IETF Logo Mail Archive

Re: I-D Action: draft-gont-6man-deprecate-eui64-based-addresses-00.txt

Alexandru Petrescu <alexandru.petrescu@gmail.com> Fri, 25 October 2013 16:51 UTC

Return-Path: <alexandru.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2385811E819F for <ipv6@ietfa.amsl.com>; Fri, 25 Oct 2013 09:51:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.273
X-Spam-Level:
X-Spam-Status: No, score=-10.273 tagged_above=-999 required=5 tests=[AWL=-0.024, BAYES_00=-2.599, HELO_EQ_FR=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 86tH817yd-SG for <ipv6@ietfa.amsl.com>; Fri, 25 Oct 2013 09:51:54 -0700 (PDT)
Received: from sainfoin-out.extra.cea.fr (sainfoin-out.extra.cea.fr [132.167.192.145]) by ietfa.amsl.com (Postfix) with ESMTP id DAA2421F9CAD for <ipv6@ietf.org>; Fri, 25 Oct 2013 09:51:52 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin.extra.cea.fr (8.14.2/8.14.2/CEAnet-Internet-out-2.3) with ESMTP id r9PGppDe018547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <ipv6@ietf.org>; Fri, 25 Oct 2013 18:51:51 +0200
Received: from muguet2.intra.cea.fr (muguet2.intra.cea.fr [132.166.192.7]) by pisaure.intra.cea.fr (8.14.4/8.14.4) with ESMTP id r9PGppEN013358 for <ipv6@ietf.org>; Fri, 25 Oct 2013 18:51:51 +0200 (envelope-from alexandru.petrescu@gmail.com)
Received: from [127.0.0.1] (is010446-4.intra.cea.fr [10.8.33.116]) by muguet2.intra.cea.fr (8.13.8/8.13.8/CEAnet-Intranet-out-1.2) with ESMTP id r9PGplop017310 for <ipv6@ietf.org>; Fri, 25 Oct 2013 18:51:50 +0200
Message-ID: <526AA1A3.2020009@gmail.com>
Date: Fri, 25 Oct 2013 18:51:47 +0200
From: Alexandru Petrescu <alexandru.petrescu@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.0.1
MIME-Version: 1.0
To: ipv6@ietf.org
Subject: Re: I-D Action: draft-gont-6man-deprecate-eui64-based-addresses-00.txt
References: <20131021224345.32495.19727.idtracker@ietfa.amsl.com> <52697C33.7010904@gmail.com>
In-Reply-To: <52697C33.7010904@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Oct 2013 16:51:59 -0000

Le 24/10/2013 21:59, Brian E Carpenter a écrit :
> Unfortunately I feel that this is operationally unacceptable.

I agree.

Not only operationally it may prove difficult to upgrade everything from
RFC2464, but all the IPv6-over-foo specs of future deployment may need
to accept it as well.

E.g. will this 48bit prohibition also include prohibiting the 'short'
16bit of 802.15.4?  Or is that less of risk given it's a shorter address
and thus less unique?

(in detail:
it cites [RFC2464] Ethernet, [RFC2467] FDDI, and [RFC2470] Token Ring,
but would one go ammend also other IPv6 over foo documents such as:
RFC2492 ATM,
RFC4944 802.15.4,
RFC5072 PPP using Ethernet hardware IDs,
RFC5692 802.16,
draft-ietf-6lowpan-btle-12,
draft-ietf-6man-6lobac-01,
draft-brandt-6man-lowpanz-02,
IPv6-over-USB unspecified, but using hardware IDs.

and why not the methods of forming IPv6 addresses containing an IPv4 
address which may be related in other ways to other privacy aspects like 
geographical localization.)

Alex

>
> There are many (I suppose thousands) of sites that rely on MAC
> addresses to manage their assets, and in many cases to trace
> malicious users. It's certainly true that in theory, they can do
> this by using ND or DHCPv6 logging, as today they use ARP cache or
> DHCP logging to trace IPv4 users, and they may have to do this anyway
> when some users implement some form of obscure IID generation. But I
> just don't see site managers in general (and therefore vendors)
> accepting this:
>
> "Nodes MUST NOT employ IPv6 address generation schemes that embed the
> underlying hardware address in the Interface Identifier."
>
> I would suggest that this might fly:
>
> "Nodes SHOULD NOT employ IPv6 address generation schemes that embed
> the underlying hardware address in the Interface Identifier, and
> such schemes MUST NOT be enabled by default in any implementation."
>
> Even that might prove unrealistic.
>
> Incidentally, your case would be strengthened by referring to
> draft-ietf-6man-ug, which makes it plain that the case for EUI64 is
> weaker than was originally thought.
>
> Brian
> --------------------------------------------------------------------
>  IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
>

v2.23.0 | Report a Bug | By Email