Dynamic Configuration of IPv4 Link-Local Addresses
draft-ietf-zeroconf-ipv4-linklocal-17
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
17 | (System) | post-migration administrative database adjustment to the Yes position for Thomas Narten |
2012-08-22
|
17 | (System) | post-migration administrative database adjustment to the No Objection position for Margaret Wasserman |
2012-08-22
|
17 | (System) | post-migration administrative database adjustment to the No Objection position for Ted Hardie |
2012-08-22
|
17 | (System) | post-migration administrative database adjustment to the No Objection position for Alex Zinin |
2005-03-24
|
(System) | Posted related IPR disclosure: Keith Moore's statement about possible IPR claimed in draft-ietf-zeroconf-ipv4-linklocal-17.txt belonging to Microsoft corporation | |
2004-07-20
|
17 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2004-07-19
|
17 | Amy Vezza | IESG state changed to Approved-announcement sent |
2004-07-19
|
17 | Amy Vezza | IESG has approved the document |
2004-07-19
|
17 | Amy Vezza | Closed "Approve" ballot |
2004-07-19
|
17 | Thomas Narten | State Changes to Approved-announcement to be sent from IESG Evaluation::AD Followup by Thomas Narten |
2004-07-19
|
17 | Thomas Narten | [Note]: '2004-07-19: Document approved. ' added by Thomas Narten |
2004-07-19
|
17 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to Yes from Discuss by Thomas Narten |
2004-07-13
|
17 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-17.txt |
2004-07-02
|
16 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-16.txt |
2004-06-07
|
15 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-15.txt |
2004-05-06
|
17 | Thomas Narten | [Note]: '2004-05-06: version -14 addressed concerns of IESG. But last minute IPR disclosure from Apple needs to be considered by the WG. Detailed info on … [Note]: '2004-05-06: version -14 addressed concerns of IESG. But last minute IPR disclosure from Apple needs to be considered by the WG. Detailed info on document status can be found at: http://www.drizzle.com/~aboba/ZEROCONF/issues.html. ' added by Thomas Narten |
2004-04-26
|
(System) | Posted related IPR disclosure: Apple Computer's Statement About IPR Claimed in draft-ietf-zeroconf-ipv4-linklocal | |
2004-04-22
|
17 | Thomas Narten | State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Thomas Narten |
2004-04-20
|
17 | Thomas Narten | [Ballot discuss] 2004-04-20: Placeholder; IESG concerns addressed, but some last minute comments came into chairs/authors. |
2004-04-20
|
17 | Thomas Narten | [Ballot Position Update] Position for Thomas Narten has been changed to Discuss from Yes by Thomas Narten |
2004-04-20
|
17 | Alex Zinin | [Ballot Position Update] Position for Alex Zinin has been changed to No Objection from Discuss by Alex Zinin |
2004-04-20
|
17 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to No Objection from Discuss by Ted Hardie |
2004-04-20
|
17 | Thomas Narten | State Changes to IESG Evaluation from IESG Evaluation::Revised ID Needed by Thomas Narten |
2004-04-20
|
17 | Thomas Narten | [Note]: '2004-04-05: version -14 is out, should address concerns of IESG. Detailed info on changes can be found at http://www.drizzle.com/~aboba/ZEROCONF/issues.html ' added by Thomas Narten |
2004-04-05
|
14 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-14.txt |
2004-03-31
|
17 | Margaret Cullen | [Ballot Position Update] Position for Margaret Wasserman has been changed to No Objection from Discuss by Margaret Wasserman |
2004-03-23
|
17 | Thomas Narten | State Changes to IESG Evaluation::Revised ID Needed from Waiting for AD Go-Ahead by Thomas Narten |
2004-03-23
|
17 | Thomas Narten | [Note]: '2004-03-23: IESG comments are being processed by WG; Erik has suggested updates and LC period on mailing list is ongoing. Then, revised ID and … [Note]: '2004-03-23: IESG comments are being processed by WG; Erik has suggested updates and LC period on mailing list is ongoing. Then, revised ID and (hopefully!) IESG approval!' added by Thomas Narten |
2004-03-23
|
17 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2004-02-20
|
17 | (System) | Removed from agenda for telechat - 2004-02-19 |
2004-02-19
|
