Re: OPS-DIR review of draft-6man-stable-privacy-addresses-16

Fernando Gont <> Mon, 27 January 2014 14:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C79FF1A022F; Mon, 27 Jan 2014 06:00:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id xRDrbA50zkuz; Mon, 27 Jan 2014 06:00:49 -0800 (PST)
Received: from ( [IPv6:2a00:d10:2000:e::3]) by (Postfix) with ESMTP id 64A381A022E; Mon, 27 Jan 2014 06:00:48 -0800 (PST)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.82) (envelope-from <>) id 1W7mjy-0003DL-1i; Mon, 27 Jan 2014 15:00:42 +0100
Message-ID: <>
Date: Mon, 27 Jan 2014 10:23:50 -0300
From: Fernando Gont <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Tim Chown <>
Subject: Re: OPS-DIR review of draft-6man-stable-privacy-addresses-16
References: <> <EMEW3|8f37f1d5d449ce20468ee92a0af181faq0M16n03tjc||> <> <> <EMEW3|12f5e9bae279fcfd68e300eb7c33b88aq0NHE703tjc||>
In-Reply-To: <EMEW3|12f5e9bae279fcfd68e300eb7c33b88aq0NHE703tjc||>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 27 Jan 2014 14:00:52 -0000

Hi, Tim,

Thanks so much for your response! -- Please find mine in-line...

On 01/24/2014 02:13 PM, Tim Chown wrote:
>>> 2. In the algorithm section, there is a comment that interface names
>>> MUST remain the same across boots or down/up events for the stable
>>> privacy address to remain stable.
>> Strictly speaking, it says that Net_Iface MUST be constant. Then
>> Appendix A discusses possible sources for NetIface...
> It does seem that each of those sources listed in the Appendix may not
> be constant. That may of course depend on hardware as well as OS.

At the very least, I'd expect the MAC address to be constant.

> I guess there can be no 100% guarantee for all platforms, so the
> document should note that, and the implications.  For example, the last
> para in Section 1 could instead say:
> "This document specifies a method to generate Interface
> Identifiers that, subject to a constant/stable interface identifier
> being available, are stable/constant for each network interface within
> each prefix", or something like that.

I have no issues with adding this. Although I wonder if it really
represents reality. In most systems, you can apply ACLs based on the
interface name/index... so the lack of constant IDs for the interfaces
you mean that you couldn't really apply such ACLs.

If you still think that the aforementioned paragraph would help, I'd
probably add it as:

"This document specifies a method to generate Interface
 Identifiers that, subject to a stable interface identifier being
 available (see Appendix A), are stable for each network interface
 within each prefix"

(I've just added a reference to Appendix A, and removed the term
"constant", based on the discussions we have had for the
ipv6-addressing-privacy I-D).

>>> 3. I assume the IID may/will vary for a different OS run on the same
>>> host, e.g. where the host is dual-boot, or where a new OS installed
>>> (or the same OS re-installed). A different OS may well use a
>>> different F(), given that’s not specified.  With EUI-64, a dual-boot
>>> host would likely have the same address under either OS (well, not
>>> Windows any more…).  This may be worth making explicit.
>> This could be a pro or con, one might say.
>> I guess we could add something along the lines of:
>> "Since different implementation are likely to use different values for
>> secret_key, and may also employ different PRNGs for F() and different
>> surces for NetIface, we note that an a host that is dual-boot or that is
>> reinstalled may result in different IPv6 addresses for each OS and/or
>> installation."?
> That could work.  Or you could maybe have a section or subsection that
> documents cases where a stable IID can't be guaranteed.  The case above
> is one, and dual-boot or a reinstalled OS is another?  Are there other
> cases?

Rather than enumerating the cases, I'd probably add a "disclaimer" in
the Intro. How about this improved version of the text:

 "Since different implementation are likely to use different values for
  the secret_key parameter, and may also employ different PRNGs for
  F(), and different sources for the Net_Iface parameter, the
  addresses generated by this scheme should not expected to be constant
  across different operating system installations. For example, a host
  that is dual-boot or that is reinstalled may result in different IPv6
  addresses for each OS and/or installation."

>>> 4. The draft talks (in one place in Section 3) about stable privacy
>>> addresses being allocated by DHCPv6; some further discussion of how
>>> this might be achieved may be useful given the secret key is presumed
>>> to be generated on and reside on the host, not the DHCPv6 server.  Or
>>> would this be described in a separate future draft?
>> Yes, a future draft -- e.g. where the algorithm is computed by the
>> DHCPv6 server.
> So one thing to consider here is that unless the 'secret_key' is
> shared/copied between the host and the DHCPv6 server, a subnet which
> changes to/from DHCPv6 to/from RAs for address configuration will see
> the IID change.  Maybe this is a third case of the above...

I kind of think of DHCPv6 as a different world and "out of scope". But
please let me know if you think otherwise...


Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492