[v6ops] "The Internet is for End Users" (Re: I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt)
Mark Smith <markzzzsmith@gmail.com> Thu, 17 August 2017 02:52 UTC
Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93DB132449 for <v6ops@ietfa.amsl.com>; Wed, 16 Aug 2017 19:52:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.197
X-Spam-Level:
X-Spam-Status: No, score=-2.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8uD4Ybkw0OQN for <v6ops@ietfa.amsl.com>; Wed, 16 Aug 2017 19:52:10 -0700 (PDT)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 675A313217D for <v6ops@ietf.org>; Wed, 16 Aug 2017 19:52:10 -0700 (PDT)
Received: by mail-vk0-x22b.google.com with SMTP id r199so18317207vke.4 for <v6ops@ietf.org>; Wed, 16 Aug 2017 19:52:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=hAPAplaHwKAYwWsobt98+YCwo/ZIiEkHWkqB/VOmpHc=; b=SR9DXQcaAa2tPj5XyU4FFNGONYvmfqiZWwItwTMVQYhC5MIxS2vwS+pIh2JMUCeJRs 4BS2bp/tHXGo+gT4I6ccZHQpPPP3cKAocHXpWBUPPQAAGO8fG8XuDhT1W+cVIRWD0cxH OogY86kPKlX6p71p+otHkQItaxr8t+EyoQFshsBj+RvzqXTP5MeIXFGfrQFba2QN2KwI 8YNOr5KV+FRXFGVIYpjtgvAuYJ9er6s8tsf/A9DNQTr4YFN14L6H9LBfECLywVJzjRf7 n6PSxilun2nnrfjWutzvDja0QBS9I4cq7NKPZGv6b41OTQHY01sI5elQfBn+H+YaxUJR 5w8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=hAPAplaHwKAYwWsobt98+YCwo/ZIiEkHWkqB/VOmpHc=; b=pW+WrkoJYnMLhYHQ0BrWRe4Bu2X8O9Xa6c+nuc2TxdMEt2OBqyN8qe3Kz5/64XttuK 4N1YbE0b3+p28EqxZuAaPze6WSOGBo5JIUWGpXekC3+/XsEjOP4g7nSpdS4tg0p8YjZ7 UXjCMWLtehpqjk6kqq5YxqGL8KU9UTvrSH8j8dkq5fSQ8Ma36NIkDv/f5zKOaVLAXD1M GZIUtoy2lPQDYcsRI3xAbo/awL7PG/ZsMev0MZhjDkX3nfwA9q4yEvUchZar2rChZGyh Cao5yGx6dSxMKbQlKm0uZfosgxnNIqNHqA+LTSoWtKcrjNHCbQJwp4ZoGsxWZ6lK9Buo 7/BQ==
X-Gm-Message-State: AHYfb5gGnk5SJ7a07wg//xThf/ZJs12DCn6jEtNo/nUKh+DYqb9BBDlz SaTxUvh4p8DivjSg/DDQ8TBHEn8gHA==
X-Received: by 10.31.6.205 with SMTP id 196mr2576437vkg.10.1502938329507; Wed, 16 Aug 2017 19:52:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.7.209 with HTTP; Wed, 16 Aug 2017 19:51:39 -0700 (PDT)
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 17 Aug 2017 12:51:39 +1000
Message-ID: <CAO42Z2xwLdWo1TXeQbtLAYkE4X8QNU-V15EeEKaB3rFCPCm5kg@mail.gmail.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: DY Kim <dykim6@gmail.com>, Lorenzo Colitti <lorenzo@google.com>, Simon Hobson <linux@thehobsons.co.uk>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/XbBgKZdYWdRnUDXDl8PxJ9x6Hn8>
Subject: [v6ops] "The Internet is for End Users" (Re: I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 02:52:13 -0000
So how do we evaluate what is the best solution? What are the criteria to use? This discussion is going in circles because I think people have different opinions on what the criteria are. Mark Nottingham has been working on the following draft, "The Internet is for End Users" https://tools.ietf.org/id/draft-nottingham-for-the-users-05.txt which says that what is best for the end-user needs should trump any other parties' needs. I entirely agree. What is best for end-users is the fundamental goal. I've thought it would be useful to have a set of high level and end-user oriented criteria to use to evaluate various technical choices, in particular when there are situations such as this one. I've thought there are the following 3 high level end-user criteria to use for evaluation: * Available and Reliable * Secure and Private * Cost Effective It seems to me that all IETF solutions should meet all of these criteria, ensuring they are prioritising end-user needs. I've suggested these to Mark for his ID, and to demonstrate their use, I used the 64 bit IID example. My evaluation was rushed for the purposes of example in the email. There are other Secure and Private impacts other than just being able to successfully scan a 32 bit address space. Another example is that reducing shrinking IIDs to increase the number of prefixes available within an assignment e.g. a /32 doesn't improve Cost Effectiveness because their RIR cost is trivial (a /48 is 1 or 2 cents per annum), and route table slot use doesn't change. "If IPv6 IIDs were reduced to something like 32 bits, would any of the above be impacted: - Available and Reliable: No. May have a positive influence, as availability and reliability possibly could be increased, as ND cache resource exhaustion attacks effectiveness would be reduced. - Secure and Private: Yes, negatively. It is practical to scan 32 bit address spaces e.g., shodan.io. 64 bit random addresses are effective at mitigating device discovery via unsolicited packet probing, 32 bit random addresses would not be. - Cost Effective: Yes, negatively. 64 bit IIDs have been the standard since July 1998 per RFC2373, meaning many protocols and implementations assume them. Code would have to be audited and possibly modified, and that code update distributed; there would be a population of devices that won't receive the update etc. End-user services outages could result due to incompatibility." As smaller IIDs have more negative than positive Secure and Private, and Cost Effective impacts compared to what we have today, it seems to me that they should be left alone, as the drawbacks of changing them outweigh the benefits. Regards, Mark.
- [v6ops] "The Internet is for End Users" (Re: I-D … Mark Smith
- Re: [v6ops] "The Internet is for End Users" (Re: … Lorenzo Colitti
- Re: [v6ops] "The Internet is for End Users" (Re: … Tim Chown
- Re: [v6ops] "The Internet is for End Users" (Re: … Lorenzo Colitti
- Re: [v6ops] "The Internet is for End Users" (Re: … Timothy Winters
- Re: [v6ops] "The Internet is for End Users" (Re: … Lee Howard
- Re: [v6ops] "The Internet is for End Users" (Re: … Tim Chown
- Re: [v6ops] "The Internet is for End Users" (Re: … John A. Kilpatrick
- Re: [v6ops] "The Internet is for End Users" (Re: … Tom Herbert
- Re: [v6ops] "The Internet is for End Users" (Re: … Ted Lemon
- Re: [v6ops] "The Internet is for End Users" (Re: … Tom Herbert
- Re: [v6ops] "The Internet is for End Users" (Re: … Fernando Gont
- Re: [v6ops] "The Internet is for End Users" (Re: … Libor Polčák