Re: Pseudorandom Flow Labels

Fernando Gont <fernando@gont.com.ar> Wed, 06 April 2011 18:45 UTC

Return-Path: <fernando.gont.netbook.win@gmail.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47CFE28C0D6 for <ipv6@core3.amsl.com>; Wed, 6 Apr 2011 11:45:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-lBKVvW+w-T for <ipv6@core3.amsl.com>; Wed, 6 Apr 2011 11:45:54 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by core3.amsl.com (Postfix) with ESMTP id 8795C28B23E for <ipv6@ietf.org>; Wed, 6 Apr 2011 11:45:54 -0700 (PDT)
Received: by ywi6 with SMTP id 6so817437ywi.31 for <ipv6@ietf.org>; Wed, 06 Apr 2011 11:47:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:message-id:date:from:user-agent :mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:openpgp:content-type:content-transfer-encoding; bh=Nd1rjkUOUjku7jHs6LKVoJXxc5J+0nVyetju2bY1E44=; b=lG9RgZv8R3ksGrhnydSpfv2PXdj1DjI9FY7enVy3nRgKqAu3ujkCtrquJm0jtD5TAY PqDX9yDULPVwuADi5Y1te+MZ04S+JBLOo8J76f2AM+Oe1XAg1XJIb2tj+63mjq8PI+37 vcHpLdv44aNelcoxE2d6a/H9lIiDraOycgkrw=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:openpgp:content-type :content-transfer-encoding; b=YQ0gIQNq4CJFMkA6I7RkubaDxGWVABJvlNz4YLdJJsqjBeljmn/i5WzlCGJTNekiYw hmDLLzBsD2MplAOje4Ngvf47X62EkkqYqAQHvsDeFQ6N2grYIsClrKGJtgllsz7u1Fk8 1ShOq071KHo5vPrY5fwqZSDeUpSIMz5zUz5cI=
Received: by 10.150.147.15 with SMTP id u15mr2379801ybd.327.1302115658389; Wed, 06 Apr 2011 11:47:38 -0700 (PDT)
Received: from [192.168.123.101] ([190.48.201.131]) by mx.google.com with ESMTPS id w1sm497467ybl.24.2011.04.06.11.47.34 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 06 Apr 2011 11:47:37 -0700 (PDT)
Sender: Fernando Gont <fernando.gont.netbook.win@gmail.com>
Message-ID: <4D9CB542.6010807@gont.com.ar>
Date: Wed, 06 Apr 2011 15:47:30 -0300
From: Fernando Gont <fernando@gont.com.ar>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: "Hemant Singh (shemant)" <shemant@cisco.com>
Subject: Re: Pseudorandom Flow Labels
References: <BD901061-96AC-4915-B7CE-2BC1F70861A5@castlepoint.net><201104052036.p35KaoHV019253@cichlid.raleigh.ibm.com><19204E85-5B6E-409C-B450-7E3AC5EF47FA@apple.com><201104052148.p35LmM9g019765@cichlid.raleigh.ibm.com> <9ED6022F-6863-4267-A268-C73240098539@apple.com> <5B6B2B64C9FE2A489045EEEADDAFF2C301391452@XMB-RCD-109.cisco.com>
In-Reply-To: <5B6B2B64C9FE2A489045EEEADDAFF2C301391452@XMB-RCD-109.cisco.com>
X-Enigmail-Version: 1.1.1
OpenPGP: id=D076FFF1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Thomas Narten <narten@us.ibm.com>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Apr 2011 18:45:55 -0000

Hi, Hermant,

On 05/04/2011 10:15 p.m., Hemant Singh (shemant) wrote:
> Snipped from RFC 4193 is this text.  "pseudo-randomly allocated global
> ID".  If pseudo-random was accepted in this RFC, why are we discussing
> pseudo-random again?  

Because the requirements are different. For RFC 4193, the IIDs must be
unpredictable to any host in the Internet. For FLs, they only need to be
unpredictable by off-path attackers.

For RFC4193, it wouldn't make sense to select them with a hash-based
approach such as the one in draft-gont-6man-flolabel-security, as while
you get incremental addresses, you could still be tracked. But this does
not apply to FLs -- see the et of requirements in one of my other posts.

Thanks,
-- 
Fernando Gont
e-mail: fernando@gont.com.ar || fgont@acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1