[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 64-bit identifiers
At 11:29 09/08/01, Bob Hinden wrote:
>IPv6 nodes can have long lived 64 bit interface identifiers (usually created from hardware tokens) and temporary interface identifiers per RFC3041. Most implementations will support both types as they serve different purposes. There is a bit in the interface identifier that indicates whether it is a global or local identifier. As you point out the global identifiers could be used with an 8+8/GSE type scheme, while the temporary addresses would be harder to use.
Given that WindowsXP is shipping with the local identifier and
with a change in the local identifier with every Nth new IP session
(for single digit value of N), the majority of the end systems will
be using duplicative local-use-only 64-bit identifiers. I'm told
that this is controlled only by a registry knob, meaning few will
know how to disable the default and fewer will actually make that
change.
For an 8+8/GSE-like schema, all systems need to have probabilistically
unique identifiers. The current privacy spec guarantees that requirement
won't be met with the low-order bits of the IPv6 unicast address.
This isn't good or bad, just reality. So folks looking into
8+8/GSE-like schemas need to find/create an alternate identity space
for things like PCBs. This necessarily adds to the complexity
of such approaches versus the prior world order.
>>Now one could postulate a different identifer that could be used
>>in things like Protocol Control Blocks to bind session state
>>and identity (in lieu of using IP addresses as at present). There
>>would need to be some ability to map to/from that identifier to
>>other kinds of identifiers (perhaps IP Addresses, FQDNs) for
>>this to be deployable, as near as I can tell. There is some work
>>within the IRTF NSRG examining the possibility of adding such
>>identifiers to the Internet Architecture, but that's research
>>not engineering for now.
>
>Based on our experience with global IPv6 interface identifiers, I suspect that any new scheme using global identifiers will have to deal with privacy issues to allow for anonymous communication.
As near as I can tell, there is no conflict between a requirement
for a probabilistically unique ID and anonymous communication
-- it simply needs to be accounted for during design of the
identifier to be used.
Ran