17 | Margaret Cullen | [Ballot discuss] (1) In section 2.6.2 "Forwarding Rules", the document says: "Whichever interface is used, if the destination address is in the 169.254/16 … [Ballot discuss] (1) In section 2.6.2 "Forwarding Rules", the document says: "Whichever interface is used, if the destination address is in the 169.254/16 prefix (including the 169.254.255.255 broadcast address), then the sender MUST ARP for the destination address and then send its packet directly to the destination on the same physical link. This MUST be done whether the interface is configured with a Link- Local or a routable IPv4 address." I don't think that the above paragraph is intended to indicate that an ARP should be sent for every link-local packet, but it could be read that way. In particular, it doesn't seem correct to ARP for a broadcast address. Also, it should be okay (AFAIK) to use a normal ARP cache for these addresses, right? (2) This document says, at one point, that storing LL addresses in the DNS is not recommended. But, later it says that you MUST NOT store LL addresses in the DNS. Which is it? (3) The "Security Considerations" section contains the following band-aid that should have been included in the earlier text that describes how to handle address collision: "Implementations and users should also note that a node that gives up an address and reconfigures, as required by section 2.5, allows the possibility that another node can easily successfully hijack existing TCP connections. Before abandoning an address due to a conflict, hosts SHOULD actively attempt to reset any existing connections using that address." |
2004-02-19
|
17 | Margaret Cullen | [Ballot Position Update] New position, Discuss, has been recorded for Margaret Wasserman by Margaret Wasserman |
2004-02-19
|
17 | Allison Mankin | [Ballot Position Update] Position for Allison Mankin has been changed to Yes from No Objection by Allison Mankin |
2004-02-19
|
17 | Allison Mankin | [Ballot comment] Watching the issue handling on the mailing list, I'd like to compliment Erik Guttman and Bernard Aboba (and the WG participants) for the … [Ballot comment] Watching the issue handling on the mailing list, I'd like to compliment Erik Guttman and Bernard Aboba (and the WG participants) for the approach they took. |
2004-02-19
|
17 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin |
2004-02-19
|
17 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
2004-02-19
|
17 | Jon Peterson | [Ballot Position Update] Position for Jon Peterson has been changed to Yes from Undefined by Jon Peterson |
2004-02-19
|
17 | Jon Peterson | [Ballot Position Update] New position, Undefined, has been recorded for Jon Peterson by Jon Peterson |
2004-02-18
|
17 | Bill Fenner | [Ballot comment] 2.6.2 says ...if the destination address is in the 169.254/16 prefix (including the 169.254.255.255 broadcast address), then the sender MUST … [Ballot comment] 2.6.2 says ...if the destination address is in the 169.254/16 prefix (including the 169.254.255.255 broadcast address), then the sender MUST ARP for the destination address and then send its packet directly to the destination on the same physical link. This sounds like it's saying that 169.254.255.255 is not to be treated as a broadcast address, but it describes it as "the .. broadcast address". Potentially confusing. This is not a DISCUSS because this is a relatively minor issue in a document that I don't want to prevent from moving forward, but if it is going to be spun for something else (or even if this can be handled in AUTH48) I'd be happier. |
2004-02-18
|
17 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2004-02-18
|
17 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
2004-02-18
|
17 | Alex Zinin | [Ballot discuss] I am much happier with this rev. The document addresses the concerns I had before. I do have some comments though. Editorial comment: … [Ballot discuss] I am much happier with this rev. The document addresses the concerns I had before. I do have some comments though. Editorial comment: > 1. Introduction ... > Microsoft Windows 98 (and later) and Mac OS 8.5 (and later) already > support this capability. This document standardizes usage, > prescribing rules for how Link-Local IPv4 addresses MUST be treated > by hosts and routers. In particular, it describes how routers MUST > behave when receiving packets with IPv4 Link-Local addresses in the > source or destination address. With respect to hosts, it discusses > claiming and defending addresses, maintaining Link-Local and routable > IPv4 addresses on the same interface, and multihoming issues. The two "MUST" above should be lower case. More substantial comments on the new text: > 2.6.2. Forwarding Rules ... > In many network stacks, achieving this functionality may be as simple > as adding a routing table entry