IETF Logo Mail Archive

Re: Éric Vyncke's No Objection on draft-ietf-6man-rfc4941bis-11: (with COMMENT)

"Eric Vyncke (evyncke)" <evyncke@cisco.com> Wed, 21 October 2020 13:58 UTC

Return-Path: <evyncke@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7CD93A113D; Wed, 21 Oct 2020 06:58:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.601
X-Spam-Level:
X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=iA+K7UVn; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=n4CCQRS5
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZvHugnuLEUN; Wed, 21 Oct 2020 06:57:59 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E33FC3A0BB2; Wed, 21 Oct 2020 06:57:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7666; q=dns/txt; s=iport; t=1603288679; x=1604498279; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=7fHb8Q85DhNEntTYkjl5cIgoP2kX1zCDKTgSNtXLU8U=; b=iA+K7UVn+clFIB6mW7jw2ERs7/2z+0fJlUFEIQGW7bQitU44m7KCCXXF iWSfP9v0IgBgFcfVSnAULer6eVkee9jGerkni6ZR8aLd+OEP739ZSB7NN HgaTIu9LIxdggutKMCdabefW6LWGIFR94zyBHBtd5aIsZW2QZTlJeWhGC E=;
IronPort-PHdr: 9a23:JMnqJB9/k1qfLv9uRHGN82YQeigqvan1NQcJ650hzqhDabmn44+7ZhKN/vQzilLVQoLB6OkCgO3T4OjsWm0FtJCGtn1KMJlBTAQMhshemQs8SNWEBkv2IL+PDWQ6Ec1OWUUj8yS9Nk5YS93/OVvfvmK19z0JXB74MFk9KuH8AIWHicOx2qi78IHSZAMdgj27bPtyIRy6oB+XuNMRhN5pK706zV3CpX4bdg==
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CrCQABPpBf/40NJK1gHgEBCxIMQIMhKSgHgUkvLIQ8g0kDjVKYeoFCgREDVQsBAQENAQEtAgQBAYRKAheBcQIlOBMCAwEBCwEBBQEBAQIBBgRthWEMhXIBAQEBAgESEREMAQE3AQsEAgEIDgMDAQIDAiYCAgIwFQUDCAIEAQ0FIoMEgkwDDiABpCICgTmIaHaBMoMEAQEFhR4YghAJgQ4qgnKCYBI8QoIpG4QTG4FBP4ERJxyCTT6EIxoXgwAzgiyQDBqDLoo3mXkKgmqadAMfoVqEWY5gnAaELgIEAgQFAg4BAQWBayOBV3AVGiEqAYI+UBcCDY4fDBeBAgECgkmKVnQ4AgYBCQEBAwkBe4sGLIIaAQE
X-IronPort-AV: E=Sophos;i="5.77,401,1596499200"; d="scan'208";a="603945299"
Received: from alln-core-8.cisco.com ([173.36.13.141]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 Oct 2020 13:57:57 +0000
Received: from XCH-RCD-004.cisco.com (xch-rcd-004.cisco.com [173.37.102.14]) by alln-core-8.cisco.com (8.15.2/8.15.2) with ESMTPS id 09LDvvaD001839 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 21 Oct 2020 13:57:57 GMT
Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-RCD-004.cisco.com (173.37.102.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 21 Oct 2020 08:57:57 -0500
Received: from xhs-rcd-003.cisco.com (173.37.227.248) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 21 Oct 2020 08:57:56 -0500
