IETF Logo Mail Archive

Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 13 July 2017 23:31 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEBBF13173D for <ipv6@ietfa.amsl.com>; Thu, 13 Jul 2017 16:31:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x_i4YtIzhJZC for <ipv6@ietfa.amsl.com>; Thu, 13 Jul 2017 16:31:49 -0700 (PDT)
Received: from mail-pg0-x232.google.com (mail-pg0-x232.google.com [IPv6:2607:f8b0:400e:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B227129A97 for <ipv6@ietf.org>; Thu, 13 Jul 2017 16:31:49 -0700 (PDT)
Received: by mail-pg0-x232.google.com with SMTP id u62so36595602pgb.3 for <ipv6@ietf.org>; Thu, 13 Jul 2017 16:31:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=RPaprlcXNdPw4HbVJTYgXtU9tE3MhBXyN1SsTYaCtI0=; b=T7Noeoh1P9o9dkvHkYCNb6nI/IgK/pvH12KcDgE1aNKkugxm59rtf7Jih7lW2zI8Id YH9b/bGiZBgTGZJudbphGOEKwDHN40mMGglFJvssOcC2ho61AvUKDfO1YDS+E0fzS2IA tOpNtYSWWszJ80T4PUHoQwa3uRpxb21IPaRiMbFS5cMndkLFUDbAIwyYmXYDX8/mFSWV RQTslpn9jlKEZDBSrSQkCMcxHZT4CByU2eUANidX45edHiTl/uM/xo+9bt+8CRbxap9v XZljRh3297XDA+AV+sldm411ezLLWXVLjtTLVS5Ktn00WaSai+NER/2ksna27NpceV+9 KvjQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=RPaprlcXNdPw4HbVJTYgXtU9tE3MhBXyN1SsTYaCtI0=; b=idefNVatQgmiaYCMyo/N6DDm7L7Hi2I3nuq7AJdnwbikUPphLnXhshoNgvI0luZ26f 5fKGCOP/sfsows0YcnFogxlYLtBqy6tp3CaX5ZuIHrpwMmnEtSStC7PHZ7h3BowTMNn3 +TK2K6/sRwAfpZ5SwNoODWiRvP2x5+GRiGo4RximcZTRShUujCeFEq1hIJwyc0mXMYQd t4XHMkvs+5ZMGUiyoahheMOyxT1IrWCO6YqZojmZgmdUhN5oZoFqL3ruVD5p1Jefepme 9hS22nn2UvVBP7C9SGyD6G21IoJCYtjIVhAhbvd59lrJEvkONP2DQn0xT7Ck+EDgOjBQ P+2w==
X-Gm-Message-State: AIVw112fHGNIfvscsYGvdkQFQpiE54e+2w39txifPI3bZCvzB7lnH6Aw lV84LQ1E3J15BY5hPjA=
X-Received: by 10.98.133.16 with SMTP id u16mr2097617pfd.140.1499988708420; Thu, 13 Jul 2017 16:31:48 -0700 (PDT)
Received: from ?IPv6:2406:e001:55f4:1:28cc:dc4c:9703:6781? ([2406:e001:55f4:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id w87sm13765665pfk.100.2017.07.13.16.31.46 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jul 2017 16:31:47 -0700 (PDT)
Subject: Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
To: Philip Homburg <pch-ipv6-ietf-4@u-1.phicoh.com>, ipv6@ietf.org
References: <CAN-Dau2zgthR2w9e5ZVUdGc-vm+YvK2uTUJ8O=vrcv0jNc58RA@mail.gmail.com> <CAKD1Yr2+Si_tzNF8p6ASf4=StgFSX9Gm3TEj9iiqdE2gHQaNmQ@mail.gmail.com> <CAN-Dau03r_CKW53kegaLa=F_R_RG4cWaCT1j6idrqPm9UuN03A@mail.gmail.com> <5963BF27.1050300@foobar.org> <ff09ffcd-df65-4033-8018-fbe7ae98cff8@gmail.com> <6bf7f3d0e9c047b1b86d4bcc220f8705@XCH15-06-11.nw.nos.boeing.com> <CAN-Dau1bxm5y0v_6kUBc_ym39bSSxepjdwrzcS7YHWD=CV9-bw@mail.gmail.com> <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com> <CAO42Z2x+282VK7nMFHjcCz9tBmJ_=d4OhkiRZFZDLcZhakGB1Q@mail.gmail.com> <30cb27b2-007a-2a39-803d-271297862cae@gmail.com> <40d757eb97564bc8bb0511063bd9d3f4@XCH15-06-11.nw.nos.boeing.com> <CAO42Z2x7ER2fUietjT3Ns-jpCqscCmVDVubiM0Dgw1_L0bkw=A@mail.gmail.com> <c7b140bf69104cd3877a7da03fbf17e7@XCH15-06-11.nw.nos.boeing.com> <32924d19-e5ce-7606-77f4-925b682065f5@gmail.com> <745583ab45bb407a9a210020a96773c5@XCH15-06-11.nw.nos.boeing.com> <m1dVbRc-0000GQC@stereo.hq.phicoh.net>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <b6da9e67-1f4e-8900-5a3b-575d0c6fd2fd@gmail.com>
Date: Fri, 14 Jul 2017 11:31:53 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <m1dVbRc-0000GQC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hVZQ6mWp8ZZF4DFokjnZg7yUS8Y>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 23:31:51 -0000

On 13/07/2017 22:33, Philip Homburg wrote:
>> The problem is that over time, way more IP addresses become necessary, not just a
>> few more. It's because so many more systems adopt IP, and become so much smarter
>> than they used to be. So you need flexibility to expand, not just in number of c
>> onnected devices, but also in the architecture of the network.
> 
> Using pseudo-random IIDs comes with the risk of collisions. So you have to waste
> lots of bits to get that risk down to an acceptable level. 

This is backwards. The goals of pseudo-random IIDs are to reduce the
probability that scanning attacks find hosts, and to reduce the risk
of IIDs being used to breach privacy.

If these goals are met, the collision probability will in any case
be low, so DAD failure will be exceedingly rare.

> It is a really bad
> trade-off if your ability to expand the network comes at the price of increased
> risk of collision.

That seems completely theoretical for any IID length that would be acceptable
under the above goals. If there's a significant risk of collision, the IID
is too short to protect against scanning attacks or address-based surveillance,
so is unacceptable anyway.

    Brian

v2.23.0 | Report a Bug | By Email