indicating that 169.254/16 is > directly reachable on the local link. Mentioning that this won't work for multihomed hosts and routers and pointing to the section discussing this would be useful. > 3.2. Address Ambiguity > > This is a core problem with respect to Link-Local IPv4 addresses > configured on more than one interface. What should a host do when it > needs to send to Link-Local destination L and L can be resolved using > ARP on more than one link? I would add that even if a given LL address is resolved using just one link at a given moment, the choice will still be ambiguous without interface specification, as a second later another host with the same LL address may become available on another link. > One possibility is to support this only in the case where the > application specifically expresses which interface to send from. > There is no standard or obvious solution to this problem. Existing > application software written for the Internet protocol suite is > largely incapable of dealing with address ambiguity. This does not > preclude an implementer from finding a solution, writing applications > which are able to use it, and providing a host which can support > dynamic configuration of Link-Local IPv4 addresses on more than one > interface. This solution will almost surely not be generally > applicable to existing software and transparent to higher layers, > however. The text reads as if we don't know how to work with scoped addresses at all. This is not true. We know that: 1. The IP stack must have the outbound interface associated with a packet that needs to be sent to a LL destination address 2. The outbound interface cannot be derived from the packet's header parameters such as src or dst address (e.g. by using the forwarding table lookup), hence 3. Outbound interface association MUST be done explicitly through other means. The specification does not stipulate those means, but examples include ... |
2004-02-18
|
17 | Alex Zinin | [Ballot Position Update] Position for Alex Zinin has been changed to Discuss from No Objection by Alex Zinin |
2004-02-18
|
17 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
2004-02-17
|
17 | Ted Hardie | [Ballot comment] The draft has the following text in section 1.4: a. Routable addresses should be used within applications whenever they are available. … [Ballot comment] The draft has the following text in section 1.4: a. Routable addresses should be used within applications whenever they are available. b. Names that are globally resolvable to routable addresses should be used within applications whenever they are available. Names that are resolvable only on the local link (such as through use of protocols such as Link Local Multicast Name Resolution [LLMNR]) MUST NOT be used in off-link communication. IPV4 addresses and names which can only be resolved on the local link SHOULD NOT be forwarded, they SHOULD only be sent when a Link-Local address is used as the source address. This strong advice should hinder limited scope addresses and names from leaving the context in which they apply. c. Link-Local IPv4 addresses MUST NOT be configured in the DNS. A & B seem to contain contrary advice (Use routable addresses in applications vs. use names resolvable to routable addresses in applciations); this is probably because the authors see an "instead" in here that isn't stated. I'd suggest rephrasing A. I'd also suggest reversing the order so that C is first (it is the MUST here), B's advice is next (It is the SHOULD), and then the current A is "If names resolvable to globally routable addresses are not available, but the globally routable addresses are, they should be used instead of link-local addresses". Section 2.9 says: 2.9. Higher-Layer Protocol Considerations Similar considerations apply at layers above IP. I think it would be valuable to say "Consideration similar to those in Section XX apply at layers above IP", in case this text is excerpted or the Higher-layer protocol consideration reader does not follow. I'm also uneasy at the SHOULDs in this, and I have called out one conflict in the text on the DNS front as a DISCUSS. Basically, though, the APPs layer should not need to know which interface is being used for a specific operation, and that may not be the case here. There are actually two risks here: that a reference to a link-local address by an application will break because the entity dereferencing it will not have access to that link-local address and that an application will receive the wrong data because it can dereference *something* at that address (possibly on a different interface), but it is not the intended referent. This is implied in Sections 3.2 and 6.3, and forward references to those section here would be useful in addition to the other references. NIT: IPv4ll used initially without expansion. Style point: it looks like "IP version four-one-one" in a typical RFC font, which is confusing. |
