Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt

[DY Kim <dykim6@gmail.com>]

In 'Unique-IPv6-Prefix-per-Host', IIDs given by a host are given to its own
interfaces. Should there be any privacy concern about the IIDs which are
confined to a single host?

As I think, privacy concerns might be more related to /64 prefixes rather
than IIDs. Therefore, the IID length might not bear much implication in
regard to privacy.

SLAAC by itself does not put any restrictions on the IID length. Unless the
SLAAC software is hard-coded to 64-bit IIDs, it should be able to process
configure 32-bit IIDs.

If the available SLAAC is really hard-coded to 64-bit, then I mght write
and enforce, onto the internal devices (behind my host), a simple code to
assign 32-bit (or whatever bits shorter than 64) IIDs, since the devices
might be under my control.

Would this be policed not ever to happen?

On Thu, 17 Aug 2017 at 10:32 Brian E Carpenter <brian.e.carpenter@gmail.com>
wrote:

> On 17/08/2017 12:24, DY Kim wrote:
> > Does this ‘unlimited devices behind the host’ include the following case?
> >
> >   - A host gets a /64 prefix.
> >
> >   - The host runs for itself an internal ‘Unique-IPv6-Prefix-per-Host’
> so that it hands out a /96 prefix to each internal device.
> >
> >   - In effect, this comes down to /96 prefixes and 32-bit IIDs.
> >
> > Technically, there’s no reason why this cannot be done, I’d assume.
> However, would this be forbidden in the sense of the current and related
> std track documents?
>
> It's forbidden by the fact that RFC4291 states that the IID length is 64.
> Clearly that applies to SLAAC; it's a bit less clear whether it applies to
> DHCPv6. But the privacy related RFCs make it pretty clear that 32 bits is
> too small.
>
>      Brian
>
> --
----
DY