Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)

[Fernando Gont <fgont@si6networks.com>]

On 06/08/2017 02:41 PM, Lorenzo Colitti wrote:
> On Wed, Jun 7, 2017 at 9:03 PM, Fernando Gont <fgont@si6networks.com
> <mailto:fgont@si6networks.com>> wrote:
> 
>     Measurements indicate that when folks do manual configuration, they do
>     "low-byte" addresses -- i.e., no matter the prefix length, they just set
>     the IID to all zeroes except for the last byte or so. -- having "easy to
>     remember" addresses seems to be the goal in that case.
> 
> 
> I don't think you have measurements that prove this. You almost
> certainly can make a statement that there are a number of low-entropy
> addresses where the top bytes are all zeros, and that those are *likely*
> statically configured.

Are you assuming that such low-byte addresses are the result of
automatic configuration? How come?


> I don't think you can prove that the high-entropy
> addresses with lots of nonzero bits are NOT manually configured.

That's the point: there are not a lot of high-entropy addresses. See the
measurements in RFC7707.



> As for "last byte" - using the last 32 bits of the address to store the
> IPv4 address seems pretty common too. Akamai has published data about
> this, I believe.

we have similar measurements in RFC7707. However, using the low-order 32
bits in such way is equivalent to simply setting the low byte of the
addresses.

The point is that when employing manual configuration, addresses always
have small entropy. Hence employing a lot of bits doesn't buy much,
because folks simply do not use them for additional entropy.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492