2004-02-17
|
17 | Ted Hardie | [Ballot comment] The draft has the following text in section 1.4: a. Routable addresses should be used within applications whenever they are available. … [Ballot comment] The draft has the following text in section 1.4: a. Routable addresses should be used within applications whenever they are available. b. Names that are globally resolvable to routable addresses should be used within applications whenever they are available. Names that are resolvable only on the local link (such as through use of protocols such as Link Local Multicast Name Resolution [LLMNR]) MUST NOT be used in off-link communication. IPV4 addresses and names which can only be resolved on the local link SHOULD NOT be forwarded, they SHOULD only be sent when a Link-Local address is used as the source address. This strong advice should hinder limited scope addresses and names from leaving the context in which they apply. c. Link-Local IPv4 addresses MUST NOT be configured in the DNS. A & B seem to contain contrary advice (Use routable addresses in applications vs. use names resolvable to routable addresses in applciations); this is probably because the authors see an "instead" in here that isn't stated. I'd suggest rephrasing A. I'd also suggest reversing the order so that C is first (it is the MUST here), B's advice is next (It is the SHOULD), and then the current A is "If names resolvable to globally routable addresses are not available, but the globally routable addresses are, they should be used instead of link-local addresses". Section 2.9 says: 2.9. Higher-Layer Protocol Considerations Similar considerations apply at layers above IP. I think it would be valuable to say "Consideration similar to those in Section XX apply at layers above IP", in case this text is excerpted or the Higher-layer protocol consideration reader does not follow. I'm also uneasy at the SHOULDs in this, and I have called out one conflict in the text on the DNS front as a DISCUSS. Basically, though, the APPs layer should not need to know which interface is being used for a specific operation, and that may not be the case here. There are actually two risks here: that a reference to a link-local address by an application will break because the entity dereferencing it will not have access to that link-local address and that an application will receive the wrong data because it can dereference *something* at that address (possibly on a different interface), but it is not the intended referent. This is implied in Sections 3.2 and 6.3, and forward references to those section here would be useful in addition to the other references. |
2004-02-17
|
17 | Ted Hardie | [Ballot discuss] Section 1.4 says : c. Link-Local IPv4 addresses MUST NOT be configured in the DNS. Section 2.9 says: As Link-Local IPv4 … [Ballot discuss] Section 1.4 says : c. Link-Local IPv4 addresses MUST NOT be configured in the DNS. Section 2.9 says: As Link-Local IPv4 addresses may change at any time and have limited scope, storing Link-Local IPv4 addresses in the DNS is not well understood and is NOT RECOMMENDED. RFC 2119, Section 4, says "NOT RECOMMENDED" is the same strength as "SHOULD NOT". The authors and working group need to decide whether this prohibition is a MUST or a SHOULD. |
2004-02-17
|
17 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to Discuss from Undefined by Ted Hardie |
2004-02-17
|
17 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to Undefined from Discuss by Ted Hardie |
2004-02-17
|
17 | Ted Hardie | [Ballot Position Update] Position for Ted Hardie has been changed to Discuss from Undefined by Ted Hardie |
2004-02-17
|
