Re: "Recommendation on Temporary IPv6 Interface Identifiers" (revised I-D) (Fwd: New Version Notification for draft-gont-6man-non-stable-iids-01.txt)
Mark Smith <markzzzsmith@gmail.com> Sun, 26 March 2017 19:52 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A13B61296A3 for <ipv6@ietfa.amsl.com>; Sun, 26 Mar 2017 12:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.198
X-Spam-Level:
X-Spam-Status: No, score=-2.198 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bavp3nUvjN8v for <ipv6@ietfa.amsl.com>; Sun, 26 Mar 2017 12:52:38 -0700 (PDT)
Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E25912969B for <6man@ietf.org>; Sun, 26 Mar 2017 12:52:38 -0700 (PDT)
Received: by mail-vk0-x231.google.com with SMTP id d188so32220894vka.0 for <6man@ietf.org>; Sun, 26 Mar 2017 12:52:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=CqcdR3HUd4Mo/VJ7+J7Gx9SW0dPqzSFP5s+P0Zmvk7M=; b=PtNHA3Z/3mDkyXGiU94aqZRaUt1aKVDOx7PJENoIuqzQfHJp4gZVJCV9k07LZ+kp+g rabUiaBh1nXM4AKLCVff7xVRE1zfr3QAiLpJtLDNpctaum5QM6qpPigoTKlKAFk1BEPj ibTyw0Pc0loal7YzwuUi+mqV9ToGFofmPEIJZ23Ur6+FWdp1o3dkTFLJUZUPF8Lt0rKz QpUtad7RkMcna7YI0wjGx71ShjSC+es37f8lW3V4tDySFv0+eJ3uAfdTraa/HYz0+16D I+J4JIr7QAO1fDLH/gSn+nJ8nqzHfJIwtl6OCdquFPnvqgf6st10nfRJgmzVb+n2k8j1 x0YA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=CqcdR3HUd4Mo/VJ7+J7Gx9SW0dPqzSFP5s+P0Zmvk7M=; b=LQyKRP0p5IFlh6RrijLvUTAkrVrzSgDF0SyjMCHkiN2F7YL+U5jaG3D3a8V2MApapK UpwmaB+OcWnRCH23Znt0naDfe+eMApV257TDGif8VoUdShYjVbSes3HeVzbAEFq7RC16 gt8zw1oNvdb2Bk+An6zh/Vti57euscv/vk4rEEYyyJ66qgKnykE1s4lVxdHl6X559dZ3 yIHfDTdtXXLyAHse/QLePJ0F5hyAx7pb5OtKjbbJuQRJ9Q+a7vz3MEE2zk0dJ0Opymwp 53Td/Wog0mCB21w4OEmR85oU5hLYc9B8hfHG0r9rMphKrXKPR/E5C2GOky8jugBPtqKl AyEQ==
X-Gm-Message-State: AFeK/H0otrxwv0bfm5EehOtcjuTUBFc2RB5cmFYPZTk38AZk7++L/eF9KJ8liBi/72LjPeHf+Zy56ebR4rCOaQ==
X-Received: by 10.31.15.82 with SMTP id 79mr7929199vkp.156.1490557957630; Sun, 26 Mar 2017 12:52:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.36.181 with HTTP; Sun, 26 Mar 2017 12:52:07 -0700 (PDT)
In-Reply-To: <4deb5200-0f4f-d3d1-b164-e70fabc77d86@si6networks.com>
References: <148942937853.9227.2944252822855237301.idtracker@ietfa.amsl.com> <cb261f79-b008-f09b-e8af-d8718735f37e@si6networks.com> <CAO42Z2wUzy1ew4f5TVuNOC-u+dak9fGjOYWpXdPFAuQnFeYcJw@mail.gmail.com> <4deb5200-0f4f-d3d1-b164-e70fabc77d86@si6networks.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Mon, 27 Mar 2017 06:52:07 +1100
Message-ID: <CAO42Z2w91tT1LfJCyKW8emKXM3BuFcY6bCpu0kPXQJcCtdL23w@mail.gmail.com>
Subject: Re: "Recommendation on Temporary IPv6 Interface Identifiers" (revised I-D) (Fwd: New Version Notification for draft-gont-6man-non-stable-iids-01.txt)
To: Fernando Gont <fgont@si6networks.com>
Cc: "6man@ietf.org" <6man@ietf.org>, draft-gont-6man-non-stable-iids@tools.ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/qSypT0PPLUKmngSBMqOrYNsJz6E>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Mar 2017 19:52:41 -0000
Hi Fernando, Sorry not to get back to you sooner. Comments below, <snipping> bits I can't add to. On 17 March 2017 at 03:35, Fernando Gont <fgont@si6networks.com> wrote: > Hi, Mark, > > Thanks so much for your feedback! Please find my comments in-line... > > <snip> > >> " 4. The resulting interface identifiers MUST NOT embed layer-2 >> identifiers (e.g. MAC addresses)." >> >> perhaps add, >> >> "to prevent correlation between IPv6 IIDs and MAC addresses, when an >> outside entity has been able to record both." > > Yes, there's also the fact that: > > 1) We cannot be assured that the randomization of the underlying MAC > address is good enough > 2) if the IIDs are 64-bit long, and the mac addresses are 48-bit long, > you still need to randomize those remaining 16 bits... so there's no > point in setting pieces of the IID differently > 3) Another way to think about this is "compartmentalization": if you > embed an ID from a layer below 8when you don't need to), if you screw up > with how you generate it, the problem is exacerbated. > 4) etc. > > I'm not sure whether to delve into all these details here, or just > simply provide references to the reader, as we're currently doing. That > is, the reuse of identifiers is well-covered in e.g. > draft-gont-predictable-numeric-ids-00... and if we start to elaborate > the reasons, the discussion will be incomplete or we will end up > embedding