On 21 Mar 2016, at 13:05, Thomas Haller < thaller redhat com> wrote:
On Mon, 2016-03-21 at 08:43 -0400, Stuart D. Gathman wrote: On Mon, 21 Mar 2016, Xen wrote:
First of all, a random non-reusable address is clearly a bag of
nonsense, as
you indicate. That's no sane method of doing anything. Think of a
programming stack, queue or list. You want the queue, stack or list
to
remain in an elegant state, for instance that indices keep starting
at 0 and
that the first element is at index 0. You don't want a runaway
system where
the indices become higher and higher constantly but you expect not
to run
into trouble because you have reserved 64-bit for them.
Maybe I'm assuming, perhaps. Then enlighten me.
The privacy feature is optional. When used, it is used only for
outgoing connections from the device. There is still a fixed IP6
that
can be given out to things that need to connect to it. It is
generally
a good idea not to use SLAAC if privacy is a concern, as that exposes
your MAC and can be tracked across multiple locations (e.g. if coffee
shops all had IP6 but no DHCP6, then your device would be recognized
at each coffee shop).
Note that there are also private stable addresses: https://tools.ietf.org/html/rfc7217https://blogs.gnome.org/lkundrak/2015/12/03/networkmanager-and-privacy-in-the-ipv6-internet/
There are further complications arising from ISP disconnection or prefix renumbering. Homenet rfcs discuss the use of ULAs (similar in concept to rfc 1918 addresses) to handle the startup situation of building a house before its connected to an ISP, but providing multiple /48 subnets that can be routed between so that the installed hosts can communicate. I’d not expected prefixes to change often, but discussion with ISPs that are rolling out IPv6 show that this will be standard practice. Homenet covers this too, including automated dns updates.
An open issue to me is how the OS apis would need to be changed to work with varying source routeing (each host will have several IPv6 addresses, with varying latency, bandwidth and monetary costs. I think that the use of per host certficates will also need some work to avoid spoofing in the face of multiple IP addresses, while not making it too hard for a consumer to replace a host (e.g. a room thermometer, or the mote monitoring a tyre on her car).
The current state of homenet has no security model, and the general experience of the development of security models in the computer industry has not been good.
tc
|
