IETF Logo Mail Archive

Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt

Mark Smith <markzzzsmith@gmail.com> Thu, 17 August 2017 02:48 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 669F61323D7 for <v6ops@ietfa.amsl.com>; Wed, 16 Aug 2017 19:48:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.497
X-Spam-Level:
X-Spam-Status: No, score=-1.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cGAlBTYRXk5U for <v6ops@ietfa.amsl.com>; Wed, 16 Aug 2017 19:48:39 -0700 (PDT)
Received: from mail-ua0-x22b.google.com (mail-ua0-x22b.google.com [IPv6:2607:f8b0:400c:c08::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51F851323BD for <v6ops@ietf.org>; Wed, 16 Aug 2017 19:48:39 -0700 (PDT)
Received: by mail-ua0-x22b.google.com with SMTP id y36so20637715uac.5 for <v6ops@ietf.org>; Wed, 16 Aug 2017 19:48:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=UwPatbb9xCNjkZy9mMA4C1Rad3Vi1ZT03mbVU89DNsc=; b=UrhcHQYNdst7WLLe1VYL01H5hGMgL8EHbadm1/XLyYz8tLJl3doho8c9rpAaJy9RkH BN1V82Z3R1QMxXFYVPBDgxW8q5QfNTP3daUvf/CuBJ0hhi4HaeKhueGFuYekbRQaGF2u H+1W2P8C6cMRxvi0ZxbqXAd/typKqIAvgF+4MjMGGL5Z7BK5hdUNXHYCgly+SrX7INhw TZS81rmC4adsQE6FUtRdaVBuf3SQVFVch81TCTJybfvvFWNpzDqmp6yGhTzagpl2IPcG 3h09NJVISF+rW/vlN6K3Nwwo6u6QiJ14tc63zevsqLm778Gch6BEM2Lc2yUZV7OqfoI+ S1ZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=UwPatbb9xCNjkZy9mMA4C1Rad3Vi1ZT03mbVU89DNsc=; b=U6jkiplFGX423BunwJethPFxOXn4wSrXDYoN3VDn90+IX/iiPs1JFmARV0tPFKeNxY B+SW11lO24v1kab7cmMqBUDn0tuLfMZVTr91gtNcTpJ6E5VbsID5VJm12AV+qbu1j3KA ryZMw/IHFtfVZG5UGhG3BcdWyHLQ1m/KyPa0bjpDj3O4vOAngmO3qBmJE2tB3UYdkldg BqBTC6vjyNSpWZGBCTxf2qy276nwZdThr2w3wMEYH9F8ZMGOXV7a4x2QS/nCr465szkl UoS5kBcubqPCcMJnSdtG+j2Bzw/95ISds8H59nwLgm61vBUbBj6gp2fDoEM6nkHT+ope DH1A==
X-Gm-Message-State: AHYfb5ic2ZxI2Wcg2AluaGCZ1WP7aQx/XTeRV8v9Q/BIzRQs25iRVlZ1 JK9oO9+NP/Rc0L7yjNEadJymxR3L/Q==
X-Received: by 10.176.25.197 with SMTP id r5mr2573098uai.22.1502938118307; Wed, 16 Aug 2017 19:48:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.7.209 with HTTP; Wed, 16 Aug 2017 19:48:06 -0700 (PDT)
In-Reply-To: <CAFgODJemiTEnHD1_Y1xfD0La=8PLAaZuNTGC27KMbKWasuEXmQ@mail.gmail.com>
References: <CAO42Z2wJBCo1yjguWSy-jzSvndeZTPgtN71FfdEhvqrVAUhZUA@mail.gmail.com> <9bd9f886-f53b-109f-d998-1d4c7adaf3b1@gmail.com> <B6A257C9-7E8A-452D-9C0F-0B10A31990CB@thehobsons.co.uk> <796A0ED0-0F58-43FA-9F81-D4D736A35F3B@steffann.nl> <BD3B4153-2EEF-4BFB-832D-D126A75AEC11@thehobsons.co.uk> <CAN-Dau2jzbQPuE5diEz-XzfRBHY=O1znE8hfy8P-Eee=MVwC_w@mail.gmail.com> <7C6C4FCC-26B9-493D-9992-4663DE6EB9CE@jisc.ac.uk> <3A69468C-98E4-4631-A52F-3D8772646EEE@consulintel.es> <20170807110746.GG45648@Space.Net> <CAO42Z2xXXjKUZ8qQY+b1NgDagX2ZJkqL5gieD+_js59ucp0EMw@mail.gmail.com> <20170810055819.GQ45648@Space.Net> <CAO42Z2xtfsYbw+Wf=ZjyFCmnDbhL17QCkWWRJ7F1+BgGCRiipg@mail.gmail.com> <51268C23-40F4-4476-9025-A1DD3BA37BC3@thehobsons.co.uk> <CAKD1Yr0uBU-LczaZJ5SdNpb_FpB0qfZJ0kNnr=gEviD+F3DTZw@mail.gmail.com> <85DFAB58-149C-405E-A497-3CBB497828B4@gmail.com> <dec51b5e-09dc-6784-4edd-19392fdfbef1@gmail.com> <CAFgODJemiTEnHD1_Y1xfD0La=8PLAaZuNTGC27KMbKWasuEXmQ@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Thu, 17 Aug 2017 12:48:06 +1000
Message-ID: <CAO42Z2zh5HZGY=rxq9BcTFRbS+_tUWyJhm9p_JahL5M6hhfDgw@mail.gmail.com>
To: DY Kim <dykim6@gmail.com>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Lorenzo Colitti <lorenzo@google.com>, Simon Hobson <linux@thehobsons.co.uk>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/sWynKrLC5dRgv7pRWQZfXZtza0Y>
Subject: Re: [v6ops] I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 02:48:41 -0000

