Re: Re: 3484bis and privacy addresses

Ray Hunter <v6ops@globis.net> Wed, 28 March 2012 09:14 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBEAB21E8028 for <ipv6@ietfa.amsl.com>; Wed, 28 Mar 2012 02:14:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.44
X-Spam-Level:
X-Spam-Status: No, score=-2.44 tagged_above=-999 required=5 tests=[AWL=0.157, BAYES_00=-2.599, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uM-7cAMWXeDj for <ipv6@ietfa.amsl.com>; Wed, 28 Mar 2012 02:14:41 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id DA3F521E801A for <ipv6@ietf.org>; Wed, 28 Mar 2012 02:14:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id C4FC18700BB; Wed, 28 Mar 2012 11:14:39 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mAVRcW0vmiJZ; Wed, 28 Mar 2012 11:14:31 +0200 (CEST)
Received: from Rays-iMac.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 03E6D8700B8; Wed, 28 Mar 2012 11:14:30 +0200 (CEST)
Message-ID: <4F72D676.7060803@globis.net>
Date: Wed, 28 Mar 2012 11:14:30 +0200
From: Ray Hunter <v6ops@globis.net>
User-Agent: Postbox Express 1.0.1 (Macintosh/20100705)
MIME-Version: 1.0
To: Karl Auer <kauer@biplane.com.au>
Subject: Re: Re: 3484bis and privacy addresses
References: <4F716D5C.40402@innovationslab.net> <4F71F217.7000209@globis.net> <4F71FC03.90403@si6networks.com> <4F720F7F.2090108@globis.net> <1332884609.2633.22.camel@karl>
In-Reply-To: <1332884609.2633.22.camel@karl>
Content-Type: multipart/alternative; boundary="------------060901050305070303070006"
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 09:14:42 -0000

Draft RFC3484bis-01 currently references RFC4941 as a normative 
reference in Section 11.1:
> Privacy considerations have introduced the concepts of "public
>     addresses" and "temporary addresses" [RFC4941  <http://77.72.230.30/html/rfc4941>].
So I think we have to assume that a node will have such addresses 
present by default when considering RFC3484bis.

I could completely agree with your logic if RFC3484bis did not have 
RFC4941 as a normative reference, or if 3484bis was coupled with 
draft-gont-6man-managing-slaac-policy-00, or 
draft-ietf-6man-addr-select-opt-03 was already deployed in the field,  
or the M&O bits of RA were defined to force use of DHCPv6, or there was 
a common proprietary cross-OS mechanism available or indeed anything 
else that would allow a network manager to reliably control use of 
temporary addresses. But there isn't AFAIK. Unless you also 
intentionally break SLAAC.

So IMHO, in the absence of any other reliable OFF switch, RFC3484-bis 
itself currently really is the only place where a reliable default "OFF" 
can be specified at this time. I don't mind how this is achieved: either 
in the preference rules themselves, or in other clarification text that 
describes safe default backwards-compatible end-node behavior that will 
not break other systems that currently rely on IPv4-like behavior.

regards,
RayH


Karl Auer wrote:
> On Tue, 2012-03-27 at 21:05 +0200, Ray Hunter wrote:
>    
>> IMHO the proper *default* behavior is still "off" = option A. In other
>> words, default = IPv4-like behavior, at least until we really figure
>> out how to operate all of these fancy new features of IPv6.
>>      
>
> The question is not whether the use of privacy addresses (temporary
> addresses) should be enabled by default. Though some OSes do that, I
> believe.
>
> The question is, where a host *does* have both a temporary and a
> non-temporary addresses, which one it should prefer by default. "Prefer
> by default" in this case means "select as the source address for new
> outbound connections in the absence of specific instructions to do
> otherwise".
>
> Regards, K.
>
>