A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)
draft-ietf-6man-stable-privacy-addresses-17
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2014-04-30
|
17 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2014-04-18
|
17 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2014-03-22
|
17 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2014-01-31
|
17 | Cindy Morgan | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2014-01-31
|
17 | (System) | RFC Editor state changed to EDIT |
2014-01-31
|
17 | (System) | Announcement was received by RFC Editor |
2014-01-31
|
17 | (System) | IANA Action state changed to No IC from In Progress |
2014-01-31
|
17 | (System) | IANA Action state changed to In Progress |
2014-01-30
|
17 | Cindy Morgan | State changed to Approved-announcement sent from IESG Evaluation::AD Followup |
2014-01-30
|
17 | Cindy Morgan | IESG has approved the document |
2014-01-30
|
17 | Cindy Morgan | Closed "Approve" ballot |
2014-01-30
|
17 | Brian Haberman | Notification list changed to : 6man-chairs@tools.ietf.org, draft-ietf-6man-stable-privacy-addresses@tools.ietf.org |
2014-01-30
|
17 | Brian Haberman | Ballot writeup was changed |
2014-01-30
|
17 | Brian Haberman | Ballot writeup was changed |
2014-01-30
|
17 | Brian Haberman | Ballot approval text was generated |
2014-01-30
|
17 | Brian Haberman | [Ballot Position Update] Position for Brian Haberman has been changed to Yes from Discuss |
2014-01-28
|
17 | Stephen Farrell | [Ballot comment] Thanks for those changes. One new comment. It'd be better to reference HMAC-SHA1 and HMAC-SHA256 as the examples and not SHA1 and SHA256. … [Ballot comment] Thanks for those changes. One new comment. It'd be better to reference HMAC-SHA1 and HMAC-SHA256 as the examples and not SHA1 and SHA256. There are relevant security differences between those, depending on how you provide and process the inputs to F(). (I've not tried to figure out if ther're significant here, but the HMAC flavours are just better and if you did use them then I'd not even need to think about it:-) If you're not happy to do that then rather than say that SHA1 or SHA256 can be used "for" F(), it'd be better to say that F() can be "baeed upon" SHA1, as that'd encompass HMAC-SHA1 or HMAC-SHA256. |
2014-01-28
|
17 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to No Objection from Discuss |
2014-01-27
|
17 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2014-01-27
|
17 | Fernando Gont | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2014-01-27
|
17 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-17.txt |
2014-01-23
|
16 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Vincent Roca. |
2014-01-23
|
16 | Cindy Morgan | State changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2014-01-23
|
16 | Spencer Dawkins | [Ballot comment] This is a very well-written and clear document. Thank you for that. |
2014-01-23
|
16 | Spencer Dawkins | [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins |
2014-01-23
|
16 | Brian Haberman | [Ballot discuss] I am taking the somewhat curious route of raising a DISCUSS on a document that I am shepherding. I will return to a … [Ballot discuss] I am taking the somewhat curious route of raising a DISCUSS on a document that I am shepherding. I will return to a Yes when these issues are resolved. Thomas Narten raised a good point that this document does not mention the work published in RFCs 4436 and 6059 (from the concluded DNA WG). Two of the points he raised are worth addressing in this document prior to publication. 1. [Resolved] - Storing addresses is going to raise privacy issues. 2. DNA provides some ability to manage the Network_ID component of the cryptographic hash. For wired networks, that may be quite useful as long as the Network_ID can be stored securely. |
2014-01-23
|
16 | Brian Haberman | Ballot discuss text updated for Brian Haberman |
2014-01-23
|
16 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
2014-01-23
|
16 | Richard Barnes | [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes |
2014-01-23
|
16 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Issues. Reviewer: Tim Chown. |
2014-01-23
|
16 | Benoît Claise | [Ballot comment] Please Tim's OPS DIR review (currently under discussion) First, I would note that I have already contributed comments/text to this draft, as acknowledged … [Ballot comment] Please Tim's OPS DIR review (currently under discussion) First, I would note that I have already contributed comments/text to this draft, as acknowledged by Fernando. It’s been a few versions since I last read it. The goal of the draft has considerable merit, and I believe the document is worthy of publication, subject to comments belwo being considered. I would classify the document as ‘Ready with issues’. Issues: 1. In the discussion in section 5 on the algorithm, it may be desirable to suggest that implementations allow a choice of IID generation based on ‘classic’ SLAAC with EUI-64 or via this new proposed method, with a default of the new method. 