Re: "RFC4941bis" and draft-gont-6man-non-stable-iids
Tim Chown <Tim.Chown@jisc.ac.uk> Thu, 20 July 2017 12:42 UTC
Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3DA1317D5 for <ipv6@ietfa.amsl.com>; Thu, 20 Jul 2017 05:42:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jisc.ac.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71XNJbgO6H_x for <ipv6@ietfa.amsl.com>; Thu, 20 Jul 2017 05:42:24 -0700 (PDT)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [146.101.78.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B8661315FF for <6man@ietf.org>; Thu, 20 Jul 2017 05:42:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc.ac.uk; s=mimecast20170213; t=1500554542; h=from:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:in-reply-to:references; bh=am2DfnGPevuu95Q2CntujI+d0I2tf0DN2sWgX3fkqcA=; b=eHG/vhm8lisG3qbHppd3VFPPyX8dqe6HVH9y69WEcwgGmRIXsA8ocx8jmmXO8jCH6GOn31FDU5hy70ecK/hCz+uMY3sDEe3IFz35xPAAiFZR+OBSpsGxevZiuHJnf4ugdwVmO9cZ1iE070CN0up5OCNlcevsuzrYjeIBWby+Cyc=
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp0208.outbound.protection.outlook.com [213.199.154.208]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-49-KrrGcLB7NtWwrvcbTZ6ftQ-1; Thu, 20 Jul 2017 13:42:19 +0100
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1172.eurprd07.prod.outlook.com (10.163.188.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1282.4; Thu, 20 Jul 2017 12:42:17 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::b8a2:fb24:484f:ba3]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::b8a2:fb24:484f:ba3%13]) with mapi id 15.01.1282.011; Thu, 20 Jul 2017 12:42:17 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Fernando Gont <fgont@si6networks.com>
CC: Suresh Krishnan <suresh.krishnan@gmail.com>, "6man@ietf.org" <6man@ietf.org>
Subject: Re: "RFC4941bis" and draft-gont-6man-non-stable-iids
Thread-Topic: "RFC4941bis" and draft-gont-6man-non-stable-iids
Thread-Index: AQHS/9WLcUlWmq4/K0ml7V6v7zatO6Ja/D+AgAAhKwCAADMrAIABEhiAgAAtRgCAAAjCAIAABr4AgAAMHIA=
Date: Thu, 20 Jul 2017 12:42:17 +0000
Message-ID: <F74A1A9A-1CAD-4BFB-8402-9F793A3C0982@jisc.ac.uk>
References: <4d1ef3d1-1c21-ec76-7c1b-7bb0f5eaa805@si6networks.com> <51F41F55-27B2-43BC-9199-FBE59B98BCFB@jisc.ac.uk> <f227bbe9-c038-185c-7868-67c9a6a89d5d@si6networks.com> <D4D7CEFD-AB01-41A4-A874-B0D8A485A4C8@jisc.ac.uk> <BF53B560-5B04-4656-BC3C-C789E809DC50@gmail.com> <6a64b2ad-6cc6-40e3-efa1-dee2eb2206cf@si6networks.com> <71446686-1B03-4A06-B4D3-74AFF6B98C14@jisc.ac.uk> <2d54e5d5-b69d-e43b-8559-1c6b5de8e58b@si6networks.com>
In-Reply-To: <2d54e5d5-b69d-e43b-8559-1c6b5de8e58b@si6networks.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3273)
x-originating-ip: [2001:67c:370:128:78a0:2885:9daa:b38e]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1172; 20:qsZVBTGZwjXXNJ/+MFatnGkZbmMxYqeTX7gLXZ1e2JKDpESdUuThyLOaJFXMmPTgyulXaihYMHXtzFMPEDE72XlqPYuvmbJEO1smNg9nsRfqUxsYnKYHTkCYFMxMKzNbHMidG4HMFL7A+PWnDZPHnynYEav63yP5vw6AdvXYSX0=
x-ms-office365-filtering-correlation-id: 91099899-6f16-42a4-8a33-08d4cf6cc136
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:AM3PR07MB1172;
x-ms-traffictypediagnostic: AM3PR07MB1172:
x-exchange-antispam-report-test: UriScan:(274715658323672)(278178393323532)(236129657087228)(192374486261705)(788757137089)(48057245064654)(148574349560750)(167848164394848)(247924648384137);
x-microsoft-antispam-prvs: <AM3PR07MB11726E4893121E5614BA400DD6A70@AM3PR07MB1172.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(2017060910075)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6041248)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM3PR07MB1172; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM3PR07MB1172;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39840400002)(39410400002)(39400400002)(39450400003)(377454003)(24454002)(6916009)(74482002)(6436002)(42882006)(2950100002)(83716003)(5660300001)(53546010)(7736002)(6246003)(2900100001)(102836003)(229853002)(561944003)(50986999)(6116002)(99286003)(39060400002)(6512007)(305945005)(38730400002)(5250100002)(53936002)(54906002)(72206003)(14454004)(8936002)(50226002)(3280700002)(86362001)(8676002)(6486002)(3660700001)(93886004)(36756003)(76176999)(230783001)(110136004)(478600001)(6506006)(2906002)(33656002)(189998001)(57306001)(4326008)(82746002)(81166006)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1172; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <3D771C527C3FA24DAC5E07C453EEF182@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2017 12:42:17.0452 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1172
