Re: Feedback on draft-gont-6man-stable-privacy-addresses-01

Fred Baker <> Sat, 14 April 2012 23:30 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5637221F861B for <>; Sat, 14 Apr 2012 16:30:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.766
X-Spam-Status: No, score=-110.766 tagged_above=-999 required=5 tests=[AWL=-0.167, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mvjkK3kvurQZ for <>; Sat, 14 Apr 2012 16:30:00 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id A6E7921F8610 for <>; Sat, 14 Apr 2012 16:30:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=2509; q=dns/txt; s=iport; t=1334446200; x=1335655800; h=subject:mime-version:from:in-reply-to:date:cc:message-id: references:to:content-transfer-encoding; bh=bMvbPBpdOhh6rhTokiVuW8m0croLfj+g0z14751Wq4E=; b=STF9+cvEBDTUR/nfV/JPNvmby6zD098/7FcYuh+7BonhhWU/nvp+IPX4 4A7jlniDW8C9vKvtuQ5CmhqrUSbKRfDp9GMZnxlxL8h1ukolpgYS7x+Fn ZqPL2f8pg33i/zv0ZjxoAH+G72cwwrjctdys70ykR4VF03v3F5ttHo7kn s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.75,423,1330905600"; d="scan'208";a="40589724"
Received: from ([]) by with ESMTP; 14 Apr 2012 23:30:00 +0000
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id q3ENTxYe002719; Sat, 14 Apr 2012 23:29:59 GMT
Received: from [] by (PGP Universal service); Sat, 14 Apr 2012 16:30:00 -0700
X-PGP-Universal: processed; by on Sat, 14 Apr 2012 16:30:00 -0700
Subject: Re: Feedback on draft-gont-6man-stable-privacy-addresses-01
Mime-Version: 1.0 (Apple Message framework v1084)
From: Fred Baker <>
In-Reply-To: <>
Date: Sat, 14 Apr 2012 16:29:30 -0700
Message-Id: <>
References: <> <1334276068.3945.408.camel@karl> <> <1334363774.3945.541.camel@karl> <> <> <> <>
To: Christian Huitema <>
X-Mailer: Apple Mail (2.1084)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Cc: Fernando Gont <>, " 6man" <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 14 Apr 2012 23:30:02 -0000

On Apr 14, 2012, at 4:20 PM, Christian Huitema wrote:
> 3) Privacy: the number should vary over time, to make it harder for Internet services to correlate sessions started by the same host.
> 4) Stability: the number should remain stable over time, so administrators can more easily manage which host is using what network service.
> Of course, stability and privacy are contradictory, so there must be a way for arbitraging that. That's the big issue to be dealt with by the specification of privacy addresses, i.e. whatever successor we write for RFC 3484. The arbitration will be resolving about how often host generate addresses, how many addresses they generate, and under what circumstances do they use one or the other. Let's assume for now that we just want to generate addresses once per subnet.

That pp mixes two things:
3484 Default Address Selection for Internet Protocol version 6 (IPv6).
     R. Draves. February 2003. (Format: TXT=55076 bytes) (Status: PROPOSED
4941 Privacy Extensions for Stateless Address Autoconfiguration in
     IPv6. T. Narten, R. Draves, S. Krishnan. September 2007. (Format:
     TXT=56699 bytes) (Obsoletes RFC3041) (Status: DRAFT STANDARD)

I agree that the arbitrage is largely about the rate of address generation. I should think that's a local matter; two otherwise-identical laptops sitting beside each other on a LAN could be different - one changing its address once a week, and the other changing its address for every TCP session. Apart from the impact of DAD, I don't see much harm in letting them do so.

> In principle, there are two ways to meet the unique per subnet requirement: use a number that is guaranteed to be unique by design; or use a large random number that is unlikely to collide with an existing allocation.

That's for global uniqueness. If all that is required is uniqueness in a subnet, something akin to that makes sense for the first guess, but after that it's all about DAD.

> Fernando's algorithm has several advantages. It uses a hash of a pre-allocated random number,

As I read it, section three item one calls for the use of the EUI-64 in use on the interface, which presumes that the interface is an IEEE 802 LAN. There are other interface types. I'd like to see that widened to a number *such*as* one of the set I specified.