IETF Logo Mail Archive

Re: [v6ops] "The Internet is for End Users" (Re: I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt)

Tom Herbert <tom@herbertland.com> Thu, 17 August 2017 17:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1958131D19 for <v6ops@ietfa.amsl.com>; Thu, 17 Aug 2017 10:19:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5nS5Sby8S7Lv for <v6ops@ietfa.amsl.com>; Thu, 17 Aug 2017 10:19:12 -0700 (PDT)
Received: from mail-qk0-x244.google.com (mail-qk0-x244.google.com [IPv6:2607:f8b0:400d:c09::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FBAE120727 for <v6ops@ietf.org>; Thu, 17 Aug 2017 10:19:12 -0700 (PDT)
Received: by mail-qk0-x244.google.com with SMTP id m84so6585143qki.5 for <v6ops@ietf.org>; Thu, 17 Aug 2017 10:19:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=b5mgxTyS56/48LcqK545IkV7B/DvKSgHU/tWSVbJ5dE=; b=gBMCCHVRVrB5zjPJgyDqVPNcf8jsAsY8waB6WEb9+xtsVsVA8GkZVGEZERW/1t43YJ P1CfD7uqbERWmYmoOj9cK3yYGjC45Oj0vuWGlQ7/qywe+B0zh+H6NVMZRkZkOjeHSUET Z357YMqEM8U/feA8gfUk3AiVrmCe5zMtESkcukExOwQCI5RGmQ1l4da1TWCjpHeWzc5r fudmC5ukgpTfcrBuYrTBGuRxOOVFWKVcQsBQA5okr2I4UKz7aG9VfARcbrqXz7SSpGqP Oay+BfMBN4JS0SuBplCVapc7MecdZ43sRUZWnJiNO5DTQwnEWqcdVNHdBEhxMwFnDM5j IoRA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=b5mgxTyS56/48LcqK545IkV7B/DvKSgHU/tWSVbJ5dE=; b=GlYu5GCb1j0nru0JGqHA+AOHPZqHPhiefCMJBtWlxsIwAwVK+mNvDrFMPn2apq2dph 7kF4MO8/huiA3sFr4xTQWMXzkBwJCS313v+t5W0klZCtBbUVuRv+FOfAv9DEKyUEn7Xh riY70R0NqgJ4753RcABBtssJXufS9OPmcRTapk+6C6J0PslhV3C3/tVYwgHh4VsmPa74 CDfnLfinacrVcFC4FwJImmnAaYpbCYiEWzpehFDAh782enyT22JjC+vueqV0ZD3wNeg5 NZnYAXoPHh97t0llONhq/pOk600hzAaHVccNQ7BwP0aRwBgGd5OKlKqZbUGsj0KfSPP9 SeVQ==
X-Gm-Message-State: AHYfb5g3TUBHilvJD2Yt7bw90IPTEoEhSl62AiVlkkfqaBbUiubOpPU+ DYALN5P4CnJCW/yiJhV7krEE2wi15yF7
X-Received: by 10.55.207.211 with SMTP id v80mr7780252qkl.51.1502990351461; Thu, 17 Aug 2017 10:19:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.42.165 with HTTP; Thu, 17 Aug 2017 10:19:10 -0700 (PDT)
In-Reply-To: <CAO42Z2xwLdWo1TXeQbtLAYkE4X8QNU-V15EeEKaB3rFCPCm5kg@mail.gmail.com>
References: <CAO42Z2xwLdWo1TXeQbtLAYkE4X8QNU-V15EeEKaB3rFCPCm5kg@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 17 Aug 2017 10:19:10 -0700
Message-ID: <CALx6S34jOU1Lq8Pb_9e2Wktc1d_gkvxhKsfHAP7Z9_Kpkz8Ldg@mail.gmail.com>
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Simon Hobson <linux@thehobsons.co.uk>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/qvO5koRe9zKcdCzJ-dFxs3NY4PI>
Subject: Re: [v6ops] "The Internet is for End Users" (Re: I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 17:19:15 -0000

On Wed, Aug 16, 2017 at 7:51 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
> So how do we evaluate what is the best solution? What are the criteria to use?
>
> This discussion is going in circles because I think people have
> different opinions on what the criteria are.
>
> Mark Nottingham has been working on the following draft,
>
> "The Internet is for End Users"
> https://tools.ietf.org/id/draft-nottingham-for-the-users-05.txt
>
> which says that what is best for the end-user needs should trump any
> other parties' needs. I entirely agree.
>
> What is best for end-users is the fundamental goal. I've thought it
> would be useful to have a set of high level and end-user oriented
> criteria to use to evaluate various technical choices, in particular
> when there are situations such as this one.
>
> I've thought there are the following 3 high level end-user criteria to
> use for evaluation:
>
> * Available and Reliable
>
> * Secure and Private
>
> * Cost Effective
>
> It seems to me that all IETF solutions should meet all of these
> criteria, ensuring they are prioritising end-user needs.
>
> I've suggested these to Mark for his ID, and to demonstrate their use,
> I used the 64 bit IID example. My evaluation was rushed for the
> purposes of example in the email. There are other Secure and Private
> impacts other than just being able to successfully scan a 32 bit
> address space. Another example is that reducing shrinking IIDs to
> increase the number of prefixes available within an assignment e.g. a
> /32 doesn't improve Cost Effectiveness because their RIR cost is
> trivial (a /48 is 1 or 2 cents per annum), and route table slot use
> doesn't change.
>
> "If IPv6 IIDs were reduced to something like 32 bits, would any of the
> above be impacted:
>
> - Available and Reliable: No. May have a positive influence, as
> availability and reliability possibly could be increased, as ND cache
> resource exhaustion attacks effectiveness would be reduced.
>
> - Secure and Private: Yes, negatively. It is practical to scan 32 bit
> address spaces e.g., shodan.io. 64 bit random addresses are effective
> at mitigating device discovery via unsolicited packet probing, 32 bit
> random addresses would not be.
>
The corollary to "the Internet is for the end users" should be that
"end users should never trust the network". If you want security and
privacy it should be implemented end to end. Networks do not uniformly
provide security for users, which is to say that the base assumption
is that they do not provide any security and are themselves insecure.
For instance, the moment we send a packet with a source address into
the Internet the best security assumption is our address is now known
to the whole world-- the packet may be logged by switches, servers log
it, there may third party interception, etc. It follows that random
addresses are not real security from a user or host point of view.
There is a motivation to use different addresses for connections from
a host so that two flows cannot be correlated to originating from the
same device, but that only works if the device specific portion of the
address is different which would not currently be the case for UEs
assigned a single /64.

Tom

v2.23.0 | Report a Bug | By Email