X-MC-Unique: KrrGcLB7NtWwrvcbTZ6ftQ-1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/j9v6XW4zoA81-sN0r1iR2GLrpvg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 12:42:27 -0000
> On 20 Jul 2017, at 12:58, Fernando Gont <fgont@si6networks.com> wrote: > > On 07/20/2017 02:34 PM, Tim Chown wrote: >>> On 20 Jul 2017, at 12:03, Fernando Gont <fgont@si6networks.com> wrote: >>> >>> On 07/20/2017 11:21 AM, Suresh Krishnan wrote: >>>> Hi Tim, >>>> >>>>> On Jul 19, 2017, at 6:00 PM, Tim Chown <Tim.Chown@jisc.ac.uk >>>>> <mailto:Tim.Chown@jisc.ac.uk>> wrote: >>>>> >>>>>> On 19 Jul 2017, at 13:57, Fernando Gont <fgont@si6networks.com >>>>>> <mailto:fgont@si6networks.com>> wrote: >>>>>> >>>>>> On 07/19/2017 01:58 PM, Tim Chown wrote: >>>>>>>> On 18 Jul 2017, at 15:52, Fernando Gont <fgont@si6networks.com >>>>>>>> <mailto:fgont@si6networks.com>> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Folks, >>>>>>>> >>>>>>>> Among the list of RFCs to be progressed to full std is/was RFC4941 >>>>>>>> ("Privacy Extensions for Stateless Address Autoconfiguration in >>>>>>>> IPv6"). >>>>>>>> >>>>>>>> As it stands, RFC4941 has a number of issues: >>>>>>>> >>>>>>>> * Using the same IID for multiple prefixes * Not changing the IID >>>>>>>> upon "security events" (including e.g., change in the underlying >>>>>>>> MAC address) * Using MD5 as opposed to something better * Requiring >>>>>>>> the use of temporary addresses along stable addresses (preventing >>>>>>>> use of temporary-only, for nodes that feel like) * Not treating >>>>>>>> IIDs as opaque values (see RFC7136) when generating the randomized >>>>>>>> IIDs (see step 3 in section 3.2.1 of RFC4941) * Mandating one >>>>>>>> specific algorithm, when the same goals/properties can be achieved >>>>>>>> with multiple algorithms (see section 4 of >>>>>>>> draft-gont-6man-non-stable-iids-01) >>>>>>>> >>>>>>>> >>>>>>>> Based on the above, I personally don't think that it would make >>>>>>>> sense to progress RFC4941 to Internet Standard, but rather think >>>>>>>> that we should work on a replacement of it -- our proposal being >>>>>>>> draft-gont-6man-non-stable-iids-01. >>>>>>>> >>>>>>>> Thoughts? >>>>>>> >>>>>>> Certainly any update on 4941 needs to be done in the light of a few >>>>>>> deficiencies that have emerged over the years, and the publication of >>>>>>> RFC7217. >>>>>>> >>>>>>> I think it’s still possible to do a -bis off 4941. >>>>>> >>>>>> My questions would be: >>>>>> >>>>>> 1) Can you actually address the aforementioned deficiencies without >>>>>> significant changes to RFC4941? -- It would seem to me that in order to >>>>>> address them, rfc4941bis would not be a bis document anymore. >>>>>> >>>>>> 2) If you were to address such deficiencies, could the bis document be >>>>>> progressed to Internet Standard? -- My assessment of this question >>>>>> is: No. >>>>>> >>>>>> If RFC4941 would take significant work, and the end result would >>>>>> actually be significantly different from what's in RFC4941, then I'm not >>>>>> sure that'd be different than starting from the I-D we already have... >>>>> >>>>> Just to be clear, I like the material in your new draft. >>>>> >>>>> That said, it seems you could do a similar style of update from 3041 >>>>> to 4941, with a similar structure; the content is there in your draft, >>>>> it “just" needs to be merged in. >>>>> >>>>> That would mean obsoleting 4941, just as 4941 obsoleted 3041. So you >>>>> would include the details in 4941 that would carry forward. >>>> >>>> <AD hat off>. I agree. If we