[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Advantages and disadvantages of using CB64 type of identifiers

To: "Christian Huitema" <huitema@windows.microsoft.com>
Subject: Re: Advantages and disadvantages of using CB64 type of identifiers
From: marcelo bagnulo braun <mbagnulo@ing.uc3m.es>
Date: Mon, 5 Jul 2004 15:26:33 +0200
Cc: "Multi6 List" <multi6@ops.ietf.org>, "Erik Nordmark" <Erik.Nordmark@sun.com>
In-reply-to: <DAC3FCB50E31C54987CD10797DA511BA09DC1E20@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>
References: <DAC3FCB50E31C54987CD10797DA511BA09DC1E20@WIN-MSG-10.wingroup.windeploy.ntdev.microsoft.com>

El 05/07/2004, a las 8:12, Christian Huitema escribió:

i don't fully understand why do you think that having an identifier in
the address is worse than current IPv4 situation (where the id and
locator are one, and multihomed sites have a single address) or the
current IPv6 situation (i guess that something similar to privacy
extensions could be achieved by periodically creating new keys hence
new identifiers)
First, I don't believe in arguments such as "this is not worse than what we did in the past" when it comes to security and privacy. We should be on a path to improvement, not a soft descent into complacency.

imho it is not the goal of multi6 to improve current security. i do agree that if it is possible to provide an enhanced security, it would be nice. But i don't see the fact that a solution does not improve current security as a compelling argument to discard a solution

 Second,
having a unique 64 bit identifier in the addresses is actually worse
than the current situation in either IPv4 or IPv6.

In IPv4, the addresses are often dynamically affected; it is possible,
if a site manager so chooses, to give nodes a different address at each
session. Hosts using dial-up connections receive new addresses for each
connection. Hosts using broadband connections often receive new
addresses every 24 hours. When a host is multi-homed to several
networks, it will indeed receive different IPv4 addresses on each of
these networks.

The current IPv6 practice is to have the 64 bit identifier be either an
IEEE 802 identifier (default) or a random number (temporary addresses,
SEND). When a host is multi-homed through several interfaces, the
different identifiers are used on different interfaces. When a host
configures addresses from multiple prefixes on the same interface, the
802 identifier will often be the same, but the random identifiers will
be different. The current ND spec allows for using the same identifier
with different prefixes, but it certainly does not mandate it.

Do you think that generating a new identifier every day would do the trick?

i mean it would be possible, as Erik mentions, to create a new crypto based id every day, i guess

regards, marcelo

-- Christian Huitema

Follow-Ups:
- Re: Advantages and disadvantages of using CB64 type of identifiers
  - From: Brian E Carpenter <brc@zurich.ibm.com>

References:
- RE: Advantages and disadvantages of using CB64 type of identifiers
  - From: "Christian Huitema" <huitema@windows.microsoft.com>

Prev by Date: RE: Advantages and disadvantages of using CB64 type of identifiers
Next by Date: Re: Is 80 bits enough? [Re: Advantages and disadvantages of using CB64 type of identifiers]
Previous by thread: Re: Advantages and disadvantages of using CB64 type of identifiers
Next by thread: Re: Advantages and disadvantages of using CB64 type of identifiers
Index(es):
- Date
- Thread