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-003.cisco.com (173.37.227.248) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 21 Oct 2020 08:57:56 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EoxyPp5+LBSqM5vpht6sNSA3FCxFOznjDwWfh8M0e+1a3lVXwXEhHDO5Fof740JSxBYCcynd5BHANPppJsAHncNKBZIyAU2e0X6qZxiStY4yBqBq5x+GBk+JDI8fj8Ml+JiFfPObUHvB2TOFzh/iPm4esI/rCybY1GJmEX0XuiZoh2vZO6mdrk2pKByaun7/d47AJkNAGgvg1v7VWR0CPGkjYJ5+n/pfHcPUi/udDqmTG+MpIkaHk2LMm0H9oZTYF4YcmR9wXXBOaqR/OysXkMM3nnKP9qqKCFtyDvL5JZR4RqlG58MnwGlHNksaNmEOIyzGreNM8XRkyEXlsAHnmQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fHb8Q85DhNEntTYkjl5cIgoP2kX1zCDKTgSNtXLU8U=; b=axwRRCMiEQHa4Dlll5S3O3YGJ++C80zh4zirJlQNrC3l6+CzJqC81+kwgaOajJHFG8Ggnu0DjfDSWANTUY9H3zrYhBG+PLbfzGodHEpPo91rC4NQ+ooUCuTFFSusi0fYdMGkmR2NoUcs/E2U/uX5YzNsRDaIOM2hbTI0iVvKy7nkd9hh4okcE6GhLILTjFLIsSxFyTWjVMcpdklGXwLKf9Ix08rN69+claCeABoAT7Nog9GLBHBfyIFfnf6G0yl6Pxcw+yjYjESN02rc9o9AWxP+J0rxCiWSypyONFQWpi4kMPzIhklw8ATBWz5vSrPU/xDMI9cdK1ODuytmy4whOg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7fHb8Q85DhNEntTYkjl5cIgoP2kX1zCDKTgSNtXLU8U=; b=n4CCQRS5pGNKEUacOKOlU7iHhE+YQR3VqFA2yfqvyK1JQ4lsyQOYDwRW4wJUqciO2ymeYvyYIt2c7auxUYhK4uCpF+edRycQTFJbRolJcl8l0KkD7vpf2xHbnEw1vykov2oxdAavftkDdoopikR6AdOqDYyfMDpfl6pNUNvySWs=
Received: from PH0PR11MB4966.namprd11.prod.outlook.com (2603:10b6:510:42::21) by PH0PR11MB5000.namprd11.prod.outlook.com (2603:10b6:510:41::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.25; Wed, 21 Oct 2020 13:57:56 +0000
Received: from PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d]) by PH0PR11MB4966.namprd11.prod.outlook.com ([fe80::453b:b2f5:ec29:410d%7]) with mapi id 15.20.3499.018; Wed, 21 Oct 2020 13:57:55 +0000
From: "Eric Vyncke (evyncke)" <evyncke@cisco.com>
To: Fernando Gont <fgont@si6networks.com>, The IESG <iesg@ietf.org>
CC: "draft-ietf-6man-rfc4941bis@ietf.org" <draft-ietf-6man-rfc4941bis@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Ole Trøan <otroan@employees.org>
Subject: Re: Éric Vyncke's No Objection on draft-ietf-6man-rfc4941bis-11: (with COMMENT)
Thread-Topic: Éric Vyncke's No Objection on draft-ietf-6man-rfc4941bis-11: (with COMMENT)
Thread-Index: AQHWpuf6Npn+If5TI0yJ5gsvvpOnVKmgqroAgAGNVoA=
Date: Wed, 21 Oct 2020 13:57:55 +0000
Message-ID: <2CFEF9EF-B6D8-4DC2-A0CF-9E24B391F658@cisco.com>
References: <160320178355.3184.16508116906964100262@ietfa.amsl.com> <16b9a7d9-2547-c1bf-219a-10de721d05aa@si6networks.com>
In-Reply-To: <16b9a7d9-2547-c1bf-219a-10de721d05aa@si6networks.com>
Accept-Language: fr-BE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.42.20101102
authentication-results: si6networks.com; dkim=none (message not signed) header.d=none;si6networks.com; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [2001:420:c0c1:36:a4e0:a42f:3288:1d6f]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e9e9af38-9721-41bd-5422-08d875c94fbc
