Re: OPS-DIR review of draft-6man-stable-privacy-addresses-16

Fernando Gont <> Thu, 23 January 2014 09:19 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id AB6221A0342; Thu, 23 Jan 2014 01:19:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id JoH_JG6EojfF; Thu, 23 Jan 2014 01:19:04 -0800 (PST)
Received: from ( [IPv6:2a00:d10:2000:e::3]) by (Postfix) with ESMTP id 77E411A033E; Thu, 23 Jan 2014 01:19:04 -0800 (PST)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.82) (envelope-from <>) id 1W6GQk-0004PR-F0; Thu, 23 Jan 2014 10:18:34 +0100
Message-ID: <>
Date: Thu, 23 Jan 2014 04:37:12 -0300
From: Fernando Gont <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Tim Chown <>,,,,
Subject: Re: OPS-DIR review of draft-6man-stable-privacy-addresses-16
References: <> <EMEW3|8f37f1d5d449ce20468ee92a0af181faq0M16n03tjc||>
In-Reply-To: <EMEW3|8f37f1d5d449ce20468ee92a0af181faq0M16n03tjc||>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 23 Jan 2014 09:19:09 -0000

Hi, Tim,

Thanks so much for your feedback! Please find my comments in-line...

On 01/22/2014 10:05 PM, Tim Chown wrote:
> Issues:
> 1. In the discussion in section 5 on the algorithm, it may be
> desirable to suggest that implementations allow a choice of IID
> generation based on ‘classic’ SLAAC with EUI-64 or via this new
> proposed method, with a default of the new method.

This point is actually addressed by the draft-ietf version for
deprecate-eui64 (which will not deprecate eui64, but will specify the

i.e., this document just focuses on how you implement stable-privacy.
The draft-ietf version of deprecate-eui64
(draft-ietf-6man-ipv6-defult-iids) seems like the place to specify that
of having a knob to configure which method to use...

> 2. In the algorithm section, there is a comment that interface names
> MUST remain the same across boots or down/up events for the stable
> privacy address to remain stable. 

Strictly speaking, it says that Net_Iface MUST be constant. Then
Appendix A discusses possible sources for NetIface...

> I have (admittedly some time ago,
> and in rare cases) seen Linux installations where network interface
> names can ‘swap’, thus changing the address in use on the interface
> under the proposed algorithm, whereas with existing EUI64 SLAAC the
> IIDs would remain the same even if the interface name for a physical
> interface changed. This is probably rather more likely if replacing a
> network card on motherboard with on-board NIC(s).  Perhaps Fernando
> can comment on whether this is a realistic concern with modern OSes.

I think I was told that this has been fixed in Linux . That said, we
don't require any specific source for NetIface. For instance, you can
even use the link-layer address (please see Section A.3), such that you
get the same stability properties as EUI64 SLAAC.

The rationale for not requiring any specific source is that an
implementer know better which source is more stable/convenient. Some
source might be stable in one OS, but not in others. And viceversa.

> 3. I assume the IID may/will vary for a different OS run on the same
> host, e.g. where the host is dual-boot, or where a new OS installed
> (or the same OS re-installed). A different OS may well use a
> different F(), given that’s not specified.  With EUI-64, a dual-boot
> host would likely have the same address under either OS (well, not
> Windows any more…).  This may be worth making explicit.

This could be a pro or con, one might say.

I guess we could add something along the lines of:

"Since different implementation are likely to use different values for
secret_key, and may also employ different PRNGs for F() and different
surces for NetIface, we note that an a host that is dual-boot or that is
reinstalled may result in different IPv6 addresses for each OS and/or

> 4. The draft talks (in one place in Section 3) about stable privacy
> addresses being allocated by DHCPv6; some further discussion of how
> this might be achieved may be useful given the secret key is presumed
> to be generated on and reside on the host, not the DHCPv6 server.  Or
> would this be described in a separate future draft? 

Yes, a future draft -- e.g. where the algorithm is computed by the
DHCPv6 server.

> 5. Design goal 1 might add “and same interface” for scenarios where a
> host has two interfaces in the same subnet (with the same prefix).
> This scenario is one that may cause ‘interesting’ effects with
> addresses if interface names swap and no Network_ID is used.

Will do. (the seconds sentence already notes this).

> 6. I’d suggest not mentioning MD5.

Yep. Will do.

> Nits:
> 1. Some references are included multiple times, e.g. [RFC4941],
> rather than only at the first instance.

I will check this -- it could be that I'm referring to different terms
of the same specs.... or just me being plain redundant. :-(

> 2. Design goal 2, perhaps say “must” rather than “do”?

Yep. Will do.

> 3. In section 4 the author states the goal of stable IIDs within a
> given subnet. It may be better to say for a given prefix, given a
> renumbering process will change the prefix and with it the IID,
> though by loose language you might refer to it as the same subnet.

Will do.

> In response to recent discussion on 6man, I don’t believe it’s
> practical or desirable for a node to store addresses related to
> locations (networks) visited.  I agree with the author that the
> static address per network should be generated statelessly.

Great. :-)

Thanks so much!

Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492