Re: 64-bit identifiers

[Bob Hinden <hinden@IPRG.nokia.com>]

Ran,

>The existence of the Privacy Address Configuration specification
>for IPv6 means that the low-order 64-bits CAN NOT uniquely identify
>a host.  Prior to then, using the low-order 64-bits (as proposed
>by original 8+8/GSE) might have worked.  That approach cannot work
>given the current state of specs.  Note well that the "privacy
>extension" spec (sic) is being widely implemented and deployed in
>end-systems (e.g. Windows XP).

IPv6 nodes can have long lived 64 bit interface identifiers (usually 
created from hardware tokens) and temporary interface identifiers per 
RFC3041.  Most implementations will support both types as they serve 
different purposes.  There is a bit in the interface identifier that 
indicates whether it is a global or local identifier.  As you point out the 
global identifiers could be used with an 8+8/GSE type scheme, while the 
temporary addresses would be harder to use.

>Now one could postulate a different identifer that could be used
>in things like Protocol Control Blocks to bind session state
>and identity (in lieu of using IP addresses as at present).  There
>would need to be some ability to map to/from that identifier to
>other kinds of identifiers (perhaps IP Addresses, FQDNs) for
>this to be deployable, as near as I can tell.  There is some work
>within the IRTF NSRG examining the possibility of adding such
>identifiers to the Internet Architecture, but that's research
>not engineering for now.

Based on our experience with global IPv6 interface identifiers, I suspect 
that any new scheme using global identifiers will have to deal with privacy 
issues to allow for anonymous communication.

Bob