2. In the algorithm section, there is a comment that interface names MUST remain the same across boots or down/up events for the stable privacy address to remain stable. I have (admittedly some time ago, and in rare cases) seen Linux installations where network interface names can ‘swap’, thus changing the address in use on the interface under the proposed algorithm, whereas with existing EUI64 SLAAC the IIDs would remain the same even if the interface name for a physical interface changed. This is probably rather more likely if replacing a network card on motherboard with on-board NIC(s). Perhaps Fernando can comment on whether this is a realistic concern with modern OSes. 3. I assume the IID may/will vary for a different OS run on the same host, e.g. where the host is dual-boot, or where a new OS installed (or the same OS re-installed). A different OS may well use a different F(), given that’s not specified. With EUI-64, a dual-boot host would likely have the same address under either OS (well, not Windows any more…). This may be worth making explicit. 4. The draft talks (in one place in Section 3) about stable privacy addresses being allocated by DHCPv6; some further discussion of how this might be achieved may be useful given the secret key is presumed to be generated on and reside on the host, not the DHCPv6 server. Or would this be described in a separate future draft? This may be a case where the administrator being able to display or change the secret key needs to be more than a MAY as currently satted in the text. 5. Design goal 1 might add “and same interface” for scenarios where a host has two interfaces in the same subnet (with the same prefix). This scenario is one that may cause ‘interesting’ effects with addresses if interface names swap and no Network_ID is used. 6. I’d suggest not mentioning MD5. Nits: 1. Some references are included multiple times, e.g. [RFC4941], rather than only at the first instance. 2. Design goal 2, perhaps say “must” rather than “do”? 3. In section 4 the author states the goal of stable IIDs within a given subnet. It may be better to say for a given prefix, given a renumbering process will change the prefix and with it the IID, though by loose language you might refer to it as the same subnet. In response to recent discussion on 6man, I don’t believe it’s practical or desirable for a node to store addresses related to locations (networks) visited. I agree with the author that the static address per network should be generated statelessly. |
2014-01-23
|
16 | Benoît Claise | Ballot comment text updated for Benoit Claise |
2014-01-22
|
16 | Stephen Farrell | [Ballot discuss] (0) Just modifying my disucss to discuss a part of Brian's discuss:-) I'm sure we'll sort it out easily enough though. I very … [Ballot discuss] (0) Just modifying my disucss to discuss a part of Brian's discuss:-) I'm sure we'll sort it out easily enough though. I very much do not think that it'd be a good plan to store every address that has been generated using this algorithm. That would be making a privacy-enhancing feature damage privacy. See [1] for an example. [1] http://www.theguardian.com/technology/2011/apr/20/iphone-tracking-prompts-privacy-fears (1) Section 5: Why mention only MD5 and SHA1? Why not HMAC-SHA256? As-is, implementers are likely to get this wrong in various ways, e.g. allowing MD5 collisions to be generated on purpose with different inputs perhaps as a way to assign blame to an innocent victim. If HMAC-MD5 or better (*) HMAC-SHA256 were recommended instead, it is far more likley that implementers will do the right thing and it seems just as easy to do today's right thing as what's mentioned here. (*) Even though HMAC-MD5 is still ok, its better (for audit reasons) if we reduce the number of copies of MD5 runtime code on systems and do not introduce new instances of that code. (2) Why might a sys admin want to display the secret key? If there's a reason shouldn't you say so that coders don't do the wrong thing? The concern is that once established, this key might be re-used for other purposes and display might then become an interesting attack vector. |
2014-01-22
|
16 | Stephen Farrell | [Ballot comment] - Probably not worth investigating, but I'd wonder if a bad-actor with the 64 bit prefix to play about with could force an … [Ballot comment] - Probably not worth investigating, but I'd wonder if a bad-actor with the 64 bit prefix to play about with could force an IID on a node that used plain MD5 with a guessable or known secret_key. I don't think that's doable today but its yet another reason to avoid very outdated hash functions like md5. This is a non-issue if discuss#1 is resolved by ditching MD5. |
2014-01-22
|
16 | Stephen Farrell | Ballot comment and discuss text updated for Stephen Farrell |
2014-01-22
|
16 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2014-01-22
|
16 | Ted Lemon | [Ballot Position Update] New position, Yes, has been recorded for Ted Lemon |
2014-01-22
|
