IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

神明達哉 <jinmei@wide.ad.jp> Wed, 18 May 2016 17:55 UTC

Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DBBF12D624 for <ipv6@ietfa.amsl.com>; Wed, 18 May 2016 10:55:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.401
X-Spam-Level:
X-Spam-Status: No, score=-2.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.198, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZmG6bg9W_ZTh for <ipv6@ietfa.amsl.com>; Wed, 18 May 2016 10:55:09 -0700 (PDT)
Received: from mail-ig0-x230.google.com (mail-ig0-x230.google.com [IPv6:2607:f8b0:4001:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A02EE12D5F0 for <ipv6@ietf.org>; Wed, 18 May 2016 10:55:08 -0700 (PDT)
Received: by mail-ig0-x230.google.com with SMTP id qe5so95321448igc.1 for <ipv6@ietf.org>; Wed, 18 May 2016 10:55:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc; bh=n1k7jc/VTDhUbDBJKE38+lyX8nHnoudi1tp5ntFym9o=; b=DhOyfgds4I0n7T/7dViPb0SDFmcJYiDF7XGH8NxDnqiwk05DaHK2caPYy/po7o6aCT Wiudulpz8ZTQJetghBH5Ab37McvDHj9d75U81fcoq7WPvhesm/SMDtiee9y4NlgsIX/5 4IRz+CZOofPVjQCh7sUjrH0zbZ/h6Hor+D8jJYyri8N2Vyb6/EG+d200DXi7+UXytYcJ r9v915f5Ay3XS7zchAFHIkD+gxwiuWSFI6Wedw/Cemv35B5YbhEwJQQ9Nhncbp2fUirF bOalYU986+J38MWSB9AzebyrpO6dru29KGkTdSc764q1BMR7keyW005rky24+V4VYSag gZ/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc; bh=n1k7jc/VTDhUbDBJKE38+lyX8nHnoudi1tp5ntFym9o=; b=eWsGVcVjwMENIsP8hzfv4/OVJDsxPX7QyNQCBKBcR25mlBbtNSVYtX6LrRur3uwG2x 7jB4Bwm9Rg8Emd4pEQMOTf1zGK8QL2auIryzEylBwLl/qK64BNLU24uD4AN+Mc7Ffeff xXBNO32crrRNCs6wKzwvQbcBnHh5RCZmvgnauMdgk5VSb/fSEFkrUr/T+nXf8nAXl+Bu 8meUHpoPoK+H8voWF/nSVEn/MdCO1z5J2YorJaJRD09yu+m1ziVAp1nLR0vpoQ6vRBjV xwOcY6DUaORGndyyKJqQg0gyEnkFtNHHTjRAsnX/UkBSqqEwMlu8DL4uOR1bUBrMvrzB 7teQ==
X-Gm-Message-State: AOPr4FVugZa+eKCdXS4J5zZSWme7cINjoGuiC+b6+7n5BDJt+0pG8OYdV+udyuvbtAtCaO1v30v6yCbyXKXfzQ==
MIME-Version: 1.0
X-Received: by 10.50.160.41 with SMTP id xh9mr6303635igb.64.1463594108020; Wed, 18 May 2016 10:55:08 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.107.19.218 with HTTP; Wed, 18 May 2016 10:55:07 -0700 (PDT)
In-Reply-To: <573B36D3.8010502@si6networks.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <CAJE_bqdZ_D7jsDdWQ2FJpLH9cXveYfcye0W2J_mSi-7bYBrOKA@mail.gmail.com> <573B36D3.8010502@si6networks.com>
Date: Wed, 18 May 2016 10:55:07 -0700
X-Google-Sender-Auth: yI5lIxqeIa56N7qcBxsk77hp1PM
Message-ID: <CAJE_bqfy5tMA1xu1w5g+vx8nJfDQe4zz6BbDQes42wdtmj_hHg@mail.gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Fernando Gont <fgont@si6networks.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/jXHAdTK6gQziBig4UGe8T-qkN90>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 May 2016 17:55:12 -0000

At Tue, 17 May 2016 11:20:51 -0400,
Fernando Gont <fgont@si6networks.com> wrote:

> There are multiple reasons for which that is the wrong approach and/or
> incorrect.
>
> They are stated in the I-D as:
>    More generally, the reuse of identifiers that have their own
>    semantics or properties across different contexts or scopes can be
>    detrimental for security and privacy
>    [I-D.gont-predictable-numeric-ids].  In the case of traditional
>    stable IPv6 IIDs, some of the security and privacy implications are
>    dependent on the properties of the underlying link-layer addresses
>    (e.g., whether the link-layer address is ephemeral or randomly
>    generated), while other implications (e.g., reduction of the entropy
>    of the IID) depend on the algorithm for generating the IID itself.