17 | Ted Hardie | [Ballot comment] The draft has the following text in section 1.4: a. Routable addresses should be used within applications whenever they are available. … [Ballot comment] The draft has the following text in section 1.4: a. Routable addresses should be used within applications whenever they are available. b. Names that are globally resolvable to routable addresses should be used within applications whenever they are available. Names that are resolvable only on the local link (such as through use of protocols such as Link Local Multicast Name Resolution [LLMNR]) MUST NOT be used in off-link communication. IPV4 addresses and names which can only be resolved on the local link SHOULD NOT be forwarded, they SHOULD only be sent when a Link-Local address is used as the source address. This strong advice should hinder limited scope addresses and names from leaving the context in which they apply. c. Link-Local IPv4 addresses MUST NOT be configured in the DNS. A & B seem to contain contrary advice (Use routable addresses in applications vs. use names resolvable to routable addresses in applciations); this is probably because the authors see an "instead" in here that isn't stated. I'd suggest rephrasing A. I'd also suggest reversing the order so that C is first (it is the MUST here), B's advice is next (It is the SHOULD), and then the current A is "If names resolvable to globally routable addresses are not available, but the globally routable addresses are, they should be used instead of link-local addresses". |
2004-02-17
|
17 | Ted Hardie | [Ballot Position Update] New position, Undefined, has been recorded for Ted Hardie by Ted Hardie |
2004-02-17
|
17 | Steven Bellovin | [Ballot Position Update] New position, No Objection, has been recorded for Steve Bellovin by Steve Bellovin |
2004-02-17
|
17 | Russ Housley | [Ballot comment] Section 2.2. It seems that this technique should work for 802.11 ad hoc networking too. An entry in the list that does … [Ballot comment] Section 2.2. It seems that this technique should work for 802.11 ad hoc networking too. An entry in the list that does not imply an infrastructure of any kind is desirable. The reference to RFC 2434 should be informative, or a reference should be added in the IANA Considerations section. |
2004-02-17
|
17 | Harald Alvestrand | [Ballot comment] It's good to see this document finished. I'm happy with the document as written - it has addressed all the concerns I remember … [Ballot comment] It's good to see this document finished. I'm happy with the document as written - it has addressed all the concerns I remember from the last time the IESG considered it. |
2004-02-17
|
17 | Harald Alvestrand | [Ballot Position Update] New position, No Objection, has been recorded for Harald Alvestrand by Harald Alvestrand |
2004-02-17
|
13 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-13.txt |
2004-02-16
|
17 | Russ Housley | [Ballot comment] Section 2.2. It seems that this technique should work for 802.11 ad hoc networking too. An entry in the list that does … [Ballot comment] Section 2.2. It seems that this technique should work for 802.11 ad hoc networking too. An entry in the list that does not imply an infrastructure of any kind is desirable. The reference to RFC 2434 should be informative. |
2004-02-16
|
17 | Russ Housley | [Ballot Position Update] New position, Yes, has been recorded for Russ Housley by Russ Housley |
2004-02-12
|
17 | Ned Freed | [Ballot Position Update] New position, No Objection, has been recorded for Ned Freed by Ned Freed |
2004-02-12
|
17 | Thomas Narten | To: Internet Engineering Steering Group From: IESG Secretary Reply-To: IESG Secretary Subject: Evaluation: draft-ietf-zeroconf-ipv4-linklocal - Dynamic Configuration of IPv4 Link-Local addresses to Proposed Standard -------- … To: Internet Engineering Steering Group From: IESG Secretary Reply-To: IESG Secretary Subject: Evaluation: draft-ietf-zeroconf-ipv4-linklocal - Dynamic Configuration of IPv4 Link-Local addresses to Proposed Standard -------- Last Call to expire on: 2002-9-11 Please return the full line with your position. Yes No-Objection Discuss * Abstain Harald Alvestrand [ ] [ ] [ X ] [ ] Steve Bellovin [ ] [ ] [ X ] [ ] Bill Fenner [ ] [ X ] [ ] [ ] Ned Freed [ ] [ X ] [ ] [ ] Ted Hardie [ ] [ ] [ ] [ ] Russ Housley [ ] [ ] [ ] [ ] David Kessens [ ] [ ] [ ] [ ] Allison Mankin [ ] [ X ] [ ] [ ] Thomas Narten [ X ] [ ] [ ] [ ] Jon Peterson [ ] [ ] [ ] [ ] Margaret Wasserman [ ] [ ] [ ] [ ] Bert Wijnen [ ] [ X ] [ ] [ ] Alex Zinin [ ] [ ] [ X ] [ ] Scott Bradner [ ] [ X ] [ ] [ ] Randy Bush [ X ] [ ] [ ] [ ] Patrik Faltstrom [ ] [ X ] [ ] [ ] Erik Nordmark [ ] [ ] [ X ] [ ] Jeff Schiller [ ] [ X ] [ ] [ ] 2/3 (9) Yes or No-Objection opinions needed to pass. * Indicate reason if 'Discuss'. DISCUSS: ======== Harald: Three objections, based on a quick scan: 1) The document gives no (zero) examples of applications that can successfully and safely be used with link-local addresses. I