Re: 64bit MAC addresses and SLAAC
Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 18 June 2020 14:24 UTC
Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BDBA3A1097 for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:24:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.671
X-Spam-Level:
X-Spam-Status: No, score=0.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id meVcrLe52szj for <ipv6@ietfa.amsl.com>; Thu, 18 Jun 2020 07:24:34 -0700 (PDT)
Received: from sainfoin-smtp-out.extra.cea.fr (sainfoin-smtp-out.extra.cea.fr [132.167.192.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0F823A0D73 for <ipv6@ietf.org>; Thu, 18 Jun 2020 07:24:33 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by sainfoin-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IEOW2p032129 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:24:32 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 3A89C207B2A for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:24:32 +0200 (CEST)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 303AD20712F for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:24:32 +0200 (CEST)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 05IEOW0e021285 for <ipv6@ietf.org>; Thu, 18 Jun 2020 16:24:32 +0200
Subject: Re: 64bit MAC addresses and SLAAC
To: ipv6@ietf.org
References: <e8a25961-5ac9-d35e-77dd-bf86f45cd077@gmail.com> <a17ae9f3-001c-07f6-84f9-a0ca583e6a00@gmail.com> <7AE5B6D0-AB01-4077-A9EF-5BD86F428681@gmail.com> <CAC8QAcdDjQvonke7hytV8pCYsTAjATNi560v_b32jus_jDW8bw@mail.gmail.com> <b43a00f5-c957-923a-cef4-ed541ebdb39a@gmail.com> <a96f1262-d152-dc09-1c2f-b2604ca21890@si6networks.com> <m1jlb8u-0000JDC@stereo.hq.phicoh.net> <d23c967b-29fc-cf94-d51b-70d200ee195f@si6networks.com> <CABNhwV2+pq9fwWA=X4eN064gdtOV628pgaSMmDEyq3ANX6xZxg@mail.gmail.com> <m1jlg0W-0000LDC@stereo.hq.phicoh.net>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <8ffadf93-b250-30ce-c03b-b28ddd161eb3@gmail.com>
Date: Thu, 18 Jun 2020 16:24:32 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0
MIME-Version: 1.0
In-Reply-To: <m1jlg0W-0000LDC@stereo.hq.phicoh.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wSXNBA-BpeJpdK3lQOtHPjebcM0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jun 2020 14:24:35 -0000
Le 17/06/2020 à 23:54, Philip Homburg a écrit : >> Of course the caveat there with unmanaged network and SOHO and >> Mobile where manual or DHCPV6 is not possible or viable. > > Why is DHCPv6 not possible? Of course there is the Android problem. > But I doubt that a low power IoT device would share a wifi-link with > an Android device. > >> In those cases SLAAC is preferred, but then we have the crux of >> issue and the decision tree on privacy random IID and its overhead >> if its not necessary versus modified EUI64. tree of course the >> underlying operational impacts of random versus stable IID double >> edged sword operator or individuals decision to pick which works >> best for their use case. In the end net-net is what is simplest to >> deploy and least overhead but also meets the desired goal is >> generally the thought for picking the IID generation solution. For >> that SLAAC wins out in that decision for the use case described >> above. > > A stable, unique pseudo random IID per prefix basically requires one > SHA2-HMAC (or equivalent in SHA3 or other modern hash function) per > prefix. I am not sure which crypto function is used in our (well, a colleague programmer's) linux kernel code to generate variable length IIDs. We generate a 128bit random number with a crypto function and then pick the necessary bits to form an IID from it and from the non-64 prefix from PIO from RA. However, by doing that we become fully dependent on that crypto function (say it's called 'C') to generate an address. If that 'C' is not seeded well enough, or has licenses on it, or is IPRed, or is not open source, or bleeds when attacked by a distributed.net lucky PC, or is not resisting quantum attacks after tomorrow, or was not fully tested against endianness on this new IoT platform, or is too slow, or simply does not compile there - then we're at risk. Alex > > I cannot imagine that computing 2 SHA2 hashes has a significant > amount of energy use compared to link attachment and duplicate > address detection. > > This computation is once per prefix, so it becomes an issue if the > devices frequently attaches to new links. In which case tracking > protection becomes important. > > I also wonder, a device that cannot afford a couple SHa2 hashes? Then > that device is probably insecure and should not be connect to the > internet anyhow. > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list ipv6@ietf.org Administrative > Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- >
- 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Behcet Sarikaya
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- RE: 64bit MAC addresses and SLAAC Vasilenko Eduard
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: [EXTERNAL] 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- RE: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: 64bit MAC addresses and SLAAC Kerry Lynn
- Re: 64bit MAC addresses and SLAAC Bob Hinden
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Gyan Mishra
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Gyan Mishra
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Ole Troan
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Fernando Gont
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- Re: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Fernando Gont
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: [EXTERNAL] Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: [EXTERNAL] 64bit MAC addresses and SLAAC Carsten Bormann
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Alexandre Petrescu
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Mark Smith
- Re: 64bit MAC addresses and SLAAC Etienne-Victor Depasquale
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- RE: 64bit MAC addresses and SLAAC Templin (US), Fred L
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- RE: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)
- Re: 64bit MAC addresses and SLAAC Philip Homburg
- Re: 64bit MAC addresses and SLAAC otroan
- Re: 64bit MAC addresses and SLAAC Pascal Thubert (pthubert)