such I-D into this one... > > Thoughts? > > I don't think it is worth dealing with the details here either. Just a simple "do this because of this broad/fundamental reason" should be enough. <snip> > >> "Having a variable maximum lifetime prevents >> an observer from synchronizing with the temporary address >> regeneration; that is, from being able to expect when address will be >> regenerated, and thus infer that one newly observed addresses is the >> result of regenerating a previously observed one." >> >> This draft seems to be going a bit further in this direction (in a >> good way) than RFC4941 does (based on my brief reading of "3.5. >> Regeneration of Randomized Interface Identifiers") RFC4941 seems to >> have either host or interface universal values >> (TEMP_PREFERRED_LIFETIME: 1day, TEMP_VALID_LIFETIME:1 week) for the >> maximum lifetimes of temporary addresses. It looks to be focusing on >> avoiding synchronised address changes across clients rather than >> across addresses within a client. > > We're certainly going further than RFC4941: that's intentional. OK. My interpretation was that the only change being made to RFC4941 was to drop the statement or a requirement that temporary addresses were companions to stable addresses, rather than going further than that. > The goal > of this requirement is to avoid the regeneration of a temporary address > to become obvious to an observer -- because if it is obvious, there's no > point in regenerating the temporary addresses. > > > >> "That is, a host that de- >> attaches from a network and subsequently re-attaches to a (possibly >> different) network should regenerate all of its temporary addresses." >> >> RFC4941 only very briefly deals with this scenario. > > IIRC, research had found that RFC4941 implementations were failing in > this area. > > >> I agree with doing >> it, however I think there is a risk of a DoS on the link or similar if >> an interface starts failing, and disconnects/re-connects rapidly. I >> think there should be some prevention against this e.g., multiple >> disconnects/connects within 3 seconds indicates the interface is >> failing and regeneration of temporary addresses should not take place >> if this occurs. > > I agree with you. There should certainly be some sort of limit. The > specific value (e.g., multiple disconnects in X time) is less > important... but the document should probably at least mention this and > suggest some limit here. > Yes, I would see that as one of the further updates to RFC4941. <snip> <snip> <snip> > >> Regarding using the MAC_Address, >> >> "Employing the MAC address in this expression (in replacement of the >> Net_Iface parameter of the expression in RFC7217) means that the >> re-generation of a randomized MAC address will result in a different >> temporary address." >> >> it isn't clear to me whether randomised MAC addresses is a requirement >> or a recommendation when using this algorithm. With it replacing >> Net_Iface, it seems to be leaning towards a requirement. > > Your question/concern is certainly valid. > > Rationale: In RFC7217, you want a Net_Iface that is as stable as > possible (and the MAC address might not be the best choice in such > case). For temporary addresses, as long as Net_Iface uniquely identifies > an interface, it's okay. You could certainly use anything (e.g., still > use the interface name or interface index) for the generation of > temporary addresses. However, if you use the MAC address, one property > comes for free: if you happen to implement mac address randomization, > you can be assured that whenever you regenerate an IPv6 address (after > the mac address has been regenerated), the ipv6 address is going to change. > > FWIW, so far the I-D does not say much regarding whether you should do > mac address randomization or not... > I think for the purposes of the algorithm, it would be good to state whether randomised MACs are desirable or don't really matter. <snip> Regards, Mark.
- "Recommendation on Temporary IPv6 Interface Ident… Fernando Gont
- Re: "Recommendation on Temporary IPv6 Interface I… Mark Smith
- Re: "Recommendation on Temporary IPv6 Interface I… Fernando Gont
- Re: "Recommendation on Temporary IPv6 Interface I… Christian Huitema
- Re: "Recommendation on Temporary IPv6 Interface I… Mark Smith