On 17/12/20 03:07, Martin Thomson wrote:
On Thu, Dec 17, 2020, at 16:19, Christian Huitema wrote:
An informational document documenting a series of past attacks
would be interesting and educational. The kind of rule making
proposed in the draft, on the other hand, would be mostly harmful.
...but this is the most important message. Removing Section 5 and
all that depends on it would make this a better document.
Huh? The whole point of this document is to provide advice, and such
advice is in Section 5.
Separately, I found the list of potential problems in Section 4 to be
approximately OK, though it lacked any mention of a need to
synchronize changes across protocol layers. I acknowledge that that
is about use rather than generation, but that is quite relevant here
too.
That's a good point. We considered that to be implicit here:
o Employing the same identifier across contexts in which constancy
is not required
One trivial example would be the randomization of MAC addresses without
a change in the MAC address triggering generation of a new IPv6 address.
That's what you seem to phrase as "synchronization of changes across
layers".
In the bullet referenced aboce, the MAC address is one of the things
that defines the context for an IPv6 address (along with the SLAAC
prefix, Interface Index, and Network ID (such as SSID).
Do you think this warrants clarification?
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont@xxxxxxxxxxxxxxx
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call