Re: rfc4941bis: temporary addresses as "outgoing-only"?

Gyan Mishra <> Tue, 11 February 2020 06:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id CFBF312007A for <>; Mon, 10 Feb 2020 22:10:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id yvj_jDRIXI88 for <>; Mon, 10 Feb 2020 22:10:50 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CAA67120041 for <>; Mon, 10 Feb 2020 22:10:49 -0800 (PST)
Received: by with SMTP id h8so10471253iob.2 for <>; Mon, 10 Feb 2020 22:10:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o6yIVbP7yt2dQco+ImylZN0cQNwcYQGeajFHPF5e6UY=; b=tWY9y/b9s05unREbQkJgO4Eyvfb+X3l59Vk7YNcXJwy+Z5T6zHywSGdiTfFVB70lZ9 mqQkgQbBxQ5tEV5g8Rn8BIwzNss29nN2q4tc+3JVj9CriFmgFHrqmPoWNV92XLjUuyuo /zCFg1MmMFJhOOSScOfMWrj9AZZoOoNN2pmcoAl24cAiSD3kDNXsIs7TxvwFSjnWJ8aq e5u+t9raL427F2CBmWpRsvtbNboVry5T03hHJGdXtmmkJWgqs2LQf+a3JQsM2zyuEDlb +swY1VTedcD3tIDxx0M/I+9Xw5G6i/YTavHgN6IshocrDQLsPg50af/g3o9tRfi7C5J9 cH2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o6yIVbP7yt2dQco+ImylZN0cQNwcYQGeajFHPF5e6UY=; b=QOxXCRv7OvF9x9scfsexiAFLItMWWuDYcblUgumcGZ7hAda09Y0pxV/ntzNh2v91kb tN5jZDOeFVNzgwH4nX487aXhmJNJIA7R4b/CGwCcdVrH3cylPwBj+3OhbdkqGOBhAmzq oL6A3uNxQLFXUZRMXPVUdhtlvfQljDkEEQ7QdW4UzUK6NzQZF2uIz8NeSjYFgUldjtyp MCuKZVgUMQNsW5aHePurSS1OYbWPTFxf1ACSCOsPJic06SKbmGp6HFmFkuopwN+oXgXe NUESAI5cZaJnu5kaXbaIxzMkDudsBtkNG5G32X3WdhTztkIJG0q2GEC088jcAx5Yo2xc mVLw==
X-Gm-Message-State: APjAAAXco//u19Jfibhxqnm5oXJ3kKHsEcSVkpxVGpDDLttxKyexVsoU hJHtB3q+Oil7VCFRUESzsPQ1kjnc2zEReB2ABZs=
X-Google-Smtp-Source: APXvYqxYOJKiA2HoQr8tmZ7BI7lmZ1INvyCzouxrKGukSov3yLnyg5vL8MBgkNxciTozBl1wEHItlkbWj/3veLKJplw=
X-Received: by 2002:a05:6638:76c:: with SMTP id y12mr13453000jad.95.1581401448628; Mon, 10 Feb 2020 22:10:48 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <>
In-Reply-To: <>
From: Gyan Mishra <>
Date: Tue, 11 Feb 2020 01:10:10 -0500
Message-ID: <>
Subject: Re: rfc4941bis: temporary addresses as "outgoing-only"?
To: Mark Smith <>
Cc: Fernando Gont <>, 6MAN <>
Content-Type: multipart/alternative; boundary="00000000000097c4bd059e46b71c"
Archived-At: <>
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 11 Feb 2020 06:10:54 -0000

On Tue, Feb 11, 2020 at 12:19 AM Mark Smith <> wrote:

