Re: [6lo] privacy enhanced l2 addresses and parent selection in ROLL

Tue, 19 Jul 2016 07:55:51 -0700

If the transition can be augmented by an ephemeral public key, and some parameters, perhaps, in dhcpv6, this could work as you indicated in a safe manner. 

On 07/19/2016 03:29 PM, Michael Richardson wrote:

Pascal spoke today in 6man concerning the process of providing privacy
enhanced addresses in 6man, and how LLNs typically use their 2-byte short
addresses for layer-2, and also for forming L3 addresses.
Pascal mentioned that 2-byte addresses can be dhcpv6 assigned and therefore
unrelated to the EUI-64.  (Of course, many just use the bottom two bytes of
the EUI-64, and don't do DAD or ND at all.. Let's agree they are not to spec)

I was thinking about the dhcpv6 process.  In order to do it in a route-over
mesh, the route-over mesh needs to be up in order to get traffic to the
DHCPv6 server.  That means that the DAG has been formed using EUI-64 derived
link local addresses.

Afterward, the 6LNs will allocate a 2-byte v6 address from the dhcpv6 server,
and will then set their L2 address based upon that.    I think that this is
not specified anywhere...?

But, the thing that got to write this email (while doing my IETF96 laundry),
is the parent selection process.  Do we need to have a way for an RPL parent
to say in it's DIO, "I know you see me as fe80::1234, but you knew me before
as fe80::1234:56fe:ff78:abcd", such that there could be a seamless and
efficient transition to the new 2-byte addresses?

Perhaps it's good enough that the node, having been allocated a 2-byte L2
address, does a gratitous NA where it announces it's EUI64 LL address with
it's 2-byte L2 address?  How does that sit security-wise?  Have we just
encouraged the network to accept gratuitous L2 address spoofing?

How does this interact with Back-Bone Router EARO processing?

--
Michael Richardson <[email protected]>, Sandelman Software Works
  -= IPv6 IoT consulting =-





_______________________________________________
6lo mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lo



_______________________________________________
6lo mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/6lo






















					Reply via email to