Re: SEND IDs [Re: Comments on draft-nordmark-multi6-threats-01]

[Jari Arkko <jari.arkko@piuha.net>]

Hi all,

I may be jumping to the middle of this discussion, but
I just wanted to clarify the situation with SEND.
Iljitsch presented his idea of using the lowest 64 bits
as an identifier and we discussed this in the SEND mailing
list. My interpretation of the results of that discussion
is that people were not convinced about the idea. We explained
the need to counteract so called precomputation attacks
in SEND and how the prefix plays an important role in that.
We also talked about the privacy implications. Finally,
I at least wondered what the role of this particular idea
is in terms of multi6 WG; are all the multi6 proposals
going to rely on the same IID or just some of them?

Nevertheless, we also explained to Iljitsch how SEND CGA
addresses can be extended, and how such extensions could
in future be used to create addresses that are based on
CGA but still have the same IID part. Basically, we can
add arbitrary data to the input of the CGA generation,
and this could be used to include all the prefixes of
a host or site in the address. We also explained that
this approach would still have a lot of not-so-trivial
details to worry about, including what to do when prefixes
get deprecated or new ones are added. And due to the way
that the CGAs need to be constructed, we'd need to rev
the current RFC to accommodate for this. However, I
at least am open to such future revisions -- should they
prove necessary.

Finally, I think that I personally agree with Christian
on this issue, at least as far as what the e-mails seem
to say. But I'll try to read Erik's document and come
back with some better comments later.

--Jari

Brian E Carpenter wrote:
> Iljitsch,
>
> > On a related note: the SEND CGA stuff mandates using the subnet prefix 
> > in creating the interface identifier and as such makes it impossible 
> > to have the same interface identifier in different subnets. I was 
> > unable to convince them of the error of their ways and apparently 
> > there was no IETF last call or I missed it so now this stupidity is an 
> > RFC. We should do our best to make sure there isn't any more of this.
>
>
> (Co-chair hat is OFF.)
>
> I happen to agree with you and disagree with Christian - there should
> be a mode in SEND in which the CGA address is generated without including
> the (typically /48) prefix which will vary between ISPs when multihomed.
>
> There was a last call, you missed it, and I raised this point in
> private email and lost.
>
> For multi6, I believe we should not feel constrained by this. It would
> be a fairly simple extension to SEND to allow this, and it might be
> a very valuable functionality vs security tradeoff for a multihomed
> site that wanted to run SEND.
>
>    Brian