IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 19 May 2016 08:09 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D714F12B03E for <ipv6@ietfa.amsl.com>; Thu, 19 May 2016 01:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.333
X-Spam-Level:
X-Spam-Status: No, score=-5.333 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_HI=-5, SPF_SOFTFAIL=0.665] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zpFHlT7gnPcj for <ipv6@ietfa.amsl.com>; Thu, 19 May 2016 01:09:32 -0700 (PDT)
Received: from cirse-out.extra.cea.fr (cirse-out.extra.cea.fr [132.167.192.142]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42ECB12D0CA for <ipv6@ietf.org>; Thu, 19 May 2016 01:09:32 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by cirse.extra.cea.fr (8.15.2/8.15.2/CEAnet-Internet-out-2.4) with ESMTP id u4J89Uer011665 for <ipv6@ietf.org>; Thu, 19 May 2016 10:09:30 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 53A8E206856 for <ipv6@ietf.org>; Thu, 19 May 2016 10:09:32 +0200 (CEST)
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 4A8D1206827 for <ipv6@ietf.org>; Thu, 19 May 2016 10:09:32 +0200 (CEST)
Received: from [10.8.34.184] (is227335.intra.cea.fr [10.8.34.184]) by muguet2.intra.cea.fr (8.15.2/8.15.2/CEAnet-Intranet-out-1.4) with ESMTP id u4J89TNg005224 for <ipv6@ietf.org>; Thu, 19 May 2016 10:09:29 +0200
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: ipv6@ietf.org
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <CAJE_bqdZ_D7jsDdWQ2FJpLH9cXveYfcye0W2J_mSi-7bYBrOKA@mail.gmail.com> <B849F263-9F99-48E8-B903-8FE7D2CDF277@cooperw.in> <CAJE_bqd1AWOuwvQcGzHg+dAWoump29g14HEA1BoVErXDXSMxaw@mail.gmail.com> <573BCFD0.8090801@si6networks.com> <CAJE_bqfKUbO7C6LnxOOUCVBU9e679_=159Yu6Ti0zhOGDuw98Q@mail.gmail.com> <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <e50d97c2-5fd3-a73b-355a-093814750d40@gmail.com>
Date: Thu, 19 May 2016 10:09:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0
MIME-Version: 1.0
In-Reply-To: <A1111BEA-C14C-4574-9214-3D9B5500FEA1@cooperw.in>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/fzEtgzoLBU1rLLVTg4Ct2WfN5X8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 May 2016 08:09:35 -0000


Le 19/05/2016 à 07:19, Alissa Cooper a écrit :
>
>> On May 18, 2016, at 4:22 PM, 神明達哉 <jinmei@wide.ad.jp> wrote:
>>
>> At Tue, 17 May 2016 22:13:36 -0400, Fernando Gont
>> <fgont@si6networks.com> wrote:
>>
>>>> From this one, and your response to the next point, it seems
>>>> you are saying the decision was to refuse to address that
>>>> concern.  Am I understanding it correctly?
>>>
>>> No. My take is that the concern is flawed. Please read
>>> draft-gont-predictable-protocol-ids, and even RFC4941, which
>>> talks at length about security and privacy issues regarding
>>> reusing identifiers in different context, for different scopes,
>>> etc.
>>>
>>> Let's call a lemon a lemon: Asking to embed a layer-2
>>> identifier/address in a layer-3 address is extremely bad.
>>
>> I don't have a strong position on this matter itself, but my
>> understanding of the sense of the wg is that this is
>> controversial, and at least far from a clear consensus.  To repeat
>> myself, *my* concern on this last call is that it's not even clear,
>> at least to me, if this draft tries to say embedding a link-layer
>> address is, whether it's randomized or not, "extremely bad" (and
>> must therefore be prohibited).  If that's the intent, it should be
>> clearly stated
>
> The draft makes just about a clear a statement in this vein as is
> possible:
>
> "By default, nodes SHOULD NOT employ IPv6 address generation schemes
> that embed the underlying link-layer address in the IID.”
>
> Note that this statement does not prohibit anything, nor does it make
> a normative (in the moral sense) judgment. It just states the
> recommendation, which is the point of the document.
>
> I appreciate that not everyone on the list agrees with this
> recommendation. But I find the claim that this recommendation is
> unclear

I think that recommendation is too generic.

I think it should say:
"If a human user can be reassured during a privacy worry (avoid
  traceability of IP address by surveillance or commercial interests) -
  the EUI-64 SHOULD NOT contain the company_id (the first three octets),
  nor 0xFFFE, nor the last three octets of the Ethernet address"
  - and add it to RFC2464 section 4:
    https://tools.ietf.org/html/rfc2464#section4

I think on some non-Ethernet links there are some 48bit identifiers
which are not assigned by IEEE, but imagined by programmers. They are
not used as a link-layer address (they are not in src/dst headers of
link-layer messaging), but are there only to fill in IPv6 data
structures. Some times they are based on hints, other times they are
random. When they are Unix rand(), and if this can reassure the privacy
worry of a user: they could be put in the IID.

Alex

> to be difficult to understand. That is, I can’t think of a way to
> convey the same recommendation that would be clearer. If you can,
> please suggest text.
>
> Alissa
>
>
>> and backed by a clear consensus from the wg.  Right now I don't see
>> either such a clear statement or clear wg consensus.
>>
>> -- JINMEI, Tatuya
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email