IETF Logo Mail Archive

Re: RFC4941, temp-addr only, etc. (Fwd: New Version Notification for draft-gont-6man-non-stable-iids-00.txt)

Mark Smith <markzzzsmith@gmail.com> Sun, 29 May 2016 02:30 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6741D12D17C for <ipv6@ietfa.amsl.com>; Sat, 28 May 2016 19:30:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.197
X-Spam-Level:
X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUOCAWY_xBIq for <ipv6@ietfa.amsl.com>; Sat, 28 May 2016 19:30:48 -0700 (PDT)
Received: from mail-vk0-x22c.google.com (mail-vk0-x22c.google.com [IPv6:2607:f8b0:400c:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5EEA912B062 for <6man@ietf.org>; Sat, 28 May 2016 19:30:48 -0700 (PDT)
Received: by mail-vk0-x22c.google.com with SMTP id d127so26792086vkh.2 for <6man@ietf.org>; Sat, 28 May 2016 19:30:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=3OwlFZH7fu6oLL489tahe7jX6CjroJ5wV7GEnXLOW5Y=; b=rYkzk6EL5rdVAXJagSCU+H3Fe8F1iyQzEMvl73YPd5sjC+OjBXu+X0ErlXriwTtgzV ytQdDaCTSNgGzzdVRATFI+HNCUaP4WbCjm5pmtEp5PYBO8M2BiobyvFQqOGLiJH8OTS3 kvrv7wBkRVJPRBYt7ieUnDduigCUFAIBdbrDKTXJIhLzmr0yuulfLI6nIRSrnJhaHIf8 vaXwVni1w0mozv9k5oqYc05R9HFxIzZsswA0STb8QI3nUgR4I7ohg25SFurTykkTLwuW OeZtsqpcXRjRgvJLYX82uYlvIxoBfvK/iw4X49FgkSZTINFaVeHo9KQYTcYcwXxydlYC TkzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=3OwlFZH7fu6oLL489tahe7jX6CjroJ5wV7GEnXLOW5Y=; b=aEKs6/1+sbd6Ie5SVJKCy97+rF0PSrj3bZD+Ju/CjehaxtnVC7HqercC26eYy5vhER 4QNiZTJohonsH2GMEFWGgqoGHXxoPNZmtC87sOSg+oOkYTfKvsy+gy1Nb/RMzVQbP6Pa WfDbbrnUwBRxUBI+5Lrs//XnC2n/dbC5qacUJi/0ozfHfnKq8vq6v7O/qDRhaFg+myqd umF5IymOIYNVYPyUZzJrK8gFr5BF84Nwq3PGarYKn5DVDHQf+cP/dt31bJ8nayIsIqqy Zhclmk5aDR5GMBVyuMu917Gg0i+JCwwe+lQBLqHUVPU9IWNKVmNAH8RMBCITfFNiDbxH BRYw==
X-Gm-Message-State: ALyK8tJqbFVz45mOdJks/BJc0BDhlRGDgueof8T0R7bXmqWot9ibEXkFuigBzgCBb5tv5Hc8KxC4HAQjvmbryQ==
MIME-Version: 1.0
X-Received: by 10.31.72.66 with SMTP id v63mr7469256vka.29.1464489047366; Sat, 28 May 2016 19:30:47 -0700 (PDT)
Received: by 10.176.3.168 with HTTP; Sat, 28 May 2016 19:30:47 -0700 (PDT)
Received: by 10.176.3.168 with HTTP; Sat, 28 May 2016 19:30:47 -0700 (PDT)
In-Reply-To: <CAKD1Yr3gR6rdV=d7NpqzF-K+f=DCOTU0RccJPiMZoLh80yOt-w@mail.gmail.com>
References: <20160523150736.10739.56619.idtracker@ietfa.amsl.com> <57431E27.8090209@si6networks.com> <CAKD1Yr37A61zBeqQ4TDbHTwyVbnm35OC4ez-LGC7zvOuHt9iVg@mail.gmail.com> <CAO42Z2xFRN9khnvhP7Rd=rrrPexF=t841J8HbzRkYn1XqbfewQ@mail.gmail.com> <CAKD1Yr1AiQVdEt4V=stCfWO2Ayn+q2ztZwOp5s3YDpPpUQU7xA@mail.gmail.com> <CAO42Z2xVx66ayPmKTQ=guYjAcudkfCnSOm5p4XQh_dYoBRCHdg@mail.gmail.com> <CAKD1Yr1qpQXMS=Ep2RK_Aj+RuNB8OxxMxSepu7TZ+Boqvh4w=g@mail.gmail.com> <CAO42Z2z1L4+HiSAw8eoL9pS2bY5DJDLA7YvkhSxm9GRYpVBbFw@mail.gmail.com> <CAKD1Yr3gR6rdV=d7NpqzF-K+f=DCOTU0RccJPiMZoLh80yOt-w@mail.gmail.com>
Date: Sun, 29 May 2016 12:30:47 +1000
Message-ID: <CAO42Z2zEX1vRLeM5HknL3bjW4svvAeiSRWqWumO_zg6xDXmb=A@mail.gmail.com>
Subject: Re: RFC4941, temp-addr only, etc. (Fwd: New Version Notification for draft-gont-6man-non-stable-iids-00.txt)
From: Mark Smith <markzzzsmith@gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
Content-Type: multipart/alternative; boundary="001a114e005472381d0533f1ed77"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/pWCOW9FprQjp4fLe25qJuk0B4ME>
Cc: Fernando Gont <fgont@si6networks.com>, 6man@ietf.org, 神明達哉 <jinmei@wide.ad.jp>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 May 2016 02:30:50 -0000

