Re: 64bit MAC addresses and SLAAC

[Alexandre Petrescu <alexandre.petrescu@gmail.com>]

Le 17/06/2020 à 19:52, otroan@employees.org a écrit :
> Fred,
> 
>>>> Fernando, I think an unspoken assumption in these past several
>>>> messages is that privacy is ALWAYS a required property.
>>>> However, there are cases where address privacy is not only not
>>>> required, but it is also desirable and useful to be able to 
>>>> track a node by a stable and unchanging IP address or prefix.
>>>> 
>>>> This is not intended to challenge the non-use of MAC addresses
>>>> in Interface Identifiers per your documents, but just to say
>>>> that in some environments the randomization and constant
>>>> changing of IP addresses may actual run counter to operational
>>>> objectives.
>>> 
>>> Implementations and operational deployments or other link-types
>>> are of course free to choose whatever recommendation (or none) 
>>> for default IID generation. IID mechanisms are not protocol
>>> specifications. They are recommendations taking various
>>> parameters into account (stability, tracking etc). These are not
>>> required for interoperability. Configure IIDs manually if you
>>> like.
>> 
>> You seem to be acknowledging my point that privacy is not always a
>> required property, and that in some environments stability,
>> tracking, etc. are desirable. And, for those types of environments,
>> placing a constant-value token somewhere in the address (whether
>> it came from a hardware code, administrative setting or algorithmic
>> generation) should be fine. Did I understand correctly?
> 
> Yes, largely. Strictly speaking, standardizing mechanisms for
> generating IIDs is in the grey area of over-specifying.

YEs, gray area, but probably not over-specifying.

For comparison, ULA specs do suggest three alternative methods for
generating the subnet ID part of the address.

> Look at it as general recommendations, if you don't know better. And
> we have always supported manual configuration of course.

True.

I want to tell why I did not feel overwhelmed by over-specification, but
rather I feared hardcoding, and fear of reducing flexibility.

We looked for the place in linux which forces the 64bit limit in SLAAC.
  We found it and we wondered what to put in these - potentially 66 -
bits of an IID?   The immediate thought was to put there random numbers.
  These random numbers seemed natural to several of us.  And they offer
privacy.

But is it the right thing to do?

If we do that (put random numbers in a variable length IID) that's what
gets fixed there again for years.

If we put random numbers in there then for years again the users will
find it difficult to remember those scrambled numbers when typing ifconfig.

If we put random numbers in there then for years again people will look
for easy to use, license-free, platform-independent, high performance,
speedy, C standard, less energy consuming, almost-true random,
primitives to call; and their seeds.

This is how I came to that idea that maybe a MAC address could also be a
potential source of data to put in the IID: take 64bits of a MAC address
and stick two zeros into it to make a 66bit IID.  Or some other variant,
depending on the need of the length of the IID.

Somnething that is quick to implement.

Alex

> 
> Best regards, Ole 
> -------------------------------------------------------------------- 
> IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> Requests: https://www.ietf.org/mailman/listinfo/ipv6 
> --------------------------------------------------------------------
>