IETF Logo Mail Archive

Re: I-D Action: draft-ietf-6man-default-iids-11.txt

Brian E Carpenter <brian.e.carpenter@gmail.com> Mon, 16 May 2016 20:08 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F01412D9FE for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 13:08:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0JOammCd_JCy for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 13:08:45 -0700 (PDT)
Received: from mail-pa0-x229.google.com (mail-pa0-x229.google.com [IPv6:2607:f8b0:400e:c03::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CFFF12DA02 for <ipv6@ietf.org>; Mon, 16 May 2016 13:08:45 -0700 (PDT)
Received: by mail-pa0-x229.google.com with SMTP id gj5so10236988pac.2 for <ipv6@ietf.org>; Mon, 16 May 2016 13:08:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:organization:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=L7UX6y99mgVDZeR+vc2kUn398qncI3SLW5jrli8qVBw=; b=jMw1iBI0Iw+mbN62tc1WAJYEOmsbF4jnfqMhUJPwbi9UyEFvW1MnoBvskY3vx/Yynu v15whR5DkprfSiHtmvYTEdglTg6IfAEjJ4sc14wH3CQKFOHKEiMprnHN9MlPVWS4pOAL V4cjxAuJl9FHg8x8x/OqjgWxoMv4oNjVBmUUO5owDj5Ol4/zc1QrCg8EugPhqUgG+wEZ XUtPrXI1IuJn9yGVMjJuhkfDazE9vwpYOnavsBSTPY2SWPfvdyMc/Jy7iONcJpvHE3yX 7x1z+D/TYbH7hyaYLGlexAOuInJy64FX0J/eqmGLoHaeqfC2cKSOK2OzcbeSQS8cpTor nLtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:organization :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=L7UX6y99mgVDZeR+vc2kUn398qncI3SLW5jrli8qVBw=; b=isYwPm0ZQUDQktjCWT1dtqLrz1U8XwW9uIIvsbi0xPjaZaa89s5QVaIyKd6Gx+GdAI w1B0jLeMa5eVaipBuTE/qEHLAM0+KNJwwDGaKLWvSJBhYq+IxIEuLgIUKY21RYcqwY0Y /oXuAJli4uVNLhoDXA4r+LlbhXXkX9KxKtKH4DMzFF7XVVI8Wrz+ZWK7gPeNUoreb4RG YyX4KRbmeamHiLbl9+B5jbjAtEmIbanANLhjzMClP36tDXgCqkkeuu1DO8Y+1UjdGyrO ExGe1ob70ElVNuywqy7CyNvzgUhUsGaSf/JR4JTtzsl22bUeditne2xPA6LdIpPKDRDI b28g==
X-Gm-Message-State: AOPr4FUw+kIZe9QReBRUO861djhgJ2IcP3eOPaQtIAsctcZegcKtOgo71z7qWg/recdsjQ==
X-Received: by 10.66.222.100 with SMTP id ql4mr48183646pac.137.1463429325036; Mon, 16 May 2016 13:08:45 -0700 (PDT)
Received: from ?IPv6:2406:e007:442b:1:28cc:dc4c:9703:6781? ([2406:e007:442b:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id uw2sm49286532pac.10.2016.05.16.13.08.41 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 16 May 2016 13:08:43 -0700 (PDT)
Subject: Re: I-D Action: draft-ietf-6man-default-iids-11.txt
To: weigengyu <weigengyu@bupt.edu.cn>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <CD39E9F1-4060-4884-91B3-5A974C3FFFF7@cooperw.in> <8E1CCE051EDF4491953D6E093809DA68@WeiGengyuPC> <2157FA8F808D4997BBF9AECD1B8DA52A@WeiGengyuPC>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <0d4da5aa-ff7b-6d90-8a9e-f4cf5f2fe50f@gmail.com>
Date: Tue, 17 May 2016 08:08:41 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <2157FA8F808D4997BBF9AECD1B8DA52A@WeiGengyuPC>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/rcZ_cC1j6SfdqO_nXFlpiOzaEzo>
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 20:08:47 -0000

Hi Gengyu,

>> RID is not random or random identifier according to the context above.
>> 
>> F() is an inreverse function, not a pseudorandom function.

I agree that this is incorrect use of terminology; an irreversible hash is
not mathematically equivalent to a pseudo-random number generator. But the
effect is the same: an attacker has no way to predict the next F(x) or to
obtain the value of x. As far as practical engineering goes, F() can be treated
as a random number. So I don't see why this invalidates the use of RFC 7217.

You could submit an erratum for RFC 7217 at http://www.rfc-editor.org/errata.php#reportnew
so that the terminology can be corrected when the document is updated.