On 27 May 2016 12:51 PM, "Lorenzo Colitti" <lorenzo@google.com> wrote:
>
> On Fri, May 27, 2016 at 12:00 PM, Mark Smith <markzzzsmith@gmail.com>
wrote:
>>>
>>> A simple algorithm would seem to be:
>>> If you don't support, or don't want to use, DNA, then every link is a
new link and you start off with no IP addresses. So you form a link-local
address, send an RS, etc. etc. starting from scratch.
>>
>>
>> That is significantly reducing the robustness of e.g. TCP connections,
as they won't survive that event because their address will change.
>
>
> Most mobile devices close all TCP connections every time a network
disconnects, anyway.

My laptop running general purpose Linux doesn't. Servers don't.

I think that is the insight. I don't think you're considering any other
types of device in this discussion, meaning you won't be seeing where
stable addresses that have increased privacy properties (compared to
EUI-64s, but not in comparison with RFC4941s - which don't meet the
stability requirement) are beneficial.

>The reason for this is that if the device switches to a different network,
the TCP connections are dead anyway (because the IP address changes) and
apps just get stuck. Keeping the connection alive is only useful if you
think that there's a very high chance of reconnecting to the same network
soon, and you either have no other network in the meantime, or you think
you're going to reconnect so soon that it doesn't make sense to
re-establish a connection on another network.
>

>>>
>>> If you support and want to use DNA, then you use DNA with the same MAC
address as you had before.
>>
>>
>> The issue with DNA is that it seems to be relying on the MAC address and
therefore the Link-Local address of the on-link routers being stable for as
the link remains operating. If routers were changing their MAC addresses
periodically too, then DNA will fail. It seems you've been arguing for no
stable L2 and/or L3 addresses on any device, so that would have to mean
that routers don't have them either.
>
>
> Actually, I don't expect that routers will need random MAC addresses.

I think it depends on the type of router. Service provider or
corporate/enterprise router I'd agree.

Residential router, I'd disagree, unless there are any significant
drawbacks.

First thought is new random MACs on boot. The privacy enhancement would be
both periodically changing MAC addresses in WiFi SSID announcements, and no
disclosure of the router NIC manufacturer.

I'll look to find time to do this on my residential router in the next few
weeks.

Regards,
Mark.

v2.23.0 | Report a Bug | By Email