16 | Brian Haberman | [Ballot discuss] I am taking the somewhat curious route of raising a DISCUSS on a document that I am shepherding. I will return to a … [Ballot discuss] I am taking the somewhat curious route of raising a DISCUSS on a document that I am shepherding. I will return to a Yes when these issues are resolved. Thomas Narten raised a good point that this document does not mention the work published in RFCs 4436 and 6059 (from the concluded DNA WG). Two of the points he raised are worth addressing in this document prior to publication. 1. If you have stable storage (and many devices do), it makes sense to just cache the addresses instead of regenerating them. DNA does this. Seems like that option should be allowed. (the current document suggests saving the number of DAD iterations in stable storage... why do that if you can just save the address itself?) 2. DNA also has recommendations for detecting when you (re)connect to a network you visited before. That is pretty much the same thing this spec needs to do in order to generate the same addresses when connecting to a previously visited network (i.e., the Network_ID paramater). For the wired case (i.e, no SSID), DNA suggests using the linklayer/linklocal address pair of routers to identify a link. This document might suggest doing the same thing. |
2014-01-22
|
16 | Brian Haberman | [Ballot Position Update] Position for Brian Haberman has been changed to Discuss from Yes |
2014-01-22
|
16 | Pete Resnick | [Ballot comment] This is an algorithm to generate stable, private, and mostly unique addresses. It does not affect interoperability at all if people choose a … [Ballot comment] This is an algorithm to generate stable, private, and mostly unique addresses. It does not affect interoperability at all if people choose a different method. Anyone can accomplish the same task in a number of different ways. This is just a nice method to use if someone wanted to use it. This should just be an Informational document explaining a nice way to generate stable, private, mostly unique addresses without all of the MUSTs and SHOULDs, which are not interoperability requirements in the first place. Standardizing this is silly in the extreme. |
2014-01-22
|
16 | Pete Resnick | [Ballot Position Update] Position for Pete Resnick has been changed to Abstain from Discuss |
2014-01-22
|
16 | Pete Resnick | [Ballot discuss] I'd like to hear mostly from the shepherd, who didn't actually answer the second part of the first question on the shepherd writeup: … [Ballot discuss] I'd like to hear mostly from the shepherd, who didn't actually answer the second part of the first question on the shepherd writeup: "Why is this the proper type of RFC?" This looks to me like an algorithm to generate stable, private, and mostly unique addresses. It looks like it does not affect interoperability at all if people choose a different method. It looks to me like you could have accomplished the same task in a number of different ways. This just seems like a nice method to use if someone wanted to use it. So it's not clear to me why this isn't just an Informational document explaining a nice way to generate stable, private, mostly unique addresses without lots of MUSTs and SHOULDs that are not really interoperability requirements. |
2014-01-22
|
16 | Pete Resnick | [Ballot Position Update] New position, Discuss, has been recorded for Pete Resnick |
2014-01-21
|
16 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2014-01-21
|
16 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2014-01-21
|
16 | Stephen Farrell | [Ballot discuss] (1) Section 5: Why mention only MD5 and SHA1? Why not HMAC-SHA256? As-is, implementers are likely to get this wrong in various ways, … [Ballot discuss] (1) Section 5: Why mention only MD5 and SHA1? Why not HMAC-SHA256? As-is, implementers are likely to get this wrong in various ways, e.g. allowing MD5 collisions to be generated on purpose with different inputs perhaps as a way to assign blame to an innocent victim. If HMAC-MD5 or better (*) HMAC-SHA256 were recommended instead, it is far more likley that implementers will do the right thing and it seems just as easy to do today's right thing as what's mentioned here. (*) Even though HMAC-MD5 is still ok, its better (for audit reasons) if we reduce the number of copies of MD5 runtime code on systems and do not introduce new instances of that code. (2) Why might a sys admin want to display the secret key? If there's a reason shouldn't you say so that coders don't do the wrong thing? The concern is that once established, this key might be re-used for other purposes and display might then become an interesting attack vector. |
2014-01-21
|
16 | Stephen Farrell | [Ballot comment] - Probably not worth investigating, but I'd wonder if a bad-actor with the 64 bit prefix to play about with could force an … [Ballot comment] - Probably not worth investigating, but I'd wonder if a bad-actor with the 64 bit prefix to play about with could force an IID on a node that used plain MD5 with a guessable or known secret_key. I don't think that's doable today but its yet another reason to avoid very outdated hash functions like md5. This is a non-issue if discuss#1 is resolved by ditching MD5. |
