IETF Logo Mail Archive

Re: <draft-ietf-6man-default-iids> update to rfc2464bis

Brian E Carpenter <brian.e.carpenter@gmail.com> Thu, 12 January 2017 21:11 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA2B71294F9 for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 13:11:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ojctseA0atjV for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 13:11:27 -0800 (PST)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BC791294B7 for <ipv6@ietf.org>; Thu, 12 Jan 2017 13:11:27 -0800 (PST)
Received: by mail-pf0-x22b.google.com with SMTP id 189so18750804pfu.3 for <ipv6@ietf.org>; Thu, 12 Jan 2017 13:11:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=PloKaH/T/tNoG4evU8jUcVuWlgBFgTsRE6HBLzauiLc=; b=Fj2mbNUOQQcc5sYTbhjbwmtLwmDxZMHan55IeT3yXeErRjZuy6gucjzAC4nrA9txiC 9DSsuSSUqVi1JvFi4QPdi/giWB3WLbbwlyyjNc91mES0RAHRPzKmf9rH/oXkDIKU1AA2 bS7ZXNBBF84oaCmERBYXOtcUnuFNC1TmfHj6kccEgLpfZxXRo028HOvHquLSVQ3h50f9 lPdohouZFYMV3zR6a6cG/az6JJ0Fg54i8G5o2z8jNjZ5NSs6g6RLuSm14fNtnWgSG7Q9 mTGMG1FF4Au7lxkdNlSfKtoEUxWeQy6xH3jPTheztzA9dhnuZ4tnxIz6AWTfs9vTOwF3 XPew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=PloKaH/T/tNoG4evU8jUcVuWlgBFgTsRE6HBLzauiLc=; b=qJ78XoGQFyHRndZX3gs6JnAmmPKLYxdxpLvHuP7pHpbQc+hvrs6DQI4f0/T6Y51MC8 fPoXWROVnPMAtBpUfCg2mbGiFKZR0Us46u8VxJBdqM4nZzD303EwxRszNF0thxiuUchq Xa7aKPL97j8Gl4T2qIlFy2XtsF3tleNyIywYzJs/06P93DpbWRnMpW8Mu/WZxsdqIeIe VyjaekYXjnQFbVisBNU3Vst2+8Zskx3Te6tco/NW8S3rdlx4qJcy57/toczDJ3AkNGLF 2ZiNl+6P2+AGsyn7kBLITtbNTNaT5wqceG6mTal+fYAcKsXFiN/0UVbpnsucbxNPVl4s gdJw==
X-Gm-Message-State: AIkVDXJeioafuoCLF9SA5a/e6tyZgP+V7gcuyIGFWBiYwMrGPvElv0BHFPykwtKOpzxvRA==
X-Received: by 10.84.241.8 with SMTP id a8mr23999261pll.74.1484255486732; Thu, 12 Jan 2017 13:11:26 -0800 (PST)
Received: from [192.168.178.21] ([118.148.127.232]) by smtp.gmail.com with ESMTPSA id g87sm2757467pfj.20.2017.01.12.13.11.23 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Jan 2017 13:11:25 -0800 (PST)
Subject: Re: <draft-ietf-6man-default-iids> update to rfc2464bis
To: Fernando Gont <fgont@si6networks.com>, Lorenzo Colitti <lorenzo@google.com>
References: <1E7F90AC-79BB-49BE-B397-EC829EA95AA4@gmail.com> <CAKD1Yr0O6gnXZc3qEY7bqkBYu-sx1_erwum2DRwpe+Vv+jmdiw@mail.gmail.com> <7456833d-aa3f-d368-6041-cfdc1ac95f6f@si6networks.com> <CAKD1Yr1dQF7Cg0mppZVcSXC15pue_y1Qb-GugKY+G8u-dRyJtg@mail.gmail.com> <89fc8838-f6cd-1647-8468-1c8c11466aff@si6networks.com> <CAKD1Yr2z22ZX85ywAcqobbHZ20Kx4VvFhEmzJnSG_0hQBLLvyw@mail.gmail.com> <b3707115-b9d1-cc14-4cb9-0a3ffdd0cdfc@si6networks.com> <CAKD1Yr0WkMJ4+FwdE2Re=Aifm2HgCha2i67mexpcO5rkz3PYww@mail.gmail.com> <33d91d6c-18dc-1ec0-fc4d-edc83a86ce83@si6networks.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <6ae2b66b-21be-a413-ee59-8aa064e583b7@gmail.com>
Date: Fri, 13 Jan 2017 10:11:29 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <33d91d6c-18dc-1ec0-fc4d-edc83a86ce83@si6networks.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/pv7eHVowK0SsNMiZ6gmWlBs4tOk>
Cc: Bob Hinden <bob.hinden@gmail.com>, IPv6 List <ipv6@ietf.org>, Suresh Krishnan <suresh.krishnan@ericsson.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 21:11:29 -0000

