IETF Logo Mail Archive

Re: RFC4941bis implementations

Fernando Gont <fgont@si6networks.com> Thu, 02 April 2020 22:11 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06A8A3A0ADF for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 15:11:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AHFgNHua5syR for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 15:11:37 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A153C3A0ADD for <ipv6@ietf.org>; Thu, 2 Apr 2020 15:11:37 -0700 (PDT)
Received: from [192.168.0.10] (unknown [181.45.84.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id AF020893B6; Fri, 3 Apr 2020 00:11:32 +0200 (CEST)
Subject: Re: RFC4941bis implementations
To: "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>, Florian Obser <florian@openbsd.org>
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
References: <7d65f86a-7a82-6139-b455-a27046496c52@si6networks.com> <af621915-ad9d-eb89-01d7-6ec7c5dfdd5e@gmail.com> <20200402201140.4ohxhod3oa7fah3i@imap.narrans.de> <3a66d2ed2a4049ae83ba2f3ed6c86d30@boeing.com>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <3872b147-efca-3136-8afc-7ba6db99fa89@si6networks.com>
Date: Thu, 02 Apr 2020 18:37:20 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <3a66d2ed2a4049ae83ba2f3ed6c86d30@boeing.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/x_mH56Ul9wu0_mooGHvhapVdgjY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 22:11:40 -0000

On 2/4/20 18:19, Manfredi (US), Albert E wrote:
> -----Original Message-----
> From: ipv6 <ipv6-bounces@ietf.org> On Behalf Of Florian Obser
> 
>> I'm happy to report that slaacd(8) in OpenBSD does not care about the plen.
> It just forms a 128 bit random number and overwrites the front with
> the prefix.[1]
> So if you put your whole /29 onlink you can have 99 bits of entropy!
> 
> Yay! And if it works for any length of prefix, it also works for 64-bit prefixen.
> 
> Also want to point out, especially for devices that are assigned a prefix of their own, any argument anyone insists on, for why a long IID is better for security, would result in a shorter prefix. So the security considerations are moot. Is that 72-bit IID wonderful? What about the consequent 56-bit prefix?

Indeed.



> But okay, this might be out of scope with today's SLAAC. I continue to thik that implement SLAAC with any old IID length is just as easy as not doing so.

Same here.


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email