Regards
   Brian Carpenter

On 16/05/2016 18:11, weigengyu wrote:
> Hi all,
> 
> Is it not a problem to promote RFC7217 in which concept errors are existed?
> 
> RFC7217 did not only giving a definition of stable address, but also defining an algorithm to generate it.
> The algorithm contains concept error in my opinion.
> 
>>
>>        Title           : Recommendation on Stable IPv6 Interface Identifiers
>>        Authors         : Fernando Gont
>>                          Alissa Cooper
>>                          Dave Thaler
>>                          Will Liu
>> Filename        : draft-ietf-6man-default-iids-11.txt
>> Pages           : 23
>> Date            : 2016-04-27
>>
>> Abstract:
>>   This document changes the default scheme for generating stable
>>   Interface Identifiers with SLAAC to that specified in RFC7217, and
>>   recommends against embedding link-layer addresses in IPv6 Interface
>>   Identifiers.
> 
> 
> Regards,
> 
> Gengyu WEI
> Network Technology Center
> School of Computer
> Beijing University of Posts and Telecommunications
> 
> -----原始邮件----- From: weigengyu
> Sent: Monday, May 09, 2016 2:35 PM
> To: Alissa Cooper
> Cc: ipv6@ietf.org
> Subject: Re: I-D Action: draft-ietf-6man-default-iids-11.txt
> 
> Hi,
> 
>> This document changes the default scheme for generating stable
>   Interface Identifiers with SLAAC to that specified in RFC7217,
> 
> There is a question about RFC7217 as this draft is to promote it.
> In RFC7217,  in Page 6 and page 7,  "5.  Algorithm Specification"
> "1.  Compute a random (but stable) identifier with the expression:
>       RID = F(Prefix, Net_Iface, Network_ID, DAD_Counter, secret_key)
>       Where:
>       RID:
>          Random (but stable) Identifier
>       F():
>          A pseudorandom function (PRF) that MUST NOT be computable from
>          the outside (without knowledge of the secret key).  F() MUST
>          also be difficult to reverse, such that it resists attempts to
>          obtain the secret_key, even when given samples of the output
>          of F() and knowledge or control of the other input parameters.
>          F() SHOULD produce an output of at least 64 bits.  F() could
>          be implemented as a cryptographic hash of the concatenation of
>          each of the function parameters.  SHA-1 [FIPS-SHS] and SHA-256
>          are two possible options for F().  Note: MD5 [RFC1321] is
>          considered unacceptable for F() [RFC6151]. "
> 
> It seems it is a concept error for RID.
> RID is not random or random identifier according to the context above.
> 
> F() is an inreverse function, not a pseudorandom function.
> Within parameters of F(Prefix, Net_Iface, Network_ID, DAD_Counter,
> secret_key),
> only the secret_key is generated by a pseudorandom function.
> But the secret_key is also a constant because it keeps unchanged after being
> generated.
> 
> There are not random features.
> 
> The question is why it is called RID, Random ID?
> 
> 
> Regards,
> 
> Gengyu WEI
> Network Technology Center
> School of Computer
> Beijing University of Posts and Telecommunications
> -----原始邮件----- From: Alissa Cooper
> Sent: Thursday, April 28, 2016 10:41 PM
> To: IETF IPv6 Mailing List
> Subject: Re: I-D Action: draft-ietf-6man-default-iids-11.txt
> 
> This version incorporates comments based on discussion before and during
> IETF 95 (thanks to Fernando for spinning the rev). I think this version
> addresses the comments received and should be ready to move forward.
> 
> Alissa
> 
> 
>> On Apr 27, 2016, at 5:49 PM, internet-drafts@ietf.org wrote:
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>> This draft is a work item of the IPv6 Maintenance of the IETF.
>>
>>        Title           : Recommendation on Stable IPv6 Interface Identifiers
>>        Authors         : Fernando Gont
>>                          Alissa Cooper
>>                          Dave Thaler
>>                          Will Liu
>> Filename        : draft-ietf-6man-default-iids-11.txt
>> Pages           : 23
>> Date            : 2016-04-27
>>
>> Abstract:
>>   This document changes the default scheme for generating stable
>>   Interface Identifiers with SLAAC to that specified in RFC7217, and
>>   recommends against embedding link-layer addresses in IPv6 Interface
>>   Identifiers.  It formally updates RFC2464, RFC2467, RFC2470, RFC2491,
>>   RFC2492, RFC2497, RFC2590, RFC3146, RFC3572, RFC4291, RFC4338,
>>   RFC4391, RFC5072, and RFC5121, by removing the text in these RFCs
>>   that required the IPv6 Interface Identifiers to be derived from the
>>   underlying link-layer address, and replacing the aforementioned text
>>   with a pointer to this document.  Additionally, this document updates
>>   RFC3315 by specifying additional requirements on the generation of
>>   Interface Identifiers used in Dynamic Host Configuration Protocol
>>   version 6 (DHCPv6).  It also provides advice to system administrators
>>   who employ manual configuration.  This document does not change any
>>   existing recommendations concerning the use of temporary addresses as
>>   specified in RFC 4941.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-ietf-6man-default-iids/
>>
>> There's also a htmlized version available at:
>> https://tools.ietf.org/html/draft-ietf-6man-default-iids-11
>>
>> A diff from the previous version is available at:
>> https://www.ietf.org/rfcdiff?url2=draft-ietf-6man-default-iids-11
>>
>>
>> Please note that it may take a couple of minutes from the time of submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> Internet-Drafts are also available by anonymous FTP at:
>> ftp://ftp.ietf.org/internet-drafts/
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email