x-ms-traffictypediagnostic: PH0PR11MB5000:
x-microsoft-antispam-prvs: <PH0PR11MB500001F882732B168A62B7E1A91C0@PH0PR11MB5000.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: TLJYTwlegK0+zjEhjU69/gg1qCJPwINp5AF2P+wmA1B/K5krFqnqD2aKm+2k03VR0BF9xROsmLJVxa2UcRXBcjrcV7DgibV6Ge51WMM2fcNeGTcXC5r7CCDEwUsQXlFy4hrueVJBxBuM/5xjmn01N0D4jPIAQUqVKbIIm9n8BaJEhBqsEYDVJeee28VMxCZ8sazLYRUhI27SfSzRIa/TFiA5QpqZJx50qXwN3tNXH7pt1hPkiCnay4K/V/Jf6VMbP7f4InULK4JC7ofpEkS3ciBbwNYD2qGRjb4BJLrtHHKt8Esg34NMxN5t8/KZXdkfOSIfdwwcutFDttsdo945bA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR11MB4966.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(346002)(39860400002)(376002)(366004)(396003)(136003)(76116006)(186003)(71200400001)(36756003)(8936002)(6512007)(6506007)(66446008)(53546011)(54906003)(110136005)(5660300002)(66476007)(66556008)(66946007)(64756008)(2616005)(4326008)(478600001)(91956017)(224303003)(33656002)(86362001)(83380400001)(2906002)(66574015)(6486002)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: +Crln18GHyf5ftXRpUdfG6sTjdYW4khwoMAJOQBlVcLJEUCWDvk9RE7ylrc8BVzbZyEBlFfip9XYz93XbP+vKIlkMR9el05CBoETYS5GJHNKS4nVF3cBYzpht4OBErD32Bzl1k2FjZaz/dd4TWkTDQToZXunmbfsbtvPv6bcEhPt07V6+CJrPNPWeixcsKTagPsNJsIDy4AsE0d/h6Xanu+5fkhFeWovBDcOLppZngK34LB4t0Pt9x0IStjsZhFww862xepqIacKnRSG5YVC4K5pkaRAZ9cs8jMU0uOtzp0a5xKsb4PTxygBhPOYhZbtsMmECArY6K1Haad7d9TsRuKvc/EEeEkQdWXzA34gILIMRb4XFjLN4RwgmgtAer4kYZ94lgwk04a8QijaLgiYDQoswO1JcuolItutiph4doOB5Qj83nl2t0x52MXEdVyXojqG2skYPddSRprNvueeseMU4A2E3fyIhojefY4gZuHg4JMfMlXP+uUeipNf25VkK9CgJK5rkG2DJy5sRwndhuxXzCrwRCm9aUYX1hxpCeWXUlQW5ERLKmDcxjkdTpMH05fM1wcaKuygKRCKNpmeYe33ob7xRUds3DEtLh0MefiYhAumHKnd/9PezE2/SRyHe39jphV2LTQl8BuwggTYNt+2n5gJBB4BXE9f4X76dP1k70rZPlC24ZkapsJrgMzMxTqhKne80s5s/vF/ef/l/A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <2E09A4C0A973C94E9234A5DEF0A46C17@namprd11.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB4966.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e9e9af38-9721-41bd-5422-08d875c94fbc
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2020 13:57:55.8757 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: p6OirxXErFocaYeHuKxszIimJ7YgVV5uG1CeX0HLFLDeEw3EVhm6L+3VK/cawksx6H6l3NunlPQXaKmWGarghg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB5000
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.37.102.14, xch-rcd-004.cisco.com
X-Outbound-Node: alln-core-8.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hK5940p3N7yrDll-KUJF-6TQiso>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Oct 2020 13:58:01 -0000

