IETF Logo Mail Archive

Re: Why this is broken [was Re: Extending a /64]

Michael Richardson <mcr+ietf@sandelman.ca> Wed, 18 November 2020 23:15 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB6F03A0E32 for <ipv6@ietfa.amsl.com>; Wed, 18 Nov 2020 15:15:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dbKDIaK6rXM for <ipv6@ietfa.amsl.com>; Wed, 18 Nov 2020 15:15:01 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F1603A0E2A for <ipv6@ietf.org>; Wed, 18 Nov 2020 15:15:01 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id A2146389CE; Wed, 18 Nov 2020 18:15:57 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id v9NpFsqsYv6v; Wed, 18 Nov 2020 18:15:57 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1DAEC389CD; Wed, 18 Nov 2020 18:15:57 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id C67024F5; Wed, 18 Nov 2020 18:14:59 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
cc: Tony Whyman <tony.whyman@mccallumwhyman.com>, "Joel M. Halpern" <jmh@joelhalpern.com>, ipv6@ietf.org
Subject: Re: Why this is broken [was Re: Extending a /64]
In-Reply-To: <61f8e6f7-1bfd-4c17-9e42-dc5fc10a19b5@gmail.com>
References: <202011151920.0AFJKN9U003337@mail2.mwassocs.co.uk> <3d26bffe-b6c9-4ed7-6135-a515f9902fd7@gmail.com> <m1keOTi-0000EGC@stereo.hq.phicoh.net> <CAO42Z2wZkXryhw1u5WAFdtCvXHyyz1zeM22FP_gRxjurjsG-Jw@mail.gmail.com> <5f505585-1328-d942-2ec2-a2d96b7b4779@foobar.org> <m1kePdR-0000I6C@stereo.hq.phicoh.net> <b022d11f-b55d-07ef-307d-949ff57cd562@foobar.org> <m1keS7i-0000E0C@stereo.hq.phicoh.net> <f06db586-15ed-6dd3-d09f-06a4e3759275@mccallumwhyman.com> <m1kecJm-0000EOC@stereo.hq.phicoh.net> <5101F72E-4197-4E58-8DEF-9EB9D5541482@thehobsons.co.uk> <m1kefWI-0000ETC@stereo.hq.phicoh.net> <845e43f9-4534-a125-3105-9d345b85029f@mccallumwhyman.com> <f18f1e55-6c8f-2963-7e3a-f22a89dda46d@joelhalpern.com> <0443de45-931d-fbda-20ab-2931383a3a8d@mccallumwhyman.com> <61f8e6f7-1bfd-4c17-9e42-dc5fc10a19b5@gmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 18 Nov 2020 18:14:59 -0500
Message-ID: <28593.1605741299@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/lRZSUEDa9BQPpqiCpYN2q_ijF4Q>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Nov 2020 23:15:04 -0000

Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
    > On 17-Nov-20 04:26, Tony Whyman wrote:
    >> On 16/11/2020 14:50, Joel M. Halpern wrote:
    >>> Tony, why are you embedding the 39 bit airplane ID into the IPv6
    >>> address.  That seems to be the fundamental thing that then has you
    >>> need very short prefixes, and doing other difficult operations.
    >>>
    >>> And if the answer is "ICAO said so", then we have a problem of really
    >>> smart aviation engineers doing network engineering.
    >>>
    >>> Yours,
    >>> Joel
    >>
    >> Perhaps the best way to answer this question is to look at the alternative.
    >>
    >> Aircraft MNPs are non-topological

    > Thank you for that clear statement. Internet routing *is* topological.
    > Therefore, you cannot use bits in the routing prefix for non-topological
    > information. Therefore, you cannot put 39 magic bits into the routing
    > prefix; the Internet doesn't work like that. End of story. Back to the
    > drawing board.

The airline identifier (the prefix /17 + 15bits airline number = /32) is
topological.

Traffic from whatever peers the aircraft needs to talk to goes through the
airline "HQ" (but: of course, physically attached in many places thanks to
BGP), and then through the mobile IPv6 system to get to the aircraft.   Each
airline has that 24-bit wide mapping table to get the data there over the
OMNI/RAW/etc. link.

    > However, you should be aware that IP addresses are intrinsically
    > forgeable. I'm not sure I would want to fly on an aircraft whose
    > identity might be trivially forged. Also, it would be trivial for
    > an attacker to observe that a particular address belongs to a
    > particular aircraft.

This is an irrelevant non-sequitor.  We have multiple technologies at multiple levels to
protect against this kind of forgery: 802.1x, MACsec, IPsec, BCP38.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email