IETF Logo Mail Archive

Re: "RFC4941bis" and draft-gont-6man-non-stable-iids

Tim Chown <Tim.Chown@jisc.ac.uk> Thu, 20 July 2017 12:42 UTC

Return-Path: <tim.chown@jisc.ac.uk>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C3DA1317D5 for <ipv6@ietfa.amsl.com>; Thu, 20 Jul 2017 05:42:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.321
X-Spam-Level:
X-Spam-Status: No, score=-4.321 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=jisc.ac.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71XNJbgO6H_x for <ipv6@ietfa.amsl.com>; Thu, 20 Jul 2017 05:42:24 -0700 (PDT)
Received: from eu-smtp-delivery-189.mimecast.com (eu-smtp-delivery-189.mimecast.com [146.101.78.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B8661315FF for <6man@ietf.org>; Thu, 20 Jul 2017 05:42:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jisc.ac.uk; s=mimecast20170213; t=1500554542; h=from:subject:date:message-id:to:cc:mime-version:content-type:content-transfer-encoding:in-reply-to:references; bh=am2DfnGPevuu95Q2CntujI+d0I2tf0DN2sWgX3fkqcA=; b=eHG/vhm8lisG3qbHppd3VFPPyX8dqe6HVH9y69WEcwgGmRIXsA8ocx8jmmXO8jCH6GOn31FDU5hy70ecK/hCz+uMY3sDEe3IFz35xPAAiFZR+OBSpsGxevZiuHJnf4ugdwVmO9cZ1iE070CN0up5OCNlcevsuzrYjeIBWby+Cyc=
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01lp0208.outbound.protection.outlook.com [213.199.154.208]) (Using TLS) by eu-smtp-1.mimecast.com with ESMTP id uk-mta-49-KrrGcLB7NtWwrvcbTZ6ftQ-1; Thu, 20 Jul 2017 13:42:19 +0100
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com (10.163.188.14) by AM3PR07MB1172.eurprd07.prod.outlook.com (10.163.188.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1282.4; Thu, 20 Jul 2017 12:42:17 +0000
Received: from AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::b8a2:fb24:484f:ba3]) by AM3PR07MB1140.eurprd07.prod.outlook.com ([fe80::b8a2:fb24:484f:ba3%13]) with mapi id 15.01.1282.011; Thu, 20 Jul 2017 12:42:17 +0000
From: Tim Chown <Tim.Chown@jisc.ac.uk>
To: Fernando Gont <fgont@si6networks.com>
CC: Suresh Krishnan <suresh.krishnan@gmail.com>, "6man@ietf.org" <6man@ietf.org>
Subject: Re: "RFC4941bis" and draft-gont-6man-non-stable-iids
Thread-Topic: "RFC4941bis" and draft-gont-6man-non-stable-iids
Thread-Index: AQHS/9WLcUlWmq4/K0ml7V6v7zatO6Ja/D+AgAAhKwCAADMrAIABEhiAgAAtRgCAAAjCAIAABr4AgAAMHIA=
Date: Thu, 20 Jul 2017 12:42:17 +0000
Message-ID: <F74A1A9A-1CAD-4BFB-8402-9F793A3C0982@jisc.ac.uk>
References: <4d1ef3d1-1c21-ec76-7c1b-7bb0f5eaa805@si6networks.com> <51F41F55-27B2-43BC-9199-FBE59B98BCFB@jisc.ac.uk> <f227bbe9-c038-185c-7868-67c9a6a89d5d@si6networks.com> <D4D7CEFD-AB01-41A4-A874-B0D8A485A4C8@jisc.ac.uk> <BF53B560-5B04-4656-BC3C-C789E809DC50@gmail.com> <6a64b2ad-6cc6-40e3-efa1-dee2eb2206cf@si6networks.com> <71446686-1B03-4A06-B4D3-74AFF6B98C14@jisc.ac.uk> <2d54e5d5-b69d-e43b-8559-1c6b5de8e58b@si6networks.com>
In-Reply-To: <2d54e5d5-b69d-e43b-8559-1c6b5de8e58b@si6networks.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3273)
x-originating-ip: [2001:67c:370:128:78a0:2885:9daa:b38e]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM3PR07MB1172; 20:qsZVBTGZwjXXNJ/+MFatnGkZbmMxYqeTX7gLXZ1e2JKDpESdUuThyLOaJFXMmPTgyulXaihYMHXtzFMPEDE72XlqPYuvmbJEO1smNg9nsRfqUxsYnKYHTkCYFMxMKzNbHMidG4HMFL7A+PWnDZPHnynYEav63yP5vw6AdvXYSX0=
x-ms-office365-filtering-correlation-id: 91099899-6f16-42a4-8a33-08d4cf6cc136
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:AM3PR07MB1172;
x-ms-traffictypediagnostic: AM3PR07MB1172:
x-exchange-antispam-report-test: UriScan:(274715658323672)(278178393323532)(236129657087228)(192374486261705)(788757137089)(48057245064654)(148574349560750)(167848164394848)(247924648384137);
x-microsoft-antispam-prvs: <AM3PR07MB11726E4893121E5614BA400DD6A70@AM3PR07MB1172.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(2017060910075)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(6041248)(20161123560025)(20161123555025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:AM3PR07MB1172; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:AM3PR07MB1172;
x-forefront-prvs: 0374433C81
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39840400002)(39410400002)(39400400002)(39450400003)(377454003)(24454002)(6916009)(74482002)(6436002)(42882006)(2950100002)(83716003)(5660300001)(53546010)(7736002)(6246003)(2900100001)(102836003)(229853002)(561944003)(50986999)(6116002)(99286003)(39060400002)(6512007)(305945005)(38730400002)(5250100002)(53936002)(54906002)(72206003)(14454004)(8936002)(50226002)(3280700002)(86362001)(8676002)(6486002)(3660700001)(93886004)(36756003)(76176999)(230783001)(110136004)(478600001)(6506006)(2906002)(33656002)(189998001)(57306001)(4326008)(82746002)(81166006)(25786009); DIR:OUT; SFP:1101; SCL:1; SRVR:AM3PR07MB1172; H:AM3PR07MB1140.eurprd07.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-ID: <3D771C527C3FA24DAC5E07C453EEF182@eurprd07.prod.outlook.com>
MIME-Version: 1.0
X-OriginatorOrg: jisc.ac.uk
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2017 12:42:17.0452 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 48f9394d-8a14-4d27-82a6-f35f12361205
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM3PR07MB1172
X-MC-Unique: KrrGcLB7NtWwrvcbTZ6ftQ-1
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: base64
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/j9v6XW4zoA81-sN0r1iR2GLrpvg>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jul 2017 12:42:27 -0000