are planning a drop in replacement to >>>> RFC4941 creating a bis document from there is the right thing to do. >>> >>> Can you explain your rationale? (along with answering the two questions >>> I posed to Tim). >>> >>> RFC4941 can be summarized as consisting of two parts: >>> >>> 1) A discussion of privacy implications of Identifiers, and of IIDs in >>> particular >>> >>> 2) Specification of an algorithm to generate the IID >>> >>> >>> "1)" was much needed when RFC3041 was published, and then carried to >>> RFC4941 (when it was probably still needed). Nowadays, the security and >>> privacy properties of IPv6 addresses are discussed more thoroughly (and >>> in more dimensions) in RFC7721. And the discussion of identifiers in >>> documents such as RFC6973 and draft-gont-predictable-numeric-ids >>> (besides the fact that one can always refer back to RFC3041 or even >>> RFC4941 for such discussion, in the same way we referenced RFC3041 in >>> RFC7721). >>> >>> When it comes to "2)", if you really want to address the issues found in >>> RFC4941, essentially you need to replace the algorithm with something >>> else. One may tweak a few things here and there (e.g., the update we >>> propose in our I-D), but still there are drawbacks in RFC4941 that >>> cannot be addressed without fundamentally changing the algorithm (for >>> instance, RFC4941 has notable drawbacks when compared to simply >>> generating the IID as a random number that is not tied to previously >>> selected IIDs). If one were to do rfc4941bis, such document could not be >>> progressed to STD. And since there are better and/or alternative >>> approaches for generating temporary addresses, I'm not sure what would >>> be the benefit here. >> >> But the structure of your document is exactly the same as 3041 and 4941: >> >> 3. Problem statement . . . . . . . . . . . . . . . . . . . . . . 3 >> 4. Generation of Temporary IPv6 Addresses . . . . . . . . . . . 6 >> 5. Update to existing RFCs . . . . . . . . . . . . . . . . . . . 8 >> >> Basically, it's “the problem” and “generating temporary addresses”. >> >> I think we are discussing two things that are actually quite similar in structure. > > Just trying to get a clear picture in my head: Does the discussion boil > down to renaming "draft-gont-6man-non-stable-iids" to > "draft-gont-6man-rfc4941bis"? > > My mental model is that a bis document essentially incorporates errata > and minor changes to a previous RFC. But this doesn't seem whre we want > to go here. I think the purpose and spirit are very similar though, just with a few years of extra experience. One of the RFC4941 authors is explicitly copied above; have a chat :) (That’s what I did for example with 6724 and 6434-bis) Tim
- "RFC4941bis" and draft-gont-6man-non-stable-iids Fernando Gont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Mark Smith
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Tim Chown
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Francis Dupont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Fernando Gont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Tim Chown
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Suresh Krishnan
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Fernando Gont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Fernando Gont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Tim Chown
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Lorenzo Colitti
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Fernando Gont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Tim Chown
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Francis Dupont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… 神明達哉
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Brian E Carpenter
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Francis Dupont
- AW: "RFC4941bis" and draft-gont-6man-non-stable-i… Johanna Ullrich
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Fernando Gont
- Re: "RFC4941bis" and draft-gont-6man-non-stable-i… Fernando Gont