Buenos dias Fernando,

As you know, all my COMMENT points were non-blocking; therefore, I really appreciate your replies and your proposed changes (I agree with all of them + one preference for an alternative text) => this should improve the document quality!

See inline for EV> for any additional comments. I have removed all lines where we are in agreement.

Regards

-éric

-----Original Message-----
From: Fernando Gont <fgont@si6networks.com>
Date: Tuesday, 20 October 2020 at 18:18
To: Eric Vyncke <evyncke@cisco.com>, The IESG <iesg@ietf.org>
Cc: "draft-ietf-6man-rfc4941bis@ietf.org" <draft-ietf-6man-rfc4941bis@ietf.org>, "6man-chairs@ietf.org" <6man-chairs@ietf.org>, "ipv6@ietf.org" <ipv6@ietf.org>, Ole Trøan <otroan@employees.org>
Subject: Re: Éric Vyncke's No Objection on draft-ietf-6man-rfc4941bis-11: (with COMMENT)

    Hello, Eric,

    Thanks a lot for your comments! In-line....

    On 20/10/20 10:49, Éric Vyncke via Datatracker wrote:
    [....]
 
   > I also appreciate the new section 3.7 where an admin can disable the mechanism.
    > Is there a reason why this document does not briefly compare its addresses with
    > RFC 7217 (stable address) ? It could be helpful for the reader.

    Such topic has been discussed at length in RFC7721.  That's why we've 
    referenced such document instead of trying to rehash the discussion.

EV> I agree that this document should not spend too much time in the comparison; but, when doing my IESG review I failed to see *where* in the document is the reference to this discussion in RFC 7721.

...%<....%<......  

  > 
    > Should link-local address generation also be considered here ? While the text
    > is clear about 'global', there is no clear indication that this document does
    > not apply to link-local addresses.

    The idea of this document was to revise RFC4941, addressing shortcomings 
    in said RFC. That's why the document remains the same wrt link-locals.

    That said, link-locals are a different problem space. e.g., there's not 
    much of a point in doing temporary addresses for link-locals if you 
    don't randomize link-layer addresses. For some technologies, randomizing 
    link layer addresses might force a network disconnect, etc.

EV> I still believe that it is worth mentioning even if only to avoid the EUI-64 based on MAC address for link-local (done in most OS AFAIK :-) ) but also keeping the same LLA when randomizing the MAC address is also kind of defeating the layer-2 privacy. We could talk for ever on this topic of course but my I kindly suggest to change the title of this document into " Temporary *Global* Address Extensions" (the abstract is clear about the coverage) and adding a few words on the importance of LLA ?

...%<....%<.....

    > -- Section 1.2 --
    > Should IPPIX collectors also be mentioned in the first bullet list ?

    WOuldn't that be somewhat included in bullet #1?

EV> up to you as authors, but for me the collector (== receive of IPFIX records) is not the monitor (== the node in bullet #1)


    > -- Section 3.6 --
    > Last paragraph "when an interface connects to a new (different) link, a new set
    > of temporary addresses MUST be generated immediately" seems to imply more than
    > 1 temporary address with the use of 'set' and the plural form. Unsure whether
    > it is the right behavior (esp if no RA-PIO are received yet).

    How about

    OLD:
        Finally, when an interface connects to a new (different) link, a new
        set of temporary addresses MUST be generated immediately for use on
        the new link.  If a device moves from one link to another, generating
        a new set of temporary addresses ensures that the device uses
        different randomized interface identifiers for the temporary
        addresses associated with the two links, making it more difficult to
        correlate addresses from the two different links as being from the
        same node.

    NEW:
        Finally, when an interface connects to a new (different) link,
        temporary addresses MUST be generated immediately for use on
        the new link.  If a device moves from one link to another, generating
        a new set of temporary addresses ensures that the device uses
        different randomized interface identifiers for the temporary
        addresses associated with the two links, making it more difficult to
        correlate addresses from the two different links as being from the
        same node.

    Xor, one might be more specific as in:

    NEW:
        Finally, when an interface connects to a new (different) link,
        existing temporary addresses for that interface MUST be
        eliminated, and new temporary addresses MUST be generated immediately
        for use on the new link, according to the algorithm in Section 3.4.
        If a device moves from one link to another, this will ensure that the
        device uses different randomized interface identifiers for the
        temporary addresses associated with the two links, making it more
        difficult to correlate addresses from the two different links as
        being from the same node.


    Thoughts?

EV> I prefer the 2nd alternative but the 1st one is also good IMHO

    > -- Section 6 --
    > If only this was not 'future work' but I agree, this is not up to this document
    > to specify such kernel API/implementation.

    Double-checking: No changes suggested here, right?

v2.23.0 | Report a Bug | By Email