> On 20 Jul 2017, at 12:58, Fernando Gont <fgont@si6networks.com> wrote:
> 
> On 07/20/2017 02:34 PM, Tim Chown wrote:
>>> On 20 Jul 2017, at 12:03, Fernando Gont <fgont@si6networks.com> wrote:
>>> 
>>> On 07/20/2017 11:21 AM, Suresh Krishnan wrote:
>>>> Hi Tim,
>>>> 
>>>>> On Jul 19, 2017, at 6:00 PM, Tim Chown <Tim.Chown@jisc.ac.uk
>>>>> <mailto:Tim.Chown@jisc.ac.uk>> wrote:
>>>>> 
>>>>>> On 19 Jul 2017, at 13:57, Fernando Gont <fgont@si6networks.com
>>>>>> <mailto:fgont@si6networks.com>> wrote:
>>>>>> 
>>>>>> On 07/19/2017 01:58 PM, Tim Chown wrote:
>>>>>>>> On 18 Jul 2017, at 15:52, Fernando Gont <fgont@si6networks.com
>>>>>>>> <mailto:fgont@si6networks.com>>
>>>>>>>> wrote:
>>>>>>>> 
>>>>>>>> Folks,
>>>>>>>> 
>>>>>>>> Among the list of RFCs to be progressed to full std is/was RFC4941 
>>>>>>>> ("Privacy Extensions for Stateless Address Autoconfiguration in
>>>>>>>> IPv6").
>>>>>>>> 
>>>>>>>> As it stands, RFC4941 has a number of issues:
>>>>>>>> 
>>>>>>>> * Using the same IID for multiple prefixes * Not changing the IID
>>>>>>>> upon "security events" (including e.g., change in the underlying
>>>>>>>> MAC address) * Using MD5 as opposed to something better * Requiring
>>>>>>>> the use of temporary addresses along stable addresses (preventing
>>>>>>>> use of temporary-only, for nodes that feel like) * Not treating
>>>>>>>> IIDs as opaque values (see RFC7136)  when generating the randomized
>>>>>>>> IIDs (see step 3 in section 3.2.1 of RFC4941) * Mandating one
>>>>>>>> specific algorithm, when the same goals/properties can be achieved
>>>>>>>> with multiple algorithms (see section 4 of 
>>>>>>>> draft-gont-6man-non-stable-iids-01)
>>>>>>>> 
>>>>>>>> 
>>>>>>>> Based on the above, I personally don't think that it would make
>>>>>>>> sense to progress RFC4941 to Internet Standard, but rather think
>>>>>>>> that we should work on  a replacement of it -- our proposal being 
>>>>>>>> draft-gont-6man-non-stable-iids-01.
>>>>>>>> 
>>>>>>>> Thoughts?
>>>>>>> 
>>>>>>> Certainly any update on 4941 needs to be done in the light of a few
>>>>>>> deficiencies that have emerged over the years, and the publication of
>>>>>>> RFC7217.
>>>>>>> 
>>>>>>> I think it’s still possible to do a -bis off 4941.
>>>>>> 
>>>>>> My questions would be:
>>>>>> 
>>>>>> 1) Can you actually address the aforementioned deficiencies without
>>>>>> significant changes to RFC4941? -- It would seem to me that in order to
>>>>>> address them, rfc4941bis would not be a bis document anymore.
>>>>>> 
>>>>>> 2) If you were to address such deficiencies, could the bis document be
>>>>>> progressed to Internet Standard? -- My assessment of this question
>>>>>> is: No.
>>>>>> 
>>>>>> If RFC4941 would take significant work, and the end result would
>>>>>> actually be significantly different from what's in RFC4941, then I'm not
>>>>>> sure that'd be different than starting from the I-D we already have...
>>>>> 
>>>>> Just to be clear, I like the material in your new draft.
>>>>> 
>>>>> That said, it seems you could do a similar style of update from 3041