think a list of applications would serve two purposes: - document the motivation for this feature - serve as target for people arguing that this application has serious failure modes when used with link-local addresses 2) The following section: > 2.10 Higher-Layer Protocol Considerations > > Similar considerations apply at layers above IP. > > For example, designers of Web pages (including automatically > generated web pages) SHOULD NOT contain links with embedded > link-local addresses if those pages are viewable from hosts outside > the local link where the addresses are valid. > > As link-local addresses may change at any time and have limited > scope, storing link-layer addresses in the DNS is not well > understood and it is NOT RECOMMENDED. is not sufficiently draconian. It should probably say something like: The following set of protocols: - FTP - DNS - NFS - IPSEC using IPv4 as an identifier - BGP - OSPF - RTP/RTCP <<>> will fail if applications use a link-local address instead of a globally unique address when sending the address of its interface in a protocol packet. 3) Security consideration, section 2.8: > The non-forwarding rule is important because it is expected that > many link-local-only devices will be extremely simple devices of > the kind that currently use X10 [X10], USB [USB] or FireWire [1394]. > > The designers of these devices currently assume that they will > communicate only with other local devices, and this allows them to > produce cost-effective devices by implementing a degree of security > appropriate for that expected environment. Any network gateway device > that blindly forwards the contents of link-local IP packets off the > local link (or onto the local link) exposes simple link-local-only > devices to a much greater degree of risk than their designers may > have planned for. In the world of wireless LANs, this seems to be an extremely stupid idea. (not that it was a smart move before.....for kicks, try plugging an X10 controller into your neighbour's outdoor electrical socket and start playing....) I would suggest to add a NOTE: NOTE: The existence of local links without physical security, such as LANs with attached wireless base stations, means that expecting all local links to be secure enough that normal precautions can be dispensed with is an extremely dangerous practice, which will expose users to considerable risks. Steve: How do current hosts behave with respect to this: All ARP packets (*replies* as well as requests) that contain a link-local 'sender IP address' MUST be sent using link-level broadcast instead of link-level unicast. This aids timely detection of duplicate addresses. An example illustrating how this helps is given in Section 4. (I understand the necessity, but is it done? I suspect not. This suggests that there be a warning that link-local addresses SHOULD NOT be manually configured.) I have vague recollections of an RFC that permits hosts to ignore spontaneous ARP replies, i.e., those not in response to a query, in an effort to block connection hijacking. I think that some hosts actually do this. That would interfere with the claim-and-defend mechanism, and with renumbering, I believe. What use is link-local security in a world of wireless bridges? The Security Considerations section should note that address-based IKE certificates [RFC2409, I think] MUST NOT be issued for link-local addresses. How does Windows XP behave? Alex: Seems to me that a "routing considerations" section is required. Some things that should be described: - should a route be installed in the routing table based on the link-local address on an interface? - should/can the 169.254/16 prefix be announced by dynamic routing protocols? - if received from a routing protocol, should the prefix be installed in the RT? - what the behavior should be if the prefix somehow made it to the RT (static route, old routing proto)? Erik: The abstract and first paragraph in the introduction can easily be read as these addresses being a full-fledged replacement of DHCP assigned addresses. Having the text explicitly say that such addresses can not be used for communication outside a single link would make sense. In the applicability section it would make sense to add explicit warnings about issues for applications. One issue is the addresses are of limited scope which might cause problems for multi-party applications that pass IP addresses between parties. The other issue is that these addresses might have much shorter and unpredictable lifetime, which