IETF Logo Mail Archive

Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard

Fernando Gont <fgont@si6networks.com> Thu, 10 September 2020 23:20 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E01A73A119A; Thu, 10 Sep 2020 16:20:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.845
X-Spam-Level:
X-Spam-Status: No, score=-2.845 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JyVUeucMwE5Q; Thu, 10 Sep 2020 16:20:31 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 630773A0F52; Thu, 10 Sep 2020 16:20:28 -0700 (PDT)
Received: from [10.0.0.134] (unknown [186.19.8.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id E369F28018C; Thu, 10 Sep 2020 23:20:22 +0000 (UTC)
Subject: Re: Last Call: <draft-ietf-6man-rfc4941bis-10.txt> (Temporary Address Extensions for Stateless Address Autoconfiguration in IPv6) to Proposed Standard
To: 神明達哉 <jinmei@wide.ad.jp>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>, draft-ietf-6man-rfc4941bis@ietf.org, last-call@ietf.org, 6man Chairs <6man-chairs@ietf.org>
References: <159969199185.9541.8823907519726516405@ietfa.amsl.com> <CAKD1Yr1fVnhr3ZM64vLxtXg-9WAKemDuzW2gMupviv-i9V-GiA@mail.gmail.com> <39f91a88-c15d-88d2-5bf4-66168fd61a67@si6networks.com> <c6515826-4849-e128-35c5-37569bf43881@gmail.com> <CAJE_bqexKOjCvBiC4R8hELrVx208ahaEPBOQTMYh--Orioa9NA@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <cd8a8cc8-25da-29a4-a6e7-3654e6ba2f04@si6networks.com>
Date: Thu, 10 Sep 2020 20:18:33 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAJE_bqexKOjCvBiC4R8hELrVx208ahaEPBOQTMYh--Orioa9NA@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/sffxPsVomv4eoQgaJ2SATJMmU90>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Sep 2020 23:20:34 -0000

Hi, Tatuya,

On 10/9/20 19:33, 神明達哉 wrote:
> At Fri, 11 Sep 2020 09:08:40 +1200,
> Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> 
>> [...] It's been a matter of principle
>> since the earliest work on IPv6 address allocation that the /64
>> boundary is treated like a parameter that could be changed, so
>> underlying code should treat it as a parameter and not as a constant.
>> (And RFC7421 discusses a lot more than just the privacy implications.)
> 
> I agree, but I think there's some subtlety here.  By referring to
> RFC4291 and specifically mentioning the magic number of 64 followed by
> the term "any arbitrary length", I see that the above text could read
> as part of attempting to loosen or remove the magic number from the
> address architecture. 

FWIW, at least the *intent* has been to clarified that this document is 
not tied to any specific length. In fact, I copied the relevant text 
verbatim from RFC7217.

And the text in RFC7217 was incoporated circa the same timeframe when 
people wondered where they /64 requirement came from.



[...]
>>From other responses from Fernando, I don't think that's the intent of
> the authors.

Indeed, I had no intention whatsoever to change, loose, confuse, [or 
whaever else] the /64 requirement. -- for instance, this document 
doesn't update RFC4291, and it would seem that such an update wouldn't 
have consensus in the foreseeable future :-)



   In that case, if we don't want to remove the above note
> because of the "lot more" in RFC7421, we might say something like
> this:
> 
>     2.  The Interface Identifier is obtained by taking as many bits from
>         the random number obtained in the previous step as necessary.
>         See Section 2 of [RFC4862] for the necessary number of bits,
>         that is, the length of the IID.  See also [RFC7421] about
>         privacy implications of the IID length.  Note: there are no
>         special bits in an Interface Identifier [RFC7136].

If we use this text, I'd probably move the "there are nos special 
bits.." prior to the other references. But mostly just a suggestion.



> The points of the new text are
> - Use [RFC4862] about the IID length, thus making rfc4941bis agnostic
>    about the "64 vs not 64" pitfall.
> - Referring to RFC4862 also implicitly means the IID length is a
>    parameter at least in theory, so we won't lose the "lot more" than
>    privacy implications.
> - On top of these, make the reference to RFC7421 focused on the
>    privacy implications.
> 
> BTW, RFC4941 limits the length of IID of temporary addresses to 64
> bits while noting the length is not a fixed constant:

FWIW, I think using the hard-coded "64" bits is mostly poor 
specification approach, since the IID length is described elsewhere. 
That kind of stuff should be specified in a single place, where 
appropriate, and an abstract reference should be made to that spec.

(if this was code, you'd do a #define in a single place, and just use 
that constant)

Note: I did both the Linux implementation of rfc4941bis, and a 
FreeBSD-kernel implementation (this later one not sure if it was 
committed). But of them only work with 64 bits.

So there's no "under the hoods" stuff going on...



> 
>     [...] Note that an IPv6 identifier does not
>     necessarily have to be 64 bits in length, but the algorithm specified
>     in this document is targeted towards 64-bit interface identifiers.
> (I suspect "an IPv6 identifier" is a typo and should be "an interface
> identifier")
> 
> rfc4941bis now seems to remove this limitation, albeit maybe
> implicitly.  Independently from the discussion on Section 3.3.1, I
> guess this change should probably be noted in Section 5 ("Significant
> Changes from RFC4941").

RFC4291 notes that the IID length is specified in Link-specific RFCs, 
and refrains to specify the IID in the addressing architecture. THat's 
the same we do here. And is the same we do in RFC7217.

So, if you want to implement rfc4941bis on Ethernet, you need to look at 
RFC2464, where you find that the IID is 64-bit long. This document 
(rfc4941bis) does not change or attempt to change that at all.

Thanks!

Regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email