On 17 August 2017 at 12:33, DY Kim <dykim6@gmail.com> wrote:
> In 'Unique-IPv6-Prefix-per-Host', IIDs given by a host are given to its own
> interfaces. Should there be any privacy concern about the IIDs which are
> confined to a single host?
>
> As I think, privacy concerns might be more related to /64 prefixes rather
> than IIDs.

Externally, it is not possible to determine whether a /64 is assigned
to a link or a host - consequently, it isn't possible to know if
source addresses from with a /64 represent a single device's traffic
(the /64 is assigned to a single device) or traffic from a range of
devices (a /64 is shared by many devices attached to a link.)

>Therefore, the IID length might not bear much implication in
> regard to privacy.
>

Individual source addresses however always represent traffic from a
single device.

"Security and Privacy Considerations for IPv6 Address Generation Mechanisms"
https://tools.ietf.org/html/rfc7721


> SLAAC by itself does not put any restrictions on the IID length. Unless the
> SLAAC software is hard-coded to 64-bit IIDs, it should be able to process
> configure 32-bit IIDs.
>
> If the available SLAAC is really hard-coded to 64-bit, then I mght write and
> enforce, onto the internal devices (behind my host), a simple code to assign
> 32-bit (or whatever bits shorter than 64) IIDs, since the devices might be
> under my control.
>
> Would this be policed not ever to happen?
>
> On Thu, 17 Aug 2017 at 10:32 Brian E Carpenter <brian.e.carpenter@gmail.com>
> wrote:
>>
>> On 17/08/2017 12:24, DY Kim wrote:
>> > Does this ‘unlimited devices behind the host’ include the following
>> > case?
>> >
>> >   - A host gets a /64 prefix.
>> >
>> >   - The host runs for itself an internal ‘Unique-IPv6-Prefix-per-Host’
>> > so that it hands out a /96 prefix to each internal device.
>> >
>> >   - In effect, this comes down to /96 prefixes and 32-bit IIDs.
>> >
>> > Technically, there’s no reason why this cannot be done, I’d assume.
>> > However, would this be forbidden in the sense of the current and related std
>> > track documents?
>>
>> It's forbidden by the fact that RFC4291 states that the IID length is 64.
>> Clearly that applies to SLAAC; it's a bit less clear whether it applies to
>> DHCPv6. But the privacy related RFCs make it pretty clear that 32 bits is
>> too small.
>>
>>      Brian
>>
> --
> ----
> DY
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>

v2.23.0 | Report a Bug | By Email