IETF Logo Mail Archive

Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)

Mark Smith <markzzzsmith@gmail.com> Thu, 13 July 2017 01:19 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EC121317C2 for <ipv6@ietfa.amsl.com>; Wed, 12 Jul 2017 18:19:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F8TZ4p5CQ3BW for <ipv6@ietfa.amsl.com>; Wed, 12 Jul 2017 18:19:11 -0700 (PDT)
Received: from mail-ua0-x22c.google.com (mail-ua0-x22c.google.com [IPv6:2607:f8b0:400c:c08::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75D03120726 for <ipv6@ietf.org>; Wed, 12 Jul 2017 18:19:11 -0700 (PDT)
Received: by mail-ua0-x22c.google.com with SMTP id g40so25015872uaa.3 for <ipv6@ietf.org>; Wed, 12 Jul 2017 18:19:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=jMev1rzwq1HUG+zAiAJ9SSzQbqMEAsHEm4pyEwMa7lE=; b=tubFExfUVlyCMd6Ldqm9Cfbie91GnWb6eZUGXY+bQr4htBUa8oty8joXbtDwxe4aBU 3GrSebAKsWVcMgLxVxblchPLfjQ5thuxqwh4GJCJpr1XD9WoC2jGxEYBN0VGiMSWm7rU jd7kUBHuWmIUt1Zhtl1IAtWsgi56QGVZ4uvvfrcEqYLaI0SdOXEkF8+OdrnzPIISOH9j WQIBoXpPEQxYj81B7ooS8AatJyJ/2NLG0jACC3+a3+fqp5cyMvF86JxmFo4QcbLKUACF /u8rTtdW0R4btLvI9fr3DxkRzhiCN+xqXuOUZTtFDx85IrHo2o9fABArTnAifR+AxlWP IC6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=jMev1rzwq1HUG+zAiAJ9SSzQbqMEAsHEm4pyEwMa7lE=; b=ZaHybFSM8QPUACOzdYMXKXN151cY8dKwUHlcNtOdCKt2EDc4JdDsbI7xPhnIExn52P U2e6PPVFyPXs0WFpQuKaDw50qHikKc5M/ddEZT2j8sJSRle09vwj3N4VP/I1jrdrjlQY F4PX0hn9V0GSMaJCENVO8kUapnOpkXGES5hgeufI24EIVlj5xofQ2AHaYbqFt+m1BpIC 1lA3vZjH3z/eX4aqnFbNQUapqAcaDADDSg1OxNgLXQBBudyLp0nC5FQ9lmClBAXQwzyd CY+vZyvBbKFk2i2pkuVKjpFd/DPslhW8n/E/5qfawH8BxD447rJRjBnHy9Hj9lT1OuyO izCQ==
X-Gm-Message-State: AIVw113/vfyujx0bqdxX7VD9/wOERrF18FEnCzMNVUFUhOEcBrKLEZgR 8c6yXMOReE2ERDjoCrKgJy7jlOmT/MsY
X-Received: by 10.159.53.45 with SMTP id o42mr911066uao.84.1499908750270; Wed, 12 Jul 2017 18:19:10 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.94.135 with HTTP; Wed, 12 Jul 2017 18:18:39 -0700 (PDT)
In-Reply-To: <8392C5AA-0E37-4A09-AFEB-13A61D11E783@thehobsons.co.uk>
References: <CAN-Dau2zgthR2w9e5ZVUdGc-vm+YvK2uTUJ8O=vrcv0jNc58RA@mail.gmail.com> <CAKD1Yr2+Si_tzNF8p6ASf4=StgFSX9Gm3TEj9iiqdE2gHQaNmQ@mail.gmail.com> <CAN-Dau03r_CKW53kegaLa=F_R_RG4cWaCT1j6idrqPm9UuN03A@mail.gmail.com> <5963BF27.1050300@foobar.org> <ff09ffcd-df65-4033-8018-fbe7ae98cff8@gmail.com> <6bf7f3d0e9c047b1b86d4bcc220f8705@XCH15-06-11.nw.nos.boeing.com> <CAN-Dau1bxm5y0v_6kUBc_ym39bSSxepjdwrzcS7YHWD=CV9-bw@mail.gmail.com> <3b34d6e9718a45ae80877e36fb55f2b4@XCH15-06-11.nw.nos.boeing.com> <CAO42Z2x+282VK7nMFHjcCz9tBmJ_=d4OhkiRZFZDLcZhakGB1Q@mail.gmail.com> <8392C5AA-0E37-4A09-AFEB-13A61D11E783@thehobsons.co.uk>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 13 Jul 2017 11:18:39 +1000
Message-ID: <CAO42Z2zeFkgH4EsYCn+HBktbrsj0mSA5LdQ5w8GDrXB5MyE8pw@mail.gmail.com>
Subject: Re: IPv6 Routing & ND vs. Addressing, (Was: Re: <draft-ietf-6man-rfc4291bis-09.txt>)
To: Simon Hobson <linux@thehobsons.co.uk>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/ttnLGqBOUybXqz8YC5DDchtlSnQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jul 2017 01:19:13 -0000

On 12 July 2017 at 23:47, Simon Hobson <linux@thehobsons.co.uk> wrote:
> Mark Smith <markzzzsmith@gmail.com> wrote:
>
>> This is not recognising that there are more than operational or functional properties of addresses. They have privacy and security properties too.
>
> Shouldn't this requirement be separate from the underlying protocol requirements ?
>

No, I don't think so. These protocols fundamentally exist to serve
end-user needs. If they don't, then they're no more than an academic
experiment, and we'll have wasted an awful lot of human capital on
them. These are primary protocol requirements, necessary to meet to
justify the protocol's existence.


> Ignoring LL addresses, it seems that only self assigned addresses using deprecated methods (ie based on hardware address) actually *require* a 64 bit split. So on that basis, the standard defining how the protocols work should require implementations to support an arbitrary split.
>

I think the final arbiter in any of these situations is "what is best
for the end-users?"

What is the simplest, that will result in lower network capex and opex
costs to the end-users who directly or indirectly pay those costs?

What is the most reliable and robust, so that when an end user
connects to and uses the network, they're least likely to encounter
issues for which they do not have the technical skillsets to resolve?

> Separate to that (in a separate section), make recommendations (as in "should") to support security and privacy.
>

We've tried that before, making security and privacy optional to
implement makes it easy to justify not implementing it.

We need to have the Internet secure and private by default. If we make
them options, we should make them options that have to be turned off
rather than on, because that causes the person to make an active and
conscious decision to give them up (whether it is the right decision
for their context is separate, and not one we can control or forecast.
If they're unsure, we are providing the safest default.)

BCP188/RFC7258 is stating that we take this secure and private by
default approach:

"The IETF will strive to produce specifications that mitigate
pervasive monitoring attacks."


Although RFC1726, "Technical Criteria for Choosing IP The Next
Generation (IPng)", doesn't specifically call out privacy, privacy is
a component of security, and it stated that:

"Security should be an integral component of any IPng from the beginning."

It is evident from the Snowden revelations that we dropped the ball on
that (e.g., IPsec was dropped as an implementation requirement per
RFC6434 and became an option), we now need correct that mistake and
take a security and privacy first and by default approach.

Regards,
Mark.

v2.23.0 | Report a Bug | By Email