Geoff Huston wrote: > > Brian Carptener writes: > > > > > http://www.apnic.net/meetings/16/programme/sigs/docs/policy/addpol-doc-huston-local-use-addrs.doc > > > attempts to to refine this draft into some considerations from a registry > > > perspective. (If there's interest > > > I'll put this out as an Internet Draft) > > > >Geoff, > > > >Three comments on your draft: > > Thank you for reviewing the document > > >1. I don't think the RIRs as institutions have any special standing > >to comment on the locally-assigned variant in draft-hinden. It's a > >technical choice for the WG and the IETF. If you're arguing personally > >that you don't like the birthday paradox risk, let's discuss it. > > It is an individual document, as stated by listing only myself as the author. > It is not an RIR document, and it does not represent any RIR position. > As an individual IETF participant I have as much standing to comment > on the locally assigned random choice proposal as any other > individual, obviously.
Of course. But some of the phrasing suggested to me, perhaps falsely, that you were thinking of processing this draft via the RIRs. There may certainly be RIR issues later on, but for now the IETF seems the right forum. (so, in answer to your earlier question, this could become an I-D, or we can enrol you as an experimental SIR and call it a SIR review.) > > The probability of a collision using random choice is not a paradox. Its > a simple calculation, using the formula as given in the document. Well, the birthday paradox isn't really a paradox either. > > The observation is that even though the /8 space contains > 1.1 trillion entries, there is a greater than 0.5 probability that there will > be a clash after some 1.2 million draws. Normally this would not matter in the > slightest, BUT the proposal also notes a potential to use these addresses > in the context of end point identifiers, and in such a case there is > a strict requirement for uniqueness, and my observation is that self-driven > random choice is inadequate. Its not a paradox risk. Its just the underlying > mathematics of random draw probabilities. The question is whether we think that risk is acceptable to an individual site. The odds are much worse than would be acceptable in a cryptographic context, but I don't think that is the right criterion. After all, whatever pseudo-random value I use, you can copy and spoof anyway - that's a much greater risk than random collision, even with millions of values in use. > >2. Most of your arguments appear to be hinting at a re-run of the ICANN > >wars for the centrally assigned variant. Well, that's why there is an > >analogy with .org in the draft. You may be right that the pricing level > >should be set competitively, but I really don't see this being a gold > >rush. There's not much marketing value in a random number. In any case, > >you're correct that the IETF can't decide this, but we need to give IANA > >the clearest instructions possible. > > I honestly can't make any sense of these sentences. Could you please > rephrase it? Not sure. Let me try. You argue that granting a monopoly over the assignment of unique pseudo-random numbers against a small fee won't be found acceptable. I'm arguing that this is analagous to the thinking that led to the Green Paper, ICANN, and eventually to alternative TLD registries. But I'm also arguing that random numbers won't generate the kind of South Sea Bubble madness we saw around domain names, so it should be easier to get to a non-profit solution for the public good. And I'm agreeing with you that the IETF's role in this is limited to setting technical boundary conditions, leaving IANA to solve the non-technical issues. > > >Incidentally, since these are not routeable addresses, and have no > >geography, it doesn't follow that the RIRs have a role in this part > >of the address space. In fact, the RIRs might be quite uncomfortable > >with the idea of competing in the sale of random numbers. > > It may be. It may not. But attempting to second guess anyone, as > you appear to be doing in your comment, No. Your draft seemed to me to imply that the RIRs automatically have a role in this type of address space. I just want to say that isn't at all obvious to me, and it isn't obvious to me that they'd even want such a role. > without at least > allowing them the courtesy of consideration of the issues is not normally > considered a very wise course of action. I'd be amazed if the RIRs didn't consider them. > So this document is > considering the issues and looking at the pros and cons of various > forms of distribution, and looking at an RIR perspective in > considering the implications of a central registry function of > such local use allocations. You'd prefer that this analysis was > done behind closed doors? No. I think it's actually a bit premature, since the IETF hasn't decided if it wants to go this way, but it's much better discussed in public (as the RIRs have done with many other issues). > I'd be tempted to guess that your > answer would be a 'no', but I'll avoid the temptation to second > guess you and leave it for you to answer. > > >3. I feel strongly that this absolutely needs to be a one-time fee. > >The idea of constructing an artificial service industry to maintain > >an annual registration system for random numbers is plain wasteful. > > And the document considers this approach as well as others. Interestingly > enough there are other perspectives here to the one you've stated, and > there are pros and cons to each of them, and the document explores > some aspects of these considerations. You appear to offer the hint > here that its in some manner heretical behaviour to explore alternatives. What we're dealing with here is intrinsically a much simpler problem than the RIRs had to solve for aggregatable address space when CIDR arrived. There are very good reasons why routeable address space allocation requires policies, justifications, and annual fees. I will take a lot of convincing that we can't fund a one-time pseudo-random allocation with a one-time fee. After all, if after a few years nobody applies for numbers any more, the escrowed numbers can be saved on a CD and the registry can close down, and there's no need for continued fees. I'm really after a KISS solution here. Of course it isn't heretical to discuss alternatives, but let's look for the simplest way that works. Brian - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Brian E Carpenter Distinguished Engineer, Internet Standards & Technology, IBM NEW ADDRESS <[EMAIL PROTECTED]> PLEASE UPDATE ADDRESS BOOK -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
