IETF Logo Mail Archive

Re: <draft-ietf-6man-default-iids> update to rfc2464bis

Fernando Gont <fgont@si6networks.com> Thu, 12 January 2017 11:31 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A8011295B9 for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 03:31:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwYKmyWs9L9M for <ipv6@ietfa.amsl.com>; Thu, 12 Jan 2017 03:31:34 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E312B1295A6 for <ipv6@ietf.org>; Thu, 12 Jan 2017 03:31:33 -0800 (PST)
Received: from [192.168.3.88] (142-135-17-190.fibertel.com.ar [190.17.135.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 86833836ED; Thu, 12 Jan 2017 12:31:08 +0100 (CET)
Subject: Re: <draft-ietf-6man-default-iids> update to rfc2464bis
To: Lorenzo Colitti <lorenzo@google.com>
References: <1E7F90AC-79BB-49BE-B397-EC829EA95AA4@gmail.com> <CAKD1Yr0O6gnXZc3qEY7bqkBYu-sx1_erwum2DRwpe+Vv+jmdiw@mail.gmail.com> <7456833d-aa3f-d368-6041-cfdc1ac95f6f@si6networks.com> <CAKD1Yr1dQF7Cg0mppZVcSXC15pue_y1Qb-GugKY+G8u-dRyJtg@mail.gmail.com> <89fc8838-f6cd-1647-8468-1c8c11466aff@si6networks.com> <CAKD1Yr2z22ZX85ywAcqobbHZ20Kx4VvFhEmzJnSG_0hQBLLvyw@mail.gmail.com> <b3707115-b9d1-cc14-4cb9-0a3ffdd0cdfc@si6networks.com> <CAKD1Yr0WkMJ4+FwdE2Re=Aifm2HgCha2i67mexpcO5rkz3PYww@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <33d91d6c-18dc-1ec0-fc4d-edc83a86ce83@si6networks.com>
Date: Thu, 12 Jan 2017 08:29:49 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <CAKD1Yr0WkMJ4+FwdE2Re=Aifm2HgCha2i67mexpcO5rkz3PYww@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/zPyj8rSNdF8USBTCiwVWhWyNRjw>
Cc: IPv6 List <ipv6@ietf.org>, Bob Hinden <bob.hinden@gmail.com>, Suresh Krishnan <suresh.krishnan@ericsson.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 11:31:36 -0000

On 01/12/2017 08:08 AM, Lorenzo Colitti wrote:
> On Thu, Jan 12, 2017 at 7:25 PM, Fernando Gont <fgont@si6networks.com
> <mailto:fgont@si6networks.com>> wrote:
> 
>     > I don't see why we should forbid this. It's a legitimate implementation
>     > choice, and has excellent privacy properties :-)
> 
>     I'm not saying we should forbid this -- actually, there are scenarios
>     where it should probably be the recommended approach.
> 
>     But that's not the operating model we have right now -- that's the
>     point.
> 
> The point I am making is that according to current and
> about-to-be-published specs, a node is free to create addresses that
> change over time, since nothing forbids it.

I guess you're allowed. That does change the operating assumptions, and
I wouldn't be surprised to see breakage.



>     > Sure. If you can find rough consensus to say all other methods of
>     > generating IIDs are bad and should not be used, the IETF will publish a
>     > document saying that. My bet is that you won't.
> 
>     I'm not saying that. For instance, if you want temp addresses, and you
>     decide to send the 64 bits with a PRNG of your choice, that's fine. If
>     your goal is privacy and you decide to waste 18 bits 'cause you want to
>     stick to modified-eui64, you're doing a lousy job.
> 
> Good, then we agree that a node is free to create addresses that change
> over time using schemes that are not described in RFC 7217, RFC 4941, or
> any other document.

Yes, you're "free" to do your own proprietary thing, which does not
follow any IETF stds, I guess.



>     > To get back to the original point: in the current state of the documents
>     > that we have published or are about to publish (e.g., the default-iids
>     > draft), as reflecting the consensus call sin th it's not true that
>     > modified EUI-64 is not recommended. It's only not recommended if you use
>     > stable link-layer addresses.
>     >
>     > Bob, Ole, Suresh: can we also amend or remove this text in 4291bis
>     > before we publish it? I think it's an oversight because there was clear
>     > consensus in 6man (Fernando being in the rough) that it was OK to use
>     > modified EUI-64 with non-stable MAC addresses:
>     >
>     >    Earlier versions of this document described a method of forming
>     >    interface identifiers derived from IEEE MAC-layer addresses call
>     >    Modified EUI-64 format.  These are described in Appendix A and are no
>     >    longer recommended.
> 
>     All these documents are about generating stable addresses, not temporary
>     addresses. So I'm not sure why the text should be removed. The text in
>     all this documents ae about stable addresses. IETF-wise, the only doc
>     that is about temporary addresses is RFC4941. Hence the text seems
>     correct to me.
> 
> 
> If instead of removing that text we can clarify that it only applies to
> stable addresses, that works for me. Suggestion: change "These are
> described in Appendix A and are no longer recommended." to ""These are
> described in Appendix A and are no longer recommended for stable addresses."

Fine. Isn't the assumption in all these RFCs that the addresses are
stable, and that the MAC addresses are unique?



> The reason the text needs to be changed is because during the discussion
> of default-iids there was substantial discussion of the use case of
> using EUI-64 with randomized MAC addresses. There was consensus that
> this is a use case we want to support, and as a result, the working
> group concluded that we should change every occurrence of the phrase
> "based on a link-layer address" to "based on a stable link-layer
> address" in the default-iids draft.

My read of the discussion is that you didn't want default-iids to ban
this case (and maybe there was not more than one or two voices in this
direction), and we simply decided to have default-iids fous on stable
addresses to be able to do progress on something. Claiming that doing
temp adderesses by doing MOdified-EUI64 is streching that outcome quite
a bit, IMO.



> We should make the same distinction
> in 4291bis and 2464bis: EUI-64 is not recommended for use with stable
> link-layer addresses, but it can be used with non-stable link-layer
> addresses.

All this documents talk about stable addresses. Discussing temp
addresses in them is actually talking about stuff that simply wasn't
there, with operating conditions different from those assummed so far.

Again, I sympathize with temp only in scenarios where they make sense.
But things like that don't seem within what has been specified so far
(i.e., there's work to be done, including analyzing what might break).

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email