpCfVuU99EPGTSOdA@mail.gmail.com> <7854355a-3eca-0bc4-10bf-e9ec124e8fa6@gmail.com>
In-Reply-To: <7854355a-3eca-0bc4-10bf-e9ec124e8fa6@gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 19 Jun 2020 08:03:51 +1000
Message-ID: <CAO42Z2yMQAiEFhQ8r5g5NAUVjw6GHX0oJNCX0yz95p_qbt3ZGQ@mail.gmail.com>
Subject: Re: 64bit MAC addresses and SLAAC
To: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000035b64005a862f50f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/a6HW78GCWAjaTuQj5x98NmobOKc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 22:04:21 -0000

On Fri, 19 Jun 2020, 00:30 Alexandre Petrescu, <alexandre.petrescu@gmail.com>
wrote:

>
>
> Le 18/06/2020 à 09:50, Mark Smith a écrit :
> >
> >
> <snip>
> >
> >
> > So I have a couple of IoT IPv6 books from about 10 years ago, and they
> > talk about these battery powered devices having AES implementations to
> > encrypt the radio layer.
> >
> > So it seems AES was cheap enough to do in battery powered IoT devices 10
> > years ago, so I would assume it is even cheaper to do now.
> >
> > I understand crypto algorithms can also be used as a hash generator, so
> > perhaps the AES in these things can be used to generate hashes for
> > RFC7217 stable IDs.
>
> Probably AES is not an issue on some platforms, in terms of having
> enough cycles.
>
> But there are certainly computing&communicating platforms not powerful
> enough to run AES.
>

So IPv6 is probably not the right protocol for those devices.

It's great to try to use IPv6 for everything, but it doesn't mean IPv6 must
be used for everything.

IPv6 is a general purpose internetworking protocol, so it isn't going to be
optimal for all cases.

At some point, the compromises or costs of using IPv6 will outweigh the
benefits of using a general commodity protocol. At that point, the expense
of a better suited and more specific protocol to suit the problem protocol
is worth paying.

The IoT applications being discussed are local network only applications.
Since an internetworking protocol solves a much bigger problem -
internetworking hosts attached to a network of networks, using an
internetworking protocol to solve a local network application problem is
always going to involve a compromise - accepting a larger packet overhead
because of using an address space that is far larger than it needs to be to
solve the problem.

Unfortunately we don't really have a middle ground, general purpose, yet
local network only protocol. MPLS is close, but not really general purpose
enough.

Now that IPv4 can't solve the Internet internetworking problem (hence
invention of IPv6), perhaps we should repurpose it to use for local network
only application problems.

Regards,
Mark.



> And, it is not only a matter of energy consumption or time it takes to
> compute.
>
> There are very many additional aspects involved in using crypto
> technology, at all layers from 0 to Political.  Bind them all to an IP
> address?
>
> Alex
>
> >
> > Regards,
> > Mark.
> >
> >
> >
> >     Alternatively:
> >     keep link-layer addresses in IPv6 IIDs,
> >     without allowing unauthorized data collection from the nodes,
> >     by implementing access control to the nodes at the (mains-powered)
> >     border router.
> >
> >     Etienne
> >
> >     On Wed, Jun 17, 2020 at 11:54 PM Philip Homburg
> >     <pch-ipv6-ietf-6@u-1.phicoh.com
> >     <mailto:pch-ipv6-ietf-6@u-1.phicoh.com>> wrote:
> >
> >          >   Of course the caveat there with unmanaged network and SOHO
> >         and Mobile
> >          >where manual or DHCPV6 is not possible or viable.
> >
> >         Why is DHCPv6 not possible? Of course there is the Android
> problem.
> >         But I doubt that a low power IoT device would share a wifi-link
> >         with an
> >         Android device.
> >
> >          >    In those cases SLAAC is preferred, but then we have the
> >         crux of
> >          >    issue and the decision tree on privacy random IID and its
> >         overhead
> >          >    if its not necessary versus modified EUI64.
> >          >    tree of course the underlying operational impacts of random
> >          >    versus  stable IID double edged sword operator or
> individuals
> >          >    decision to pick which works best for their use case.  In
> the
> >          >    end net-net is what is simplest to deploy and least
> overhead
> >          >    but also meets the desired goal is generally the thought
> for
> >          >    picking the IID generation solution. For that SLAAC wins
> >         out in
> >          >    that decision for the use case described above.
> >
> >         A stable, unique pseudo random IID per prefix basically requires
> one
> >         SHA2-HMAC (or equivalent in SHA3 or other modern hash function)
> per
> >         prefix.
> >
> >         I cannot imagine that computing 2 SHA2 hashes has a significant
> >         amount
> >         of energy use compared to link attachment and duplicate address
> >         detection.
> >
> >         This computation is once per prefix, so it becomes an issue if
> the
> >         devices frequently attaches to new links. In which case tracking
> >         protection
> >         becomes important.
> >
> >         I also wonder, a device that cannot afford a couple SHa2 hashes?
> >         Then that
> >         device is probably insecure and should not be connect to the
> >         internet
> >         anyhow.
> >
> >
> >
>  --------------------------------------------------------------------
> >         IETF IPv6 working group mailing list
> >         ipv6@ietf.org <mailto:ipv6@ietf.org>
> >         Administrative Requests:
> https://www.ietf.org/mailman/listinfo/ipv6
> >
>  --------------------------------------------------------------------
> >
> >
> >
> >     --
> >     Ing. Etienne-Victor Depasquale
> >     Assistant Lecturer
> >     Department of Communications & Computer Engineering
> >     Faculty of Information & Communication Technology
> >     University of Malta
> >     Web. https://www.um.edu.mt/profile/etiennedepasquale
> >     --------------------------------------------------------------------
> >     IETF IPv6 working group mailing list
> >     ipv6@ietf.org <mailto:ipv6@ietf.org>
> >     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> >     --------------------------------------------------------------------
> >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email