IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt

DaeYoung KIM <dykim6@gmail.com> Thu, 17 August 2017 04:55 UTC

Return-Path: <dykim6@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F234B13235B for <v6ops@ietfa.amsl.com>; Wed, 16 Aug 2017 21:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lt_W32V8oH9p for <v6ops@ietfa.amsl.com>; Wed, 16 Aug 2017 21:55:03 -0700 (PDT)
Received: from mail-pg0-x244.google.com (mail-pg0-x244.google.com [IPv6:2607:f8b0:400e:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59AF0124E15 for <v6ops@ietf.org>; Wed, 16 Aug 2017 21:55:03 -0700 (PDT)
Received: by mail-pg0-x244.google.com with SMTP id t80so1752967pgb.2 for <v6ops@ietf.org>; Wed, 16 Aug 2017 21:55:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zG2xAEaS2PAoT084maePhqRd+oBrh7ErYphzJJPTEFw=; b=nzVNY8J04PsUD+8YX7lsOV3YxTH2H8q+BkZ1AgG/M2pw44rZ4H9Iogq9cKm9srMnkw K3SbPRL1D4dg33t5zF6OWWAF7wrCfC7AQvOwssmCl2MdPyLSbqHn1Mq1q1JOtS/IdxU7 2xU/jJ7QClh5n5DE9IWiJBT+xuA8rx+Gg16kmei1Th0DNJgzMs/bDEP25nrrkOLupKir ISUzuJe+8YLDdR8HioYeSmiwEd1Yl7svR6Ofm1o5mgbhel/zO5LobL5CSLar3nqtwvuG NJTtzh2X2AZjiAJNBi9nPrjIbS11Qx35vMfOnRqWSi3xOaa/2efaKFSa71PbEj6iSGLL 8iCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=zG2xAEaS2PAoT084maePhqRd+oBrh7ErYphzJJPTEFw=; b=YmCbm9VEHOFmqNKNq+lCcmtP51HKWNOSXopMWfu+6Gfbm7fDlhDv9/9DlQ8WexwyPz JOH172VML/rJ5bm3utU322QIGyYMTKFeSvoJyvVTcfbrWwTGgEibrRDWemAG+eoVkG7/ 7uXjlZK84FczCFXYCGSWP2AsT6T+JnoIMup1cD2lANjD9bfufhbxAH5IUr8nElOXoBZ8 j/FwfWP84C4Crzz9zqKUpGVtmGUjWEStBZynjmYTsSwyTuLM70c23dRcofJeY21pnGZt m2Xn5luTaK+cq3p0HmU1Cc7RQkpu5f3B5nNlVDKj5DwPaQWGfV4Mz9vt2saW6B1WDbqR ++3g==
X-Gm-Message-State: AHYfb5goApHUIXDDf+gIK0BsLHSxi4wWfCq/fS02y+yBDmh2vu1ABPVC kDpFVNIlKNsrz06e78Q=
X-Received: by 10.98.33.84 with SMTP id h81mr3957726pfh.302.1502945702959; Wed, 16 Aug 2017 21:55:02 -0700 (PDT)
Received: from [100.68.118.228] ([39.7.58.87]) by smtp.gmail.com with ESMTPSA id c14sm5281677pfl.160.2017.08.16.21.55.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 16 Aug 2017 21:55:01 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: DaeYoung KIM <dykim6@gmail.com>
X-Mailer: iPhone Mail (14G60)
In-Reply-To: <CAO42Z2zh5HZGY=rxq9BcTFRbS+_tUWyJhm9p_JahL5M6hhfDgw@mail.gmail.com>
Date: Thu, 17 Aug 2017 13:54:59 +0900
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Lorenzo Colitti <lorenzo@google.com>, Simon Hobson <linux@thehobsons.co.uk>, v6ops list <v6ops@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <D34A7642-6E70-4FD7-9D71-D1C62D561FC4@gmail.com>
References: <CAO42Z2wJBCo1yjguWSy-jzSvndeZTPgtN71FfdEhvqrVAUhZUA@mail.gmail.com> <9bd9f886-f53b-109f-d998-1d4c7adaf3b1@gmail.com> <B6A257C9-7E8A-452D-9C0F-0B10A31990CB@thehobsons.co.uk> <796A0ED0-0F58-43FA-9F81-D4D736A35F3B@steffann.nl> <BD3B4153-2EEF-4BFB-832D-D126A75AEC11@thehobsons.co.uk> <CAN-Dau2jzbQPuE5diEz-XzfRBHY=O1znE8hfy8P-Eee=MVwC_w@mail.gmail.com> <7C6C4FCC-26B9-493D-9992-4663DE6EB9CE@jisc.ac.uk> <3A69468C-98E4-4631-A52F-3D8772646EEE@consulintel.es> <20170807110746.GG45648@Space.Net> <CAO42Z2xXXjKUZ8qQY+b1NgDagX2ZJkqL5gieD+_js59ucp0EMw@mail.gmail.com> <20170810055819.GQ45648@Space.Net> <CAO42Z2xtfsYbw+Wf=ZjyFCmnDbhL17QCkWWRJ7F1+BgGCRiipg@mail.gmail.com> <51268C23-40F4-4476-9025-A1DD3BA37BC3@thehobsons.co.uk> <CAKD1Yr0uBU-LczaZJ5SdNpb_FpB0qfZJ0kNnr=gEviD+F3DTZw@mail.gmail.com> <85DFAB58-149C-405E-A497-3CBB497828B4@gmail.com> <dec51b5e-09dc-6784-4edd-19392fdfbef1@gmail.com> <CAFgODJemiTEnHD1_Y1xfD0La=8PLAaZuNTGC27KMbKWasuEXmQ@mail.gmail.com> <CAO42Z2zh5HZGY=rxq9BcTFRbS+_tUWyJhm9p_JahL5M6hhfDgw@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/_VIuqBk9YTY5P2TKi5Mnv4JBNyo>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 04:55:05 -0000


