On 04/23/2013 12:55 PM, Christian Huitema wrote: >>> And I would observe that the DAD problem cannot be solved ina >>> reliable way. >> >> Could you please elaborate? > > (Moving to the ipv6 mailing list, as this is way too detailed for the > main IETF list.) > > The goal is to use the same address when repeatedly visiting the same > network. However, since we are using random numbers, we do not have > guarantees that these addresses will not collide. Suppose that two > hosts, A and B, want to use the same "colliding" addresses. If A > connects first, B will have to use a fallback address. If B connects > first, it will be A's turn to use a fallback address. That means > that, given collisions, we fundamentally cannot guarantee that "the > same host will always have the same address on the same network."
Agreed. But we have 64-bit Interface IDs. If you get collisions, and you get the nodes connecting in different sequences... well... call that "bad luck" ;-) At the end of the day, you cannot guarantee that because the TCP checksum is valid and e.g. the Ethernet CRC is valid, the data being transferred does not contain across, either. And you cannot guarantee that packet have a limited lifetime on a network (after all, nothing is taking into account the time it takes for the packet to be put in the network, and travel from one router to another), and.... > Your draft attempts to make the fallback predictable, by > incorporating a DAD counter in the seeds of your nominal algorithm. > But that means redefining the solution a only a guarantee that "the > visiting host will have one of the same 2 or 3 addresses on the So you're implying that on a given network, there might be e.g. three collisions. What would be the probability of that from happening? > By the way, there are many issues relate to privacy and mobility, and > I am not sure that we can address them. Suppose that, as an attacker, > I want to know the correspondence between a visiting host, identified > by a particular MAC address, and the IPv6 address that this host use > when "at home." I can somehow get control of a hot spot that the > target host will visit. Then I can instruct the hot spot to announce > in RA the very same prefix as the target's home network. Voila, the > host will start doing DAD with their home network IPv6 address... That assumes that the nodes uses the same network interface to access its home network and your compromised hotspot, and that, if Network IDs are employed for F(), you know what's the Network ID in use at home. At the point you get to this kind of attack ascenario, and *if* it is a concern, you may need some additional mitigations (e.g., SEND or the like). -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