I know there's this text, but it's too vague to me to interpret it as
this draft tries to reject the concern.  That's why I've been asking
the intent of the draft several times.  And this vagueness is the main
point of mine, rather than the specific claims themselves.  So I'm
not going to respond to each defense arguments for the claims, but
rather focusing on the higher level point: to me, the current form of
draft is vague about the following two points:

1. Whether it assumes (or introduces itself) that a stable address is
   required to be configured (banning non-stable only operation).
2. Whether the case where "link-layer addresses" are randomized is
   also covered by this draft (in that it prohibits embedding such
   addresses in IID)

According to the discussion in this thread, my latest understanding is
that the answer is "yes" to both points.  In that case, I'd then
request these points to be stated more explicitly and clearly in the
draft, and see clear wg consensus on these points.

I myself don't have a strong opinion (yet) on these points, but I see
some controversy in the wg.  For example, some responses in the latest
sub-thread on RFC4941 seem to indicate opinions on point #1 vary (and
some people even say RFC4941 does not necessarily require a public
address).  I also see that some people think that point #2 can be
loosened so that it only covers "permanent-and-predictable link-layer
addresses".  So I don't think we have a clear wg consensus on these
yet.  And, if this draft tries to achieve something that relies on
these points, IMO it can't pass the wg last call yet.


> > And, one other point I want to be addressed: in Section 4 it states:
> >
> >    By default, DHCPv6 server implementations SHOULD NOT generate
> >    predictable IPv6 addresses (such as IPv6 addresses where the IIDs are
> >    consecutive small numbers).  [I-D.ietf-dhc-stable-privacy-addresses]
> >    specifies one possible algorithm that could be employed to comply
> >    with this requirement.  Another possible algorithm would be to select
> >    a pseudo-random value chosen from a discrete uniform distribution,
> >    while avoiding the reserved IPv6 Interface Identifiers [RFC5453]
> >    [IANA-RESERVED-IID].
> >
> >  I suggest just removing the second sentence.
> >  ietf-dhc-stable-privacy-addresses is not a dhc wg item anymore due to
> >  some controversy, and it's not clear what will happen to its
> >  successor in the form of individual submission:
> >  draft-gont-dhcpv6-stable-privacy-addresses-01
> >  Since this sentence is only to show an example, just showing the
> >  "another possible algorithm" would suffice.
>
> I will check what the status of the corresponding draft-gont version of
> the I-D is. To the extent that is possible, I'd keep it, since
> ietf-dhc-stable-privacy-addresses leads to stable addresses, while a
> simple randomization scheme doesn't.

This logic seems awkward to me.  For
draft-gont-dhcpv6-stable-privacy-addresses-01 to be a better example
despite its uncertain future for that reason, I'd expect the stability
is also included in the updated text of RFC3315.  Otherwise, just
showing a simple randomization is a far better example since it
exactly meets the revised text.  I'd also note another recent trend in
dhc, where randomizing DUID may become a new norm as described in
RFC7844 (a standards track RFC).  Since the stability of
draft-gont-dhcpv6-stable-privacy-addresses depends on the stability of
DUID, the stability argument doesn't hold for client implementations
supporting and enabling RFC7844.

For all these reasons, I'd still suggest just removing the reference.
But if the idea of draft-gont-dhcpv6-stable-privacy-addresses is too
loved to be removed, my secondary suggestion is to move it to an
auxiliary example after the simple randomization, noting that it's
listed because it has an additional property of stability and that it
has a limitation that it's not compatible with RFC7844.

--
JINMEI, Tatuya

v2.23.0 | Report a Bug | By Email