On 04 Mar 2011, at 13:10 , Mikael Abrahamsson wrote: > SLAAC is by definion host-controlled.
Existing RA flags control whether SLAAC is allowed or DHCP is required, so this proposal is not a significant architectural change either to IPv6 or to RA flag use. Any proposal to the WG might or might not meet one's personal definition of "sufficient need to justify changing/adding specs" -- I gather you think it does not meet your definition of sufficient need (jhw and some others seem to have a similar view :-). > You use the term "audit" in a way I don't really understand At least for these users, "audit" has a meaning quite similar to the ordinary business usage (e.g. when a CPA or Chartered Accountant audits a public firm's financial records). In many countries, public firms aren't required to have flawless financial records, merely "good enough" (reportedly this is often expressed as a sufficient "confidence interval"). > If you want to be sure who did what when, you need centrally > controlled IPv6 address hand-out plus something that makes sure > user can't source any other traffic, such as the SAVI-WG > functionality IP/MAC address verification schemes. My apologies if I was unclear. This is NOT access-control, but instead merely audit. As with audits of financial records, perfection is not required, but a certain confidence interval IS desired/required/needed. As near as I can tell, different user organisations target different confidence intervals. If a significant number of systems use the "privacy-mode" addressing, that confidence interval is not achievable. If a tiny number use that mode, a large deployment reportedly can meet the required confidence interval. Again, this is audit, not access control, and absolute perfection is not a requirement. > If you need to know what host had what IP address at what time, > disallow SLAAC and run DHCPv6. I'm told that some users already are using implementation-specific configuration mechanisms (e.g. apparently a MS-Windows "Registry" setting) that allow SLAAC, but disallow the privacy extension. I'm further told that when configured to disable "privacy-mode", such hosts then create the EUI-64 based on some MAC address in the host. I'm told that outcome is quite sufficient for audit purposes, but is expensive and tedious to deploy -- primarily because the configuration is platform-dependent. This proposal would provide an platform-independent way to configure that sort of knob, which knob apparently exists now within an interesting number of deployed end systems. I hope the situation is more clear now. Thanks for your follow-up questions and comments. Cheers, Ran -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
