Re: [v6ops] Benjamin Kaduk's No Objection on draft-ietf-v6ops-cpe-slaac-renum-07: (with COMMENT)

[Benjamin Kaduk <kaduk@mit.edu>]

On Thu, Feb 25, 2021 at 05:27:36PM -0300, Fernando Gont wrote:
> Hello, Ben,
> 
> Thanks a lot for our comments! In-line....
> 
> On 23/2/21 19:13, Benjamin Kaduk via Datatracker wrote:
> [....]
> > Section 3
> > 
> >     o  WPD-10: CE Routers MUST by default use a stable IAID value that
> >        does not change between CE Router restarts, DHCPv6 client
> >        restarts, or interface state changes. e.g., Transient PPP
> >        interfaces.  See Section 3.2 for further details.
> > 
> > The text in Section 3.2 goes into a bit more detail to clarify that this
> > is basically a pre-existing requirement from RFC 8415, but the short
> > text here is easy to misread as imposing a requirement to use a stable
> > persistent identifier, which would have lousy privacy properties.  RFC
> > 8415 does acknowledge this issue to some extent, but the most applicable
> > text about it seems to be in Section 4.5 of RFC 7844, that clarifies
> > that the IAID needs to be consistent for the association *as long as the
> > link-layer address remains constant*, which is a very natural scope and
> > consistent with best practices for simultaneously changing identifiers
> > at different layers when needed for privacy improvement. 
> 
> You're right that if the CE Router changes its link-layer address, it's 
> probably because it's trying to its identity, and hence the IAID should 
> also change.
> 
> (FWIW, to a large extent we phrased the text as is because I know of no 
> CE Router that randomizes it's link-layer address, so in practice it 
> would result in the same thing). Not surprisingly, I'm keen to improve 
> the specification of this numeric id ;-), so how about:
> 
>       o  WPD-10: CE Routers MUST by default use an IAID
>          value on the WAN-side that does not change between CE Router
>          restarts, DHCPv6 client restarts, or interface state changes
>          (e.g., Transient PPP interfaces), as long as the underlying
>          link-layer address (if any) does not change..  See Section 3.2
>          for further details.
> 
> 
> Or maybe:
>       o  WPD-10: CE Routers MUST by default use a WAN-side IAID
>          value that is stable between CE Router
>          restarts, DHCPv6 client restarts, or interface state changes
>          (e.g., Transient PPP interfaces), as long as the underlying
>          link-layer address (if any) does not change..  See Section 3.2
>          for further details.

The thread has continued and I think has gotten into enough details that I
don't know much about that my insight will not be very valuable.  About the
only contribution I might make is that a construction of the form "MUST by
default behave such that [list of things] or behave according to RFC 7844"
might be a little easier to read, since it's a choice rather than a primary
behavior and exception.

> 
> 
> 
> > It would be
> > great if we could spend a few words here to clarify that this is not a
> > permanent identifier that could be abused for tracking, perhaps "(Per
> > [RFC8415] it is still expected to change when the link-layer address
> > changes.)", though I was hoping to have something shorter.
> 
> Is it? There doesn't seem to be such provision in RFC8415. And RFC7844 
> is really an opt-in...

My mistake; I think that was sloppy writing from me here and I meant to
say something like "still permitted to change".

> 
> 
> > Additionally, while RFC 8415 is clear that the IAID is assigned by the
> > client, this text might benefit from noting (e.g.) which interface it is
> > used on, since the CE router will often be on both ends of different
> > DHCPv6 exchanges.
> 
> You mean like the "WAN-side" text above?

Exactly!

Thanks,

Ben