>>>>> to 4941, with a similar structure; the content is there in your draft,
>>>>> it “just" needs to be merged in.
>>>>> 
>>>>> That would mean obsoleting 4941, just as 4941 obsoleted 3041.  So you
>>>>> would include the details in 4941 that would carry forward.
>>>> 
>>>> <AD hat off>. I agree. If we are planning a drop in replacement to
>>>> RFC4941 creating a bis document from there is the right thing to do.
>>> 
>>> Can you explain your rationale? (along with answering the two questions
>>> I posed to Tim).
>>> 
>>> RFC4941 can be summarized as consisting of two parts:
>>> 
>>> 1) A discussion of privacy implications of Identifiers, and of IIDs in
>>> particular
>>> 
>>> 2) Specification of an algorithm to generate the IID
>>> 
>>> 
>>> "1)" was much needed when RFC3041 was published, and then carried to
>>> RFC4941 (when it was probably still needed). Nowadays, the security and
>>> privacy properties of IPv6 addresses are discussed more thoroughly (and
>>> in more dimensions) in RFC7721.  And the discussion of identifiers in
>>> documents such as RFC6973 and draft-gont-predictable-numeric-ids
>>> (besides the fact that one can always refer back to RFC3041 or even
>>> RFC4941 for such discussion, in the same way we referenced RFC3041 in
>>> RFC7721).
>>> 
>>> When it comes to "2)", if you really want to address the issues found in
>>> RFC4941, essentially you need to replace the algorithm with something
>>> else. One may tweak a few things here and there (e.g., the update we
>>> propose in our I-D), but still there are drawbacks in RFC4941 that
>>> cannot be addressed without fundamentally changing the algorithm (for
>>> instance, RFC4941 has notable drawbacks when compared to simply
>>> generating the IID as a random number that is not tied to previously
>>> selected IIDs). If one were to do rfc4941bis, such document could not be
>>> progressed to STD. And since there are better and/or alternative
>>> approaches for generating temporary addresses, I'm not sure what would
>>> be the benefit here.
>> 
>> But the structure of your document is exactly the same as 3041 and 4941:
>> 
>> 3.  Problem statement . . . . . . . . . . . . . . . . . . . . . .   3
>> 4.  Generation of Temporary IPv6 Addresses  . . . . . . . . . . .   6 
>> 5.  Update to existing RFCs . . . . . . . . . . . . . . . . . . .   8
>> 
>> Basically, it's “the problem” and “generating temporary addresses”.
>> 
>> I think we are discussing two things that are actually quite similar in structure.
> 
> Just trying to get a clear picture in my head: Does the discussion boil
> down to renaming "draft-gont-6man-non-stable-iids" to
> "draft-gont-6man-rfc4941bis"?
> 
> My mental model is that a bis document essentially incorporates errata
> and minor changes to a previous RFC. But this doesn't seem whre we want
> to go here.

I think the purpose and spirit are very similar though, just with a few years of extra experience.

One of the RFC4941 authors is explicitly copied above; have a chat :)

(That’s what I did for example with 6724 and 6434-bis)

Tim

v2.23.0 | Report a Bug | By Email