2014-01-21
|
16 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2014-01-21
|
16 | Stewart Bryant | [Ballot comment] As Adrian says, this does not look like it impacts the routing systems so based on a quick skim, no objection. I am, … [Ballot comment] As Adrian says, this does not look like it impacts the routing systems so based on a quick skim, no objection. I am, however, left pondering as to whether a simple call to the system RNG wouldn't work well enough most of the time. |
2014-01-21
|
16 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2014-01-21
|
16 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2014-01-20
|
16 | Adrian Farrel | [Ballot comment] Based on a quick skim of this document and the judgement that it has no direct impact on the routing infrastructure, I am … [Ballot comment] Based on a quick skim of this document and the judgement that it has no direct impact on the routing infrastructure, I am balloting No Objection. |
2014-01-20
|
16 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2014-01-20
|
16 | Martin Stiemerling | [Ballot comment] Section 2., paragraph 4: > Note that the result of F() in the algorithm above is no more secure > than … [Ballot comment] Section 2., paragraph 4: > Note that the result of F() in the algorithm above is no more secure > than the secret key. If an attacker is aware of the PRF that is > being used by the victim (which we should expect), and the attacker > can obtain enough material (i.e. addresses configured by the victim), > the attacker may simply search the entire secret-key space to find > matches. To protect against this, the secret key should be of a > reasonable length. Key lengths of at least 128 bits should be > adequate. The secret key is initialized at system installation time > to a pseudo-random number, thus allowing this mechanism to be enabled > /used automatically, without user intervention. Isn't there a requirement (MUST) or at least a recommendation (RECOMMENDED) to say something about the minimum length of the secret key? Just to let implementers know from what length on the secret is 'safe' as input? |
2014-01-20
|
16 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2014-01-06
|
16 | Brian Haberman | State changed to IESG Evaluation from Waiting for Writeup |
2014-01-06
|
16 | Brian Haberman | Placed on agenda for telechat - 2014-01-23 |
2014-01-06
|
16 | Brian Haberman | Ballot has been issued |
2014-01-06
|
16 | Brian Haberman | [Ballot Position Update] New position, Yes, has been recorded for Brian Haberman |
2014-01-06
|
16 | Brian Haberman | Created "Approve" ballot |
2014-01-06
|
16 | Brian Haberman | Ballot writeup was changed |
2013-12-25
|
16 | (System) | State changed to Waiting for Writeup from In Last Call (ends 2013-12-25) |
2013-12-23
|
16 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2013-12-23
|
16 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-stable-privacy-addresses-16, which is currently in Last Call, and has the following comments: We understand that this document doesn't require … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-stable-privacy-addresses-16, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any IANA actions. IANA requests that the IANA Considerations section of the document remain in place upon publication. If this assessment is not accurate, please respond as soon as possible. |
2013-12-12
|
16 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ben Campbell |
2013-12-12
|
16 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ben Campbell |
2013-12-12
|
16 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tim Chown |
2013-12-12
|
16 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tim Chown |
2013-12-11
|
16 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (A Method for Generating Semantically … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)) to Proposed Standard The IESG has received a request from the IPv6 Maintenance WG (6man) to consider the following document: - 'A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration (SLAAC)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-12-25. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses (e.g., IEEE LAN MAC addresses), such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The method specified in this document applies to all prefixes a host may be employing, including link-local, global, and unique- local addresses. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-12-11
|
16 | Amy Vezza | State changed to In Last Call (ends 2013-04-26) from Last Call Requested |
2013-12-11
|
16 | Brian Haberman | Last call was requested |
2013-12-11
|
16 | Brian Haberman | State changed to Last Call Requested from AD Evaluation::AD Followup |
2013-12-11
|
16 | Brian Haberman | Last call announcement was generated |
2013-12-10
|
16 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-16.txt |
2013-11-26
|