On 13/01/2017 00:29, Fernando Gont wrote:
> On 01/12/2017 08:08 AM, Lorenzo Colitti wrote:
>> On Thu, Jan 12, 2017 at 7:25 PM, Fernando Gont <fgont@si6networks.com
>> <mailto:fgont@si6networks.com>> wrote:
>>
>>     > I don't see why we should forbid this. It's a legitimate implementation
>>     > choice, and has excellent privacy properties :-)
>>
>>     I'm not saying we should forbid this -- actually, there are scenarios
>>     where it should probably be the recommended approach.
>>
>>     But that's not the operating model we have right now -- that's the
>>     point.
>>
>> The point I am making is that according to current and
>> about-to-be-published specs, a node is free to create addresses that
>> change over time, since nothing forbids it.
> 
> I guess you're allowed. That does change the operating assumptions, and
> I wouldn't be surprised to see breakage.

It will break on sites that choose a managed addressing policy (as
Tim told us they do at CERN). I wonder what Android users at CERN do?

   Brian

> 
> 
> 
>>     > Sure. If you can find rough consensus to say all other methods of
>>     > generating IIDs are bad and should not be used, the IETF will publish a
>>     > document saying that. My bet is that you won't.
>>
>>     I'm not saying that. For instance, if you want temp addresses, and you
>>     decide to send the 64 bits with a PRNG of your choice, that's fine. If
>>     your goal is privacy and you decide to waste 18 bits 'cause you want to
>>     stick to modified-eui64, you're doing a lousy job.
>>
>> Good, then we agree that a node is free to create addresses that change
>> over time using schemes that are not described in RFC 7217, RFC 4941, or
>> any other document.
> 
> Yes, you're "free" to do your own proprietary thing, which does not
> follow any IETF stds, I guess.
> 
> 
> 
>>     > To get back to the original point: in the current state of the documents
>>     > that we have published or are about to publish (e.g., the default-iids
>>     > draft), as reflecting the consensus call sin th it's not true that
>>     > modified EUI-64 is not recommended. It's only not recommended if you use
>>     > stable link-layer addresses.
>>     >
>>     > Bob, Ole, Suresh: can we also amend or remove this text in 4291bis
>>     > before we publish it? I think it's an oversight because there was clear
>>     > consensus in 6man (Fernando being in the rough) that it was OK to use
>>     > modified EUI-64 with non-stable MAC addresses:
>>     >
>>     >    Earlier versions of this document described a method of forming
>>     >    interface identifiers derived from IEEE MAC-layer addresses call
>>     >    Modified EUI-64 format.  These are described in Appendix A and are no
>>     >    longer recommended.
>>
>>     All these documents are about generating stable addresses, not temporary
>>     addresses. So I'm not sure why the text should be removed. The text in
>>     all this documents ae about stable addresses. IETF-wise, the only doc
>>     that is about temporary addresses is RFC4941. Hence the text seems
>>     correct to me.
>>
>>
>> If instead of removing that text we can clarify that it only applies to
>> stable addresses, that works for me. Suggestion: change "These are
>> described in Appendix A and are no longer recommended." to ""These are
>> described in Appendix A and are no longer recommended for stable addresses."
> 
> Fine. Isn't the assumption in all these RFCs that the addresses are
> stable, and that the MAC addresses are unique?
> 
> 
> 
>> The reason the text needs to be changed is because during the discussion
>> of default-iids there was substantial discussion of the use case of
>> using EUI-64 with randomized MAC addresses. There was consensus that
>> this is a use case we want to support, and as a result, the working
>> group concluded that we should change every occurrence of the phrase
>> "based on a link-layer address" to "based on a stable link-layer
>> address" in the default-iids draft.
> 
> My read of the discussion is that you didn't want default-iids to ban
> this case (and maybe there was not more than one or two voices in this
> direction), and we simply decided to have default-iids fous on stable
> addresses to be able to do progress on something. Claiming that doing
> temp adderesses by doing MOdified-EUI64 is streching that outcome quite
> a bit, IMO.
> 
> 
> 
>> We should make the same distinction
>> in 4291bis and 2464bis: EUI-64 is not recommended for use with stable
>> link-layer addresses, but it can be used with non-stable link-layer
>> addresses.
> 
> All this documents talk about stable addresses. Discussing temp
> addresses in them is actually talking about stuff that simply wasn't
> there, with operating conditions different from those assummed so far.
> 
> Again, I sympathize with temp only in scenarios where they make sense.
> But things like that don't seem within what has been specified so far
> (i.e., there's work to be done, including analyzing what might break).
> 
> Thanks,
>

v2.23.0 | Report a Bug | By Email