Hi, Zhou, Please find my comments in-line...
On 04/18/2012 02:02 AM, [email protected] wrote: >> Not sure what you mean. -- Having the DHCPv6 server implement >> draft-gont-6man-stable-privacy-addresses might be interesting such that >> stable addresses are leased to nodes state-lessly. > > Will the DHCP server use the same secret key in computation of so many > random interface identifiers? Yes. Note that F() should be cryptographically secure. And hence even if the server had to compute say 1000 addresses, that wouldn't be an issue. > If so, the computation of RID may need to be modified, As already noted on this thread, we might include a "retry" variable in the hash (initialized to 0, but incremented by 1 each time DAD fails), to be used to compute a new RID if DAD fails. In any case, no matter how many the devices, were talking about 2**64 addresses here -- so you'd have to be very unlucky for DAD to fail. :-) > because there is > little left to tweak (the only difference between > clients is Modified_EUI64) in case address collision occurs. In the case of using this algorithm with DHCPv6, I guess the UID would be used instead of Modified_EUI64. > and have you ever thought of refreshing the secret key in SLAAC? If you refresh the secret key, you get a whole new set of addresses. My take is that only in very rare circumstances you'd want to do this. Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
