IETF Logo Mail Archive

Re: I-D Action: draft-gont-6man-non-stable-iids-00.txt

otroan@employees.org Tue, 31 May 2016 08:37 UTC

Return-Path: <otroan@employees.org>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 897A712D189 for <ipv6@ietfa.amsl.com>; Tue, 31 May 2016 01:37:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.336
X-Spam-Level:
X-Spam-Status: No, score=-1.336 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=employees.org; domainkeys=pass (1024-bit key) header.from=otroan@employees.org header.d=employees.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vI0utzp5RYBP for <ipv6@ietfa.amsl.com>; Tue, 31 May 2016 01:37:00 -0700 (PDT)
Received: from incoming.kjsl.com (inbound02.kjsl.com [IPv6:2001:1868:2002::144]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE5F12D186 for <ipv6@ietf.org>; Tue, 31 May 2016 01:36:59 -0700 (PDT)
Received: from cowbell.employees.org ([IPv6:2001:1868:a000:17::142]) by ironport02.kjsl.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 May 2016 08:36:58 +0000
Received: from cowbell.employees.org (localhost [127.0.0.1]) by cowbell.employees.org (Postfix) with ESMTP id 512679CC51; Tue, 31 May 2016 01:36:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; s=selector1; bh=G4dgIyZyl6Wom8CcDT10nqUSEz8=; b= KXV432HOpxzgYpu80WILLZj06KI9Sv1eNtt9lUxoyGCDPQrYjwXb9ND7i49kPfcz d2PKERwnGiLNYfAkei0DBdw/v+X7zFJR8UfgOv7dbb8GG+gRxiM3QeGJEMmPfw4q rzUoQS6jv+ZPmyvc9Mji/3BPj8xDMa9Z9PknUUVqTWM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=employees.org; h=subject :mime-version:content-type:from:in-reply-to:date:cc:message-id :references:to; q=dns; s=selector1; b=ndjPD8nBQosyBqCtovTr/NYhwd m5e9jejyFxj4UNmiDS/mqc/pUq6dnx1vPqSzE/Cn453qNckIHXZVSzntm1SaNVKG fisomdP7Z8Wo1w0+hcqfOs9sDAX8YYeN4AHjxWYzWNWNfO0B1JYnRRmbO7RLUIx0 3DY1qtxC38FqDaWAg=
Received: from h.hanazo.no (eduroam-0-91.enst.fr [137.194.56.91]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: otroan) by cowbell.employees.org (Postfix) with ESMTPSA id CD5CB9CC4E; Tue, 31 May 2016 01:36:56 -0700 (PDT)
Received: from [IPv6:::1] (localhost [IPv6:::1]) by h.hanazo.no (Postfix) with ESMTP id 0987D1753A2C; Tue, 31 May 2016 10:36:55 +0200 (CEST)
Subject: Re: I-D Action: draft-gont-6man-non-stable-iids-00.txt
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Content-Type: multipart/signed; boundary="Apple-Mail=_E937F338-A303-4983-9A73-2F184547D380"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: otroan@employees.org
In-Reply-To: <CAKD1Yr3trrLEziadqxSKC2QzFOSS6=45b4j4b1Zc-53Q-kQsJw@mail.gmail.com>
Date: Tue, 31 May 2016 10:36:52 +0200
Message-Id: <90628A01-A7C0-4D2C-83ED-74F3F9963E00@employees.org>
References: <20160523150736.10739.19307.idtracker@ietfa.amsl.com> <de70bacb-40f2-0684-897f-8a5167b68c36@gmail.com> <85D7A11B-03B1-4570-8F4B-EA533FF2CAEA@employees.org> <CAKD1Yr0c0R3zO+ejcLKCqize8ncQVmV_Cgy1F_JO4UdoDi=_Ng@mail.gmail.com> <3F8CA752-D0B9-4516-9C93-C736BF9946CF@employees.org> <CAKD1Yr1OMWyksyt7m50AuVFQcAsa3xqfn4BytHUA0HjpuG8MNw@mail.gmail.com> <02BC17C8-35B8-4BC4-9A3B-D7DF61C84CAA@employees.org> <CAKD1Yr3trrLEziadqxSKC2QzFOSS6=45b4j4b1Zc-53Q-kQsJw@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/qkc-Py1jR_xT7lEZjrkjJGzC5q4>
Cc: 6man WG <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 May 2016 08:37:02 -0000

Lorenzo,

> > What are you suggesting? That RFC4941 addresses don't provide any useful privacy? Or that hosts can't use only RFC4941 addresses? Something else?
> 
> I'm making the observation that if you have a host with only RFC4941 addresses, you will end up using 4941 addresses as public addresses.
> 
> Your statement does not mean much unless you define "public". The difference between RFC 4941 addresses and other addresses is not are that RFC 4941 addresses are not persistent.

IPv6 addresses are not persistent. they are all ephemeral. it is just a matter of the lifetime.

a public address is one registered in DNS or some other external registry.
I would argue that the address you use to reach facebook (and thereby couple address and identity) you have made that address a public address.

> and that you cannot reuse an address you have coupled identity with for any other connection.
> 
> Can you explain the threat you're trying to counter? From what you say I assume it has to involve some party with realtime access to part of your communications that is able to correlate temporary addresses before they change, but I'm not sure exactly what the threat model is. There is one party that can always track 100% of what you do at the IP layer, and that is the first-hop router. Is that what you're talking about?
> 
> > there is no standardised way for a host to know if it is getting a unique /64 is it?
> >
> > No, and I think it would be useful to have one.
> 
> DHCP PD?
> 
> PD works, but most "/64 per host" deployments today do not use DHCPv6 PD because they are 3GPP networks that use RAs. I would expect /64 per host deployments to continue to be mostly RA-based, as discussed in draft-ietf-v6ops-unique-ipv6-prefix-per-host. I think a "this prefix is dedicated to you" flag in the RA would be useful.

that would likely require a change to the subnet model.

> we also need a mechanism to inform hosts that the network is out of addresses.
> 
> That's NOT RECOMMENDED by draft-ietf-v6ops-host-addr-availability.

it doesn't really matter if that draft says that. in reality there is a limit. an address can either fail silently (possibly with an ICMP) or explicitly.

cheers,
Ole

v2.23.0 | Report a Bug | By Email