> On Tue, 11 Feb 2020 at 15:32, Fernando Gont <> wrote:
> >
> > On 10/2/20 19:17, Brian E Carpenter wrote:
> > > On 11-Feb-20 09:46, Mark Smith wrote:
> > >>
> > >>
> > >> On Tue, 11 Feb 2020, 03:13 Fernando Gont, <
> <>> wrote:
> > >>
> > >>      Folks,
> > >>
> > >>      Since we are at it, I wonder if rfc4941bis should say anything
> about the
> > >>      use of temporary addresses for incoming connections. (see
> > >>
> ).
> > >>      (e.g., "an implementation MAY....")
> > >>
> > >>      Particularly for connection-oriented protocols, hosts that
> prevent
> > >>      incoming connections on temporary addresses reduce exposure even
> when
> > >>      their temporary addresses become "exposed" by outgoing sessions.
> > >>
> > >>      i.e., if the model is that temporary addresses are employed for
> outgoing
> > >>      connections, unless a host uses temporary-only, there's no
> reason to
> > >>      receive incoming connections on temporary addresses. (e.g.,
> browsing the
> > >>      web or sending email should not be an invitation for folks to
> e.g.
> > >>      port-scan you).
> > >>
> > >>
> > >> This would prevent peer-to-peer connections between end-user devices,
> as it means devices become clients only, and they therefore cannot provide
> a temporary server/service.
> > >
> > > If a node has a stable address as well as a temporary address, that
> isn't the case.
> >
> > That's what I had in mind.
> >
> So if we want to support adhoc peer-to-peer file transfers between
> e.g. smartphones via NFC/Bluetooth/Adhoc Wifi, then stable addresses
> are required, even if the file transfer takes say 30 seconds, well
> within the valid lifetime of the RFC4291bis temporary addresses?
> I think it is a very dangerous path to codify client only IPv6 hosts
> (as distinct from temporary address only IPv6 hosts). I think it is
> counter to the fundamental goals of the ARPANET and the Internet:
> 'Historical/Philosophical Context
> ....
>      By "intercomputer networking"  we mean the attachment of
>      multiple, usually general-purpose computer systems--in the sense
>      of Operating Systems of potentially different manufacture (i.e.,
>      "Heterogeneous Operating Systems")--to some communications
>      network, or communications networks somehow interconnected, for
>      the purpose of achieving resource sharing amongst the
>      participating operating systems, usually called Hosts.  (By
>      "resource sharing" we mean the  potential ability for programs on
>      each of the Hosts to interoperate with programs on the other
>      Hosts and for data housed on each of the Hosts to be made
>      available to the other Hosts in a more general and flexible
>      fashion than merely enabling users on each of the Hosts to be
>      able to login to the other Hosts as if they were local; that is,
>      we expect to do more than mere "remote access" to intercomputer
>      networked Hosts.)'
> Client only IPv6 hosts would not be able to be more than '"remote
> access" to intercomputer networked Hosts.', despite having CPU, memory
> and network bandwidth resources 10s and 100s of 1000s of times greater
> than the hosts had in the 1970s and 1980s.
>    Gyan> I agree.  We definitely don't want to go backwards with IPv6 -
being forward looking from a technology standpoint and not being able to do
basic pee-to-peer networking is a giant step backwards.   The issue that
you called out at the bottom of section 4.3 regarding binding to stable
address I think is something that needs to be fixed if that is an issue
with multiple addresses.  I don't think its a reason to remove the stable

   Binding services only to stable addresses provides a clean separation
   between addresses employed for client-like outgoing connections and
   server-like incoming connections.  However, we currently lack an
   appropriate API for nodes to be able to specify that a socket should

     only be bound to stable addresses.

I don't think that is a reason to abandon the "stable" address usage for
incoming connections.  With IPv4 you have a single address and its easy to
bind() services to the connection.  With IPv6 with the temporary address
disabled and when a single GUA exist on the NIC then its as well easy to
bind() services to the IP.  However, when there are multiple addresses
employed with the privacy extension temporary address, source address
selection comes into play when binding a service to an IP.  That is the
crux of the issue with source address selection appropriately picking the
correct address for incoming connections.   Using the temporary address for
incoming connections "server-like" registered in DNS -doing so circumvents
the shielding the identity of the client when it initiates communication.
 I am guessing that if you had a single temporary (preferred) address w/o a
stable address - the service would bind to the address and source address
selection would not come into play.

I think that part of RFC 4941 using the stable address for "incoming" and
temporary address for "outgoing" should remain unchanged in the 4941bis

   Many machines function as both clients and servers.  In such cases,
   the machine would need a DNS name for its use as a server.  Whether
   the address stays fixed or changes has little privacy implication
   since the DNS name remains constant and serves as a constant
   identifier.  When acting as a client (e.g., initiating
   communication), however, such a machine may want to vary the
   addresses it uses.  In such environments, one may need multiple
   addresses: a "public" (i.e., non-secret) server address, registered
   in the DNS, that is used to accept incoming connection requests from
   other machines, and a "temporary" address used to shield the identity
   of the client when it initiates communication.  These two cases are
   roughly analogous to telephone numbers and caller ID, where a user
   may list their telephone number in the public phone book, but disable
   the display of its number via caller ID when initiating calls.

  As far as operational impact & MTTR for enterprises by having (1)
preferred & and maximum (1) deprecated address with valid = 2 days
eliminating the stable address does reduce the total GUA addresses on the
endpoint to 2 addresses.  However I think removal of the stable address and
resulting impact to essential peer-2-peer communications "client-like" &
"server-like" in SOHO environments.  Also having the stable address does
give enterprises the option to disable the temporary address if desired for
"long lived" connections.

!  4941bis update - I would prefer to keep the stable address

Allows hosts to employ only temporary addresses (i.e.configuration of
stable addresses is no longer implied or required).

Allows hosts to employ only temporary addresses (i.e. configuration of
stable addresses is no longer implied or required)

> Regards,
> Mark.
> >
> > > However, I think it is rather out of scope for 6man to regulate this
> point. What might be good, but is also probably out of scope,
> > > is a socket option to allow/disallow incoming connections to temp
> addresses, and a socket error code if they are disallowed and an upper
> layer tries to bind a socket to a temp address.
> >
> > The thing here is that, unless the address has been generated upon
> > request of an app (something not possible at the time of this writing),
> > apps share addresses and thus no app has authority over any address...
> >
> > Thanks,
> > --
> > Fernando Gont
> > SI6 Networks
> > e-mail:
> > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
> >
> >
> >
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> Administrative Requests:
> --------------------------------------------------------------------


Gyan  Mishra

Network Engineering & Technology


Silver Spring, MD 20904

Phone: 301 502-1347