Thanks Bob! I think the bottom line here is what's the exposure. If the collision occurred on a MAC address that would effectively get packets to the wrong place and would partially cut off devices from the network.
No such thing here. The collision has no operational consequence. Both nodes will register their addresses fine and there will be no visible effect unless the IPv6 addresses are also in collision. Is there a security opening then? The exposure is that two devices may be capable of claiming one another's address and the 6LBR will fail to prevent this, putting us back to today's situation for these 2 particular devices. Even in the highly remote chance that they are on a same subnetwork, even if one is a really mean device, L2 crypto does not allow node B to see what UID is used by device A so those 2 devices will not know they are in this situation. It's good to add words to explain all this but the chance of accident are too remote to be of consequence. Instead we need to focus on getting a CGA that is hard enough to attack.... Regards, Pascal > Le 20 juil. 2016 à 13:17, Robert Moskowitz <[email protected]> a écrit > : > > > >> On 07/20/2016 11:59 AM, Mohit Sethi wrote: >> Dear Behcet and Pascal >> >> I have previously reviewed the draft on address protected neighbor >> discovery: draft-sarikaya-6lo-ap-nd-01. >> >> I generally like the idea but still have some questions. I wonder what about >> collisions for cryptographic IDs. The draft defines them as 64-bits long. I >> assume that at a minimum 80 bits are needed to assume that it is collision >> free. Or is it the case that collisions are not an issue in this case? > > I just ran some numbers through for another problem with a 64bit number > field. It works out as follows. > > The formula is: 1 - e^{-k^2/(2n)} > > Where n is your maximum popluation size (2^64 here, 1.84E19) and K is your > actual population. > > A .01% probablity of a collision is a bit less than 66M devices. > > If everyone in the world has one device (7B), then you are up to a 73% > probablity of a collision. > > So your risk of a collision on a network is there, but really low. > > ID author, you may want to put this formula into your draft. > > > _______________________________________________ > 6lo mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/6lo _______________________________________________ 6lo mailing list [email protected] https://www.ietf.org/mailman/listinfo/6lo
