Re: Gen-ART LC Review of draft-ietf-6man-stable-privacy-addresses-06

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Apr 25, 2013, at 5:32 PM, Fernando Gont <fgont@xxxxxxxxxxxxxxx> wrote:

> Hi, Ben,
> 
> Thanks so much for your feedback! Please find my comments in-line...
> 
> On 04/25/2013 03:39 PM, Ben Campbell wrote:
>> Minor issues:
>> 
>> -- section 3, third paragraph from end:
>> 
>> The paragraph suggests that changing the number of network interfaces
>> should be rare. I think it's quite common in practice for the sorts
>> of hosts likely to move between subnets regularly. For example, my
>> Macbook Pro uses an external (Thunderbolt attached) ethernet
>> interface which regularly gets disconnected and reconnected. Same
>> might hold true for a USB attached wireless modem. And I have any
>> number of VPNs which may be active or not at any given time.
> 
> I will tweak the text a bit -- as noted in other threads, I will replace
> "Interface Index" with a generic "Interface_ID", and will comment on the
> desired properties, and note that two possible options for it are the
> Interface Index and the Interface name -- with the interface name
> probably being more constant in the scenarios that you describe.
> 

Works for me.

> 
> 
>> -- section 3, 2nd paragraph from end:
>> 
>> You describe the affects of including Network_ID in some detail. It
>> would be helpful to note the consequences of _not_ including it.
> 
> Well, should we really do it? -- after all, you MUST include it.

Hmm. Section 3 says Network_ID is optional.


> 
>> 
>> Nits/editorial comments:
>> 
>> -- section 1, 4th paragraph: "Therefore, it is vital..."
>> 
>> That seems a bit overstated. We're not talking about breaking the
>> Internet here, are we?
> 
> Well, that depends... there are scenarios in which privacy is really vital.

It's not a big deal, really, but it might be worth mentioning the context in which it's "vital". Or maybe tone it down to merely "important" :-)

[...]

> 
> 
> 
>> -- 1, paragraph 11: "This document does not update..."
>> 
>> How is adding an alternative algorithm _not_ an update?
> 
> Well, you still send an RS, receive an RA, and generate an IID.
> 
> Me, I'd probably update RFC 4862, so that we make sure that folks
> implementing SLAAC take a look at this document, but....
> 

...?

(The reason you mention is one of the best reasons I can think of to call it an update--but if the working group consciously chose not to make it an update, I can live with it.)


> 
>> --1, paragraph 12: "... may already address"
>> 
>> Is the "already addressing" part in question? Or is it a matter of
>> addressing it in some circumstances, but not others? If the latter,
>> it would help to elaborate.
> 
> Not sure what you mean. The idea is that, in many scenarios,
> draft-ietf-stable-privacy-addresses may be good enough to address your
> privacy concerns.

The way it's worded, it looks like you think it might address the concerns, but aren't sure. I doubt that's the intent. Simply saying "may address certain privacy concerns", or "in some circumstances, will address...". OTOH, elaborating on the specific concerns addressed would be even better. Do you mean to say it addresses the concerns already mentioned in this draft? If so, you could use language stronger than "may".

Your answer to my next comment is instructive for this as well.


> 
> 
> 
>> -- 6, last paragraph: "... may mitigate..."
>> 
>> Not sure? Or only under some circumstances?
> 
> The idea is that the only privacy implication that this doesn't mitigate
> is correlation of node activities within the same network.
> However, that really depends on the number of active nodes within the
> same subnet. For example, if you have only one active node in the
> subnet, then no matter whether its changes its addresses, its activities
> can be easily correlated.
> 

Saying that would be helpful.

> 
> 
>> -- references: RFC1948 is obsoleted by 6528. Is there a reason to
>> reference the obsolete version?
> 
> Yes: RFC1948 is only referenced in the Acks section, where I note that
> this document was inspired by Bellovin's work on RFC1948. While RFC6528
> obsoletes RFC1948, the algorithm in that RFC is the same as that in RFC1948.

So 6528 equally illustrates Steve Bellovin's  work, and is also more current, right? If someone decided to follow up to better understand your inspiration, which draft would you prefer them to read?

Thanks!

Ben.







[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]