15 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-11-26
|
15 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-15.txt |
2013-11-01
|
14 | Brian Haberman | State changed to AD Evaluation::Revised I-D Needed from AD Evaluation::External Party |
2013-10-31
|
14 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2013-10-31
|
14 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Vincent Roca |
2013-10-29
|
14 | Brian Haberman | State changed to AD Evaluation::External Party from AD Evaluation |
2013-10-29
|
14 | Brian Haberman | All, I have completed my AD evaluation for draft-ietf-6man-stable-privacy-addresses and only have a few comments/questions that I would like to get some feedback … All, I have completed my AD evaluation for draft-ietf-6man-stable-privacy-addresses and only have a few comments/questions that I would like to get some feedback on... 1. It would be useful to include an *informative* reference or two for candidate PRFs. 2. Given the opaque bits discussion in section 5, I think it would be good to include a reference to the 6man-ug draft to provide the justification. 3. Section 6 discusses the benefits of using the DAD_Counter in the PRF call, but I think the draft should also mention the downsides to not maintaining that variable in non-volatile memory over reboots. Specifically, the scenario where a node used IDGEN_RETRIES attempts on the previous boot to get a valid address and during the current boot will fail if it needs IDGEN_RETRIES+1 tries and DAD_Counter info is not stored. 4. I am agnostic on this one, but want some feedback. Should the reference to the address-generation-privacy draft be normative given that it contains the necessary background info supporting this approach? Once we agree on these points, we can move the draft along in the publication process. Regards, Brian |
2013-10-29
|
14 | Brian Haberman | Notification list changed to : 6man-chairs@tools.ietf.org, draft-ietf-6man-stable-privacy-addresses@tools.ietf.org, ipv6@ietf.org |
2013-10-25
|
14 | Tero Kivinen | Assignment of request for Last Call review by SECDIR to Sam Weiler was rejected |
2013-10-17
|
14 | Brian Haberman | State changed to AD Evaluation from Publication Requested |
2013-10-17
|
14 | Amy Vezza | Working group state set to Submitted to IESG for Publication |
2013-10-17
|
14 | Amy Vezza | IETF WG state changed to Submitted to IESG for Publication |
2013-10-17
|
14 | Amy Vezza | IESG state changed to Publication Requested |
2013-10-17
|
14 | Amy Vezza | IESG state set to Publication Requested |
2013-10-17
|
14 | Bob Hinden | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2013-10-17
|
14 | Bob Hinden | Changed document writeup |
2013-10-17
|
14 | Bob Hinden | Changed document writeup |
2013-10-17
|
14 | Bob Hinden | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2013-10-17
|
14 | Bob Hinden | Annotation tag Revised I-D Needed - Issue raised by WG cleared. |
2013-10-11
|
14 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-14.txt |
2013-09-17
|
13 | Bob Hinden | IETF WG state changed to In WG Last Call from In WG Last Call |
2013-09-17
|
13 | Bob Hinden | Annotation tag Revised I-D Needed - Issue raised by WG set. |
2013-09-03
|
13 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-13.txt |
2013-08-19
|
12 | Ole Trøan | Re-issue WGLC. Ending September 2, August 2013 |
2013-08-19
|
12 | Ole Trøan | IETF WG state changed to In WG Last Call from Submitted to IESG for Publication |
2013-08-19
|
12 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-12.txt |
2013-08-08
|
11 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-11.txt |
2013-06-12
|
10 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-10.txt |
2013-06-02
|
09 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-09.txt |
2013-05-23
|
08 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-08.txt |
2013-05-19
|
07 | Fernando Gont | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2013-05-19
|
07 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-07.txt |
2013-04-26
|
06 | Brian Haberman | State changed to AD is watching from Waiting for AD Go-Ahead |
2013-04-26
|
06 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call |
2013-04-18
|
06 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sam Weiler |
2013-04-18
|
06 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Sam Weiler |
2013-04-17
|
06 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ben Campbell |
2013-04-17
|
06 | Jean Mahoney | Request for Last Call review by GENART is assigned to Ben Campbell |
2013-04-13
|
06 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2013-04-13
|
06 | Amanda Baber | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-stable-privacy-addresses-06, which is currently in Last Call, and has the following comments: We understand that this document doesn't require … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-stable-privacy-addresses-06, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any IANA actions. If this assessment is not accurate, please respond as soon as possible. |
2013-04-12