would have an impact on applications using them on the link. (This is true especially given the suggestions in section 2.5 to pick a new address when a conflict is detected after the address has been used for a while.) The text in section 2.5 says that in some cases the host MUST cease using the address. Since it is easy for an on-link attacker to spoof the ARP packets it can cause the host to break all its connections by switching to a new address. The document should at least warn against this in section 2.5, and presumably also discuss it in the security considerations section. And here is a "bonus" I didn't mention on the call: The time values specified above are intended for use on technologies such as Ethernet, where switches that implement Spanning Tree [802.1d] often silently discard all packets for several seconds. The time values specified above result in a delay of 8-10 seconds before a chosen IP address may be used. For a desktop machine on Ethernet, FWIW when 802.1d is enabled on the port I plug in my laptop at the office, the delay before the switch starts forwarding packets is 45 seconds. (I think the 802.1d spec indicates a default time of around 30 seconds.) So 10 seconds don't seem to do much good. If the destination address is the 255.255.255.255 broadcast address or a multicast address, then the host may use either its link-local source address or a routable address, as appropriate. OK for a link-local multicast destination. But for other multicast destinations I assume it SHOULD use any routable address instead of the link-local. section 3.2: Some operating systems have networking APIs that allow applications to specify network interfaces by name, index value, or other local identifier, and to identify interfaces this way both for incoming and outgoing packets/connections. For operating systems that have this capability (and have application software that makes use of it) it is sufficient to configure all interfaces with a single common IPv4 link-local address, and defend that address on all interfaces. Add warning that uses the same address on all interfaces makes the host more suceptible to attacks and other reasons for duplicate addresses being detected late, resulting in a shorter lifetime for the link-local addresses. Using a separate address per interface limits the "damage" in such a case to a single link. section 3.3 In addition, this kind of host should probe for, and defend, all of its link-local addresses on all of its active interfaces that are using link-local addresses. When bringing up a new interface, the host SHOULD first probe for all of its existing link-local addresses on that new interface. If any of the addresses are found to be already in use by some other host on that new link, then the interfaces in question MUST be reconfigured to select new unique link-local addresses. The host should then select a link-local address for the new interface, and probe on all of its active interfaces to verify that this new address is unique on all the links that the host has connections to. The above breaks if multiple interfaces on the host are connected to the same link. It also isn't clear to me why this is needed; presumably the interfaces can be managed indepdently as long as the host ensures that it doesn't assign the same link-local address to more than one interface. COMMENT ------- Scott: notes: references not split this can get fixed when Harald's discuss is delt with Patrik: This doesn't imply I don't have problems with the document, but that I have read what others have for discuss... |
2004-02-12
|
17 | Thomas Narten | Placed on agenda for telechat - 2004-02-19 by Thomas Narten |
2004-02-12
|
17 | Thomas Narten | [Ballot Position Update] New position, Yes, has been recorded for Thomas Narten |
2004-02-12
|
17 | Thomas Narten | Ballot has been issued by Thomas Narten |
2004-02-12
|
17 | Thomas Narten | Created "Approve" ballot |
2004-02-12
|
17 | Thomas Narten | [Note]: 'LC ends on Feb 20, but I''d like to flush out IESG comments and not lose momentum on finishing the doc and closing the … [Note]: 'LC ends on Feb 20, but I''d like to flush out IESG comments and not lose momentum on finishing the doc and closing the WG.' added by Thomas Narten |
2004-02-06
|
17 | Amy Vezza | Last call sent |
2004-02-06
|
17 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2004-02-06
|
17 | Thomas Narten | State Changes to Last Call Requested from AD Evaluation by Thomas Narten |
2004-02-06
|
