Recommendation on Stable IPv6 Interface Identifiers
draft-ietf-6man-default-iids-00

The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft that was ultimately published as RFC 8064.
Expired & archived
Authors Fernando Gont , Alissa Cooper , Dave Thaler , Will (Shucheng) LIU
Last updated 2014-07-28 (Latest revision 2014-01-24)
RFC stream Internet Engineering Task Force (IETF)
Formats
txt htmlized pdf bibtex bibxml
Reviews
OPSDIR Last Call review (of -16) by Sarah Banks Ready
GENART Last Call review (of -16) by Roni Even Ready
SECDIR Last Call review (of -16) by Charlie Kaufman Ready
INTDIR Early review (of -15) by Jouni Korhonen Ready
Additional resources Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Became RFC 8064 (Proposed Standard)
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits Search email archive
draft-ietf-6man-default-iids-00 
IPv6 maintenance Working Group (6man)                            F. Gont
Internet-Draft                                    SI6 Networks / UTN-FRH
Updates: 2464, 2467, 2470, 4291                                A. Cooper
(if approved)                                                      Cisco
Intended status: Standards Track                               D. Thaler
Expires: July 28, 2014                                         Microsoft
                                                                  W. Liu
                                                     Huawei Technologies
                                                        January 24, 2014

          Recommendation on Stable IPv6 Interface Identifiers
                    draft-ietf-6man-default-iids-00

Abstract

   Stateless Address Autoconfiguration (SLAAC) for IPv6 typically
   results in hosts configuring one or more stable addresses composed of
   a network prefix advertised by a local router, and an Interface
   Identifier that typically embeds a hardware address (e.g., an IEEE
   LAN MAC address).  The security and privacy implications of embedding
   hardware addresses in the Interface Identifier have been known and
   understood for some time now, and some popular IPv6 implementations
   have already deviated from such schemes to mitigate these issues.
   This document recommends [I-D.ietf-6man-stable-privacy-addresses] as
   the default scheme for the generating stable IPv6 addresses and
   recommends against embedding hardware addresses in IPv6 Interface
   Identifiers.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on July 28, 2014.

Copyright Notice

Gont, et al.              Expires July 28, 2014                 [Page 1]
Internet-Draft            Default Interface-IDs             January 2014

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Generation of IPv6 Interface Identifiers . . . . . . . . . . .  5
   4.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  6
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     7.1.  Normative References . . . . . . . . . . . . . . . . . . .  9
     7.2.  Informative References . . . . . . . . . . . . . . . . . .  9
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10

Gont, et al.              Expires July 28, 2014                 [Page 2]
Internet-Draft            Default Interface-IDs             January 2014

1.  Introduction

   [RFC4862] specifies Stateless Address Autoconfiguration (SLAAC) for
   IPv6 [RFC2460], which typically results in hosts configuring one or
   more "stable" addresses composed of a network prefix advertised by a
   local router, and an Interface Identifier (IID) [RFC4291] that
   typically embeds a hardware address (e.g., an IEEE LAN MAC address).

   The security and privacy implications of embedding a hardware address
   in an IPv6 Interface ID have been known for some time now, and are
   discussed in great detail in
   [I-D.ietf-6man-ipv6-address-generation-privacy]; they include:

   o  Network activity correlation

   o  Location tracking

   o  Address scanning

   o  Device-specific vulnerability exploitation

   Some popular IPv6 implementations have already deviated from the
   traditional stable IID generation scheme to mitigate the
   aforementioned security and privacy implications [Microsoft].

   As a result of the aforementioned issues, this document recommends
   the implementation of an alternative scheme
   ([I-D.ietf-6man-stable-privacy-addresses]) as the default stable
   Interface-ID generation scheme, such that the aforementioned issues
   are mitigated.

   NOTE: [RFC4291] defines the "Modified EUI-64 format" for Interface
   identifiers.  Appendix A of [RFC4291] then describes how to transform
   an IEEE EUI-64 identifier, or an IEEE 802 48-bit MAC address from
   which an EUI-64 identifier is derived, into an interface identifier
   in the Modified EUI-64 format.

Gont, et al.              Expires July 28, 2014                 [Page 3]
Internet-Draft            Default Interface-IDs             January 2014

2.  Terminology

   Stable address:
      An address that does not vary over time within the same network
      (as defined in [I-D.ietf-6man-ipv6-address-generation-privacy].

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

Gont, et al.              Expires July 28, 2014                 [Page 4]
Internet-Draft            Default Interface-