Sent from my iPhone

> On 17 Aug 2017, at 11:48, Mark Smith <markzzzsmith@gmail.com> wrote:
> 
> Externally, it is not possible to determine whether a /64 is assigned
> to a link or a host - consequently, it isn't possible to know if
> source addresses from with a /64 represent a single device's traffic
> (the /64 is assigned to a single device) or traffic from a range of
> devices (a /64 is shared by many devices attached to a link.)

Exactly.

So, why would it bother you

   - if a host given a /64 prefix assigns a 64-bit IID to each of its interfaces, or 

   - if the same host subdivides the /64 prefix into multiple /96 prefixes each of which be given to internal devices behind, wherein each device then assigns 32-bit IIDs to its own interfaces.

Such domestic behaviors are not observable from outside, so why would you enforce 64 bits for whatever is classified as an IID?

> Individual source addresses however always represent traffic from a
> single device.

Of course.  

The original question was about the feasibility of 32-bit length of IIDs for internal devices behind a /64 host, in regards to privacy.

In a legacy IPv6 networking, the pool of 64-bit IIDs would be shared by hosts inside a subnet which may contain arbitrarily many hosts,

whereas in my scenario of internal /96 devices behind a /64 host, the pool of 32-bit IIDs would be shared by interfaces of a single device.

If obfuscation should be a measure of merit, the obfuscation of 32-bit IIDs across interfaces of a /96 device should not be terribly inferior to that of 64-bit IIDs across all interfaces of all hosts inside a /64 subnet.

My question then goes back to

   - What's the point of mandating 64 bits for IIDs when behaviors internal to or behind a /64 are not observable from outside anyhow?

   - Are there any practical ways to police them and return penalties to ill-behaving hosts?

v2.23.0 | Report a Bug | By Email