17 | Thomas Narten | [Note]: '-12 is out, we can now run IETF LC. ' added by Thomas Narten |
2004-02-05
|
12 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-12.txt |
2004-02-04
|
17 | Thomas Narten | State Changes to AD Evaluation from Last Call Requested by Thomas Narten |
2004-02-04
|
17 | Thomas Narten | State Change Notice email list have been change to , from |
2004-02-04
|
17 | Thomas Narten | [Note]: 'Waiting for -12, IETF LC should run on -12, which has been submitted, but has not yet appeared.' added by Thomas Narten |
2004-02-04
|
17 | Thomas Narten | State Changes to Last Call Requested from Publication Requested by Thomas Narten |
2004-02-04
|
17 | Thomas Narten | Last Call was requested by Thomas Narten |
2004-02-04
|
17 | (System) | Ballot writeup text was added |
2004-02-04
|
17 | (System) | Last call text was added |
2004-02-04
|
17 | (System) | Ballot approval text was added |
2004-02-04
|
17 | Thomas Narten | State Changes to Publication Requested from AD is watching::Revised ID Needed by Thomas Narten |
2004-02-04
|
17 | Thomas Narten | 2004-02-03: Erik requests advancement as PS. |
2004-02-04
|
17 | Thomas Narten | [Note]: 'Sent back to WG after IESG review, WG is iterating on it. Will need a new IETF LC, then back to the IESG.' has … [Note]: 'Sent back to WG after IESG review, WG is iterating on it. Will need a new IETF LC, then back to the IESG.' has been cleared by Thomas Narten |
2004-01-23
|
11 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-11.txt |
2003-09-30
|
10 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-10.txt |
2003-09-03
|
09 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-09.txt |
2003-06-23
|
17 | Thomas Narten | State Changes to AD is watching from AD is watching :: Revised ID Needed by Narten, Thomas |
2003-06-23
|
17 | Thomas Narten | State Changes to AD is watching :: Revised ID Needed from AD is watching by Narten, Thomas |
2003-06-23
|
17 | Thomas Narten | Will need IETF LC, so back in WGs hand until they are done. |
2003-06-23
|
17 | Thomas Narten | State Changes to AD is watching from IESG Evaluation by Narten, Thomas |
2003-06-20
|
17 | Thomas Narten | State Changes to IESG Evaluation from AD is watching by Narten, Thomas |
2003-06-20
|
17 | Thomas Narten | Sent back to WG after IESG review, WG is iterating on it. |
2003-06-20
|
17 | Thomas Narten | State Changes to AD is watching from IESG Evaluation by Narten, Thomas |
2003-06-03
|
08 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-08.txt |
2002-10-04
|
17 | Thomas Narten | State Changes to IESG Evaluation -- New ID Needed from IESG Evaluation -- Point Raised - writeup needed by narten |
2002-09-19
|
17 | Stephen Coya | Due date has been changed to 2002-09-18 from 2002-09-11 by scoya |
2002-09-19
|
17 | Stephen Coya | State Changes to IESG Evaluation -- Point Raised from IESG Evaluation by scoya |
2002-08-28
|
17 | Stephen Coya | Second last call (first sent July, 2001). |
2002-08-28
|
17 | Stephen Coya | Due date has been changed to 2002-09-11 from 2001-08-25 A new comment added by scoya |
2002-08-28
|
17 | Stephen Coya | State Changes to Last Call Issued from Wait for Writeup by scoya |
2002-08-28
|
07 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-07.txt |
2002-08-14
|
17 | Thomas Narten | Revised version, approved by WG |
2002-08-14
|
17 | Thomas Narten | A new comment added by narten |
2002-08-14
|
17 | Thomas Narten | State Changes to Wait for Writeup from New Version … State Changes to Wait for Writeup from New Version Needed (WG/Author) by narten |
2002-08-13
|
06 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-06.txt |
2002-04-23
|
17 | Thomas Narten | State Changes to New Version Needed (WG/Author) from Token@wg or Author … State Changes to New Version Needed (WG/Author) from Token@wg or Author by Thomas Narten |
2002-04-23
|
17 | Thomas Narten | Last call comments from keith need addressing |
2002-04-23
|
17 | Thomas Narten | State Changes to Token@wg or Author from Wait for Writeup … State Changes to Token@wg or Author from Wait for Writeup by Thomas Narten |
2002-04-18
|
05 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-05.txt |
2001-07-23
|
04 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-04.txt |
2001-06-25
|
03 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-03.txt |
2001-03-05
|
02 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-02.txt |
2000-11-30
|
01 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-01.txt |
2000-10-09
|
00 | (System) | New version available: draft-ietf-zeroconf-ipv4-linklocal-00.txt |