IETF Logo Mail Archive

Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard

Brian E Carpenter <brian.e.carpenter@gmail.com> Fri, 11 September 2020 03:36 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 028383A138A; Thu, 10 Sep 2020 20:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.047
X-Spam-Level:
X-Spam-Status: No, score=-3.047 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aRzxBB1MVHvy; Thu, 10 Sep 2020 20:36:33 -0700 (PDT)
Received: from mail-pg1-x542.google.com (mail-pg1-x542.google.com [IPv6:2607:f8b0:4864:20::542]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 918033A1388; Thu, 10 Sep 2020 20:36:33 -0700 (PDT)
Received: by mail-pg1-x542.google.com with SMTP id s65so4555607pgb.0; Thu, 10 Sep 2020 20:36:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=5O6LRkXWQkcR3rguc73khN65HoHTPzIS3xxjqzQSRAM=; b=ZRWewxmSOH+4282rRz0ny+m48OAxPDr1W0dXSCxXu3u1qGcEzxPb8tzMQ6oyGyXK8W I2SNtvHveD9CVdgFR5T1VNAcVCPWmjigXsecIPvyaIFlOuF9OFjOsNJ7y3abgmRRg/Pn e8wXCwdOcgEzP822IsWV1vezVV+1DEW1iROlcbs5o8jSdQigvztM1HAqE/SofKn55y0l d31Rb6GR2eqmOnniP6eD0acrNcDEIOOCC2OQ47gc24ZwUkqyZFW4y2RmapvPjs8Pit8o DBKNkwD4WeNwsG6PnAsYuhM6VCKaHrufrDsT+1PzRPjja7WQEZ0arUSipprWNUsu5hxN OZ/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=5O6LRkXWQkcR3rguc73khN65HoHTPzIS3xxjqzQSRAM=; b=jgawH9lWG5kVDDSA1cvULY2o/YD2wqFFw/JgVqeWwK/zcHJQv0dp0NvGot5JbDmSnU +v3NtuXUcSuR3wEi6+TLmRTggsmY7XmSy0FdhL06rvSpgBciUxDJ5eKizWZfFMI2GKYr y5OT+BUWPNU/tpnbih7bLvCW2Haht2iUyf5H7LjtN0b8YqosWdEsA8AEeUhvNubxytEv gk6InxZjhCShqiPj9ZpVK3LTO2icQfb5Bi/mGiX9juLONvEJjH90CGkWm3xbvaOUobfT kjo1zzPWM53tVTakEqsoODRrTmG+B/bVbPixsROpt/nzQmjUxXJxGAhNjQ1ktlfDF2xd MGSg==
X-Gm-Message-State: AOAM533nF2Dpx+SLxpE1xRv7FIXKhNe1Q6gkeONEKK+mm8VMP1kP/LXb fgC6xig9cwHbpUSs8GGkUbUsieIhTvQ=
X-Google-Smtp-Source: ABdhPJwzMHGk7Zh8fq665OZlQi5vPJcUJhAzG97sAb6ggtFITw5UMPkxqzuSA8xeBLOtqPBNZiSnGQ==
X-Received: by 2002:a63:e015:: with SMTP id e21mr241471pgh.264.1599795392618; Thu, 10 Sep 2020 20:36:32 -0700 (PDT)
Received: from [192.168.178.20] ([151.210.138.136]) by smtp.gmail.com with ESMTPSA id p11sm429948pjz.44.2020.09.10.20.36.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Sep 2020 20:36:31 -0700 (PDT)
Subject: Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard
To: Fernando Gont <fgont@si6networks.com>, 神明達哉 <jinmei@wide.ad.jp>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>, draft-ietf-6man-rfc4941bis@ietf.org, last-call@ietf.org, 6man Chairs <6man-chairs@ietf.org>
References: <159969199185.9541.8823907519726516405@ietfa.amsl.com> <CAKD1Yr1fVnhr3ZM64vLxtXg-9WAKemDuzW2gMupviv-i9V-GiA@mail.gmail.com> <39f91a88-c15d-88d2-5bf4-66168fd61a67@si6networks.com> <c6515826-4849-e128-35c5-37569bf43881@gmail.com> <CAJE_bqexKOjCvBiC4R8hELrVx208ahaEPBOQTMYh--Orioa9NA@mail.gmail.com> <cd8a8cc8-25da-29a4-a6e7-3654e6ba2f04@si6networks.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <705d2d00-4509-326f-04e6-b04b404f48e9@gmail.com>
Date: Fri, 11 Sep 2020 15:36:26 +1200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <cd8a8cc8-25da-29a4-a6e7-3654e6ba2f04@si6networks.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/kdfjxs4Z1IpfLD0nROXj3Rbs8KQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Sep 2020 03:36:35 -0000

Just a detail:

> (if this was code, you'd do a #define in a single place, and just use 
> that constant)

Technically, I think it needs to be defined separately for each interface.
So defined in the driver source code, most likely. I have no idea whether
real implementations do that.

