IETF Logo Mail Archive

Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>

Mohacsi Janos <mohacsi@niif.hu> Sat, 21 April 2012 09:11 UTC

Return-Path: <mohacsi@niif.hu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9710221F8551 for <ipv6@ietfa.amsl.com>; Sat, 21 Apr 2012 02:11:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.146
X-Spam-Level:
X-Spam-Status: No, score=0.146 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HELO_EQ_HU=1.35, HOST_EQ_HU=1.245]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wyQYBjBzkxEd for <ipv6@ietfa.amsl.com>; Sat, 21 Apr 2012 02:10:58 -0700 (PDT)
Received: from mail.ki.iif.hu (mail.ki.iif.hu [IPv6:2001:738:0:411::241]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD8421F853E for <ipv6@ietf.org>; Sat, 21 Apr 2012 02:10:58 -0700 (PDT)
Received: from cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [193.225.14.182]) by mail.ki.iif.hu (Postfix) with ESMTP id 50DF587A26; Sat, 21 Apr 2012 11:10:55 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at cirkusz.lvs.iif.hu
Received: from mail.ki.iif.hu ([IPv6:::ffff:193.6.222.241]) by cirkusz.lvs.iif.hu (cirkusz.lvs.iif.hu [::ffff:193.225.14.72]) (amavisd-new, port 10024) with ESMTP id tg38HXuyrUkN; Sat, 21 Apr 2012 11:10:49 +0200 (CEST)
Received: by mail.ki.iif.hu (Postfix, from userid 9002) id 70F82879C9; Sat, 21 Apr 2012 11:10:48 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail.ki.iif.hu (Postfix) with ESMTP id 1BFEA878FE; Sat, 21 Apr 2012 11:10:48 +0200 (CEST)
Date: Sat, 21 Apr 2012 11:10:47 +0200
From: Mohacsi Janos <mohacsi@niif.hu>
X-X-Sender: mohacsi@mignon.ki.iif.hu
To: Fernando Gont <fgont@si6networks.com>
Subject: Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>
In-Reply-To: <4F91ACB3.2030901@si6networks.com>
Message-ID: <alpine.BSF.2.00.1204211015460.40024@mignon.ki.iif.hu>
References: <E7607B61-9889-43A9-B86B-133BD4238BA2@gmail.com> <4F87DF53.7030009@cisco.com> <4F881C9A.3050908@si6networks.com> <4F8E8B75.4030605@cisco.com> <4F8EE130.8070903@si6networks.com> <4F901471.3070802@cisco.com> <4F9072E5.7060906@si6networks.com> <CAAVMDnXLoKFsHYvav+Yd8puo9ePEcPvKSZYsyv9=GzRcODHopw@mail.gmail.com> <alpine.BSF.2.00.1204201400580.40024@mignon.ki.iif.hu> <4F91ACB3.2030901@si6networks.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, IPv6 WG Mailing List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Eliot Lear <lear@cisco.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Apr 2012 09:11:02 -0000

On Fri, 20 Apr 2012, Fernando Gont wrote:

> Hi, Mohacsi,
>
> On 04/20/2012 10:09 AM, Mohacsi Janos wrote:
>>     I support to have a semi stable private address. But very much
>> against the idea of replacing EUI-64 addresses.
>
> You mean "against replacing addresses embedding IEEE identifiers"?


yes.


>
>
>> The client application
>> based on the policy should pick pivate or EUI-64 addresses.
>
> Just curious: Is there a specific use case for IEEE-derived addresses
> that cannot be satisfied with draft-gont-6man-stable-privacy-addresses?

The existing implementations. The most important factor of introduction of 
new standards to interoperate the existing ones. I think this 
should be documented in your  draft. Furthermore there are 
several firewalls and monitoring tools which is generating warning in case 
of IEEE-derived address and MAC mismatch. This has to be investigated and 
documented in the draft.

>
>
>> Note: - Nothing stops me to pick MAC addresses from no longer existing
>> vendor e.g DEC
>
> Why would you want to do it?
>
>
>> I think the proper implementation of RFC 3041 or/and 4941 can solve your
>> problem
>
> I don't follow. RFC 4941 generates addresses in addition to the stable
> ones, so.. how could they possibly fix the scanning problem?

I think the stablity/network supervisor ability to track devices is enough 
justification for stable privacy addresses. Scanning is not so important. 
I know there are several new techniques - I am warning about the possible 
methods for several years in my presentations.
http://www2.garr.it/conf_05_slides/j_mohacsi-IPv6_sec.pdf

Best Regards,
 		Janos Mohacsi


>
> Thanks!
>
> Best regards,
> -- 
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>

v2.23.0 | Report a Bug | By Email