|
06 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2013-04-12
|
06 | Cindy Morgan | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Subject: Last Call: (A method for Generating Stable Privacy-Enhanced … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Subject: Last Call: (A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)) to Proposed Standard The IESG has received a request from the IPv6 Maintenance WG (6man) to consider the following document: - 'A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-04-26. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies a method for generating IPv6 Interface Identifiers to be used with IPv6 Stateless Address Autoconfiguration (SLAAC), such that addresses configured using this method are stable within each subnet, but the Interface Identifier changes when hosts move from one network to another. The aforementioned method is meant to be an alternative to generating Interface Identifiers based on IEEE identifiers, such that the benefits of stable addresses can be achieved without sacrificing the privacy of users. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-04-12
|
06 | Cindy Morgan | State changed to In Last Call from Last Call Requested |
2013-04-12
|
06 | Brian Haberman | Last call was requested |
2013-04-12
|
06 | Brian Haberman | Last call announcement was generated |
2013-04-12
|
06 | Brian Haberman | Ballot approval text was generated |
2013-04-12
|
06 | Brian Haberman | Ballot writeup was generated |
2013-04-12
|
06 | Brian Haberman | State changed to Last Call Requested from AD Evaluation::AD Followup |
2013-04-11
|
06 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-04-11
|
06 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-06.txt |
2013-04-08
|
05 | Bob Hinden | Changed protocol writeup |
2013-04-08
|
05 | Brian Haberman | State changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2013-04-08
|
05 | Brian Haberman | State changed to AD Evaluation from Publication Requested |
2013-04-08
|
05 | Brian Haberman | All, I have performed by AD review of draft-ietf-6man-stable-privacy-addresses. For the most part, this is a well-written document. I only have a few … All, I have performed by AD review of draft-ietf-6man-stable-privacy-addresses. For the most part, this is a well-written document. I only have a few comments that should be resolved prior to moving this to IETF Last Call... 1. Section 1 : I understand that the fourth paragraph is indented since it is quoting from another document. I do not see why the fifth paragraph is indented. The same confusion exists for the second paragraph of Section 3. 2. Section 3 : * The PRF is fed several variables in order to generate a random number. I appreciate that the issues with different identifiers being generated for the same prefix due to varying values of DAD_Counter are discussed (Section 4). What is missing is discussion of when the Interface_Index value changes. On many systems, the value returned via the socket APIs is based on the ifIndex value assigned to the interface. There are a variety of situations where the ifIndex can change within a system and these should be mentioned. This can impact design goal #2. * What are the assumptions on this algorithm with respect to multi-homed devices that could have different network interfaces available to attach to the same network? For example, if I have a quad-port network card, I could attach to a network via eth0 and get an identifier for prefix X. The next time I attach to that network, I use eth2 and I will not get the same identifier even though I still get a PIO containing prefix X. This issue directly contradicts design goal #1. 3. I think it would be good to explicitly state that this IID generation mechanism is incrementally deployable since there are no interoperability issues with IID generation. Regards, Brian |
2013-03-26
|
05 | Brian Haberman | Intended Status changed to Proposed Standard |
2013-03-26
|
05 | Brian Haberman | IESG process started in state Publication Requested |
2013-03-26
|
05 | (System) | Earlier history may be found in the Comment Log for draft-gont-6man-stable-privacy-addresses |
2013-03-24
|
05 | Bob Hinden | Changed consensus to Yes from Unknown |
2013-03-24
|
05 | Bob Hinden | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2013-03-24
|
05 | Bob Hinden | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2013-03-24
|
05 | Bob Hinden | Changed shepherd to Robert Hinden |
2013-03-22
|
05 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-05.txt |
2013-03-20
|
04 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-04.txt |
2013-01-29
|
03 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-03.txt |
2012-12-29
|
02 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-02.txt |
2012-12-17
|
01 | Bob Hinden | IETF state changed to In WG Last Call from WG Document |
2012-10-07
|
01 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-01.txt |
2012-05-18
|
00 | Fernando Gont | New version available: draft-ietf-6man-stable-privacy-addresses-00.txt |