Apart from that: I agree with Jinmei-san's approach.

Regards
   Brian

On 11-Sep-20 11:18, Fernando Gont wrote:
> Hi, Tatuya,
> 
> On 10/9/20 19:33, 神明達哉 wrote:
>> At Fri, 11 Sep 2020 09:08:40 +1200,
>> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
>>
>>> [...] It's been a matter of principle
>>> since the earliest work on IPv6 address allocation that the /64
>>> boundary is treated like a parameter that could be changed, so
>>> underlying code should treat it as a parameter and not as a constant.
>>> (And RFC7421 discusses a lot more than just the privacy implications.)
>>
>> I agree, but I think there's some subtlety here.  By referring to
>> RFC4291 and specifically mentioning the magic number of 64 followed by
>> the term "any arbitrary length", I see that the above text could read
>> as part of attempting to loosen or remove the magic number from the
>> address architecture. 
> 
> FWIW, at least the *intent* has been to clarified that this document is 
> not tied to any specific length. In fact, I copied the relevant text 
> verbatim from RFC7217.
> 
> And the text in RFC7217 was incoporated circa the same timeframe when 
> people wondered where they /64 requirement came from.
> 
> 
> 
> [...]
>> >From other responses from Fernando, I don't think that's the intent of
>> the authors.
> 
> Indeed, I had no intention whatsoever to change, loose, confuse, [or 
> whaever else] the /64 requirement. -- for instance, this document 
> doesn't update RFC4291, and it would seem that such an update wouldn't 
> have consensus in the foreseeable future :-)
> 
> 
> 
>    In that case, if we don't want to remove the above note
>> because of the "lot more" in RFC7421, we might say something like
>> this:
>>
>>     2.  The Interface Identifier is obtained by taking as many bits from
>>         the random number obtained in the previous step as necessary.
>>         See Section 2 of [RFC4862] for the necessary number of bits,
>>         that is, the length of the IID.  See also [RFC7421] about
>>         privacy implications of the IID length.  Note: there are no
>>         special bits in an Interface Identifier [RFC7136].
> 
> If we use this text, I'd probably move the "there are nos special 
> bits.." prior to the other references. But mostly just a suggestion.
> 
> 
> 
>> The points of the new text are
>> - Use [RFC4862] about the IID length, thus making rfc4941bis agnostic
>>    about the "64 vs not 64" pitfall.
>> - Referring to RFC4862 also implicitly means the IID length is a
>>    parameter at least in theory, so we won't lose the "lot more" than
>>    privacy implications.
>> - On top of these, make the reference to RFC7421 focused on the
>>    privacy implications.
>>
>> BTW, RFC4941 limits the length of IID of temporary addresses to 64
>> bits while noting the length is not a fixed constant:
> 
> FWIW, I think using the hard-coded "64" bits is mostly poor 
> specification approach, since the IID length is described elsewhere. 
> That kind of stuff should be specified in a single place, where 
> appropriate, and an abstract reference should be made to that spec.
> 
> (if this was code, you'd do a #define in a single place, and just use 
> that constant)
> 
> Note: I did both the Linux implementation of rfc4941bis, and a 
> FreeBSD-kernel implementation (this later one not sure if it was 
> committed). But of them only work with 64 bits.
> 
> So there's no "under the hoods" stuff going on...
> 
> 
> 
>>
>>     [...] Note that an IPv6 identifier does not
>>     necessarily have to be 64 bits in length, but the algorithm specified
>>     in this document is targeted towards 64-bit interface identifiers.
>> (I suspect "an IPv6 identifier" is a typo and should be "an interface
>> identifier")
>>
>> rfc4941bis now seems to remove this limitation, albeit maybe
>> implicitly.  Independently from the discussion on Section 3.3.1, I
>> guess this change should probably be noted in Section 5 ("Significant
>> Changes from RFC4941").
> 
> RFC4291 notes that the IID length is specified in Link-specific RFCs, 
> and refrains to specify the IID in the addressing architecture. THat's 
> the same we do here. And is the same we do in RFC7217.
> 
> So, if you want to implement rfc4941bis on Ethernet, you need to look at 
> RFC2464, where you find that the IID is 64-bit long. This document 
> (rfc4941bis) does not change or attempt to change that at all.
> 
> Thanks!
> 
> Regards,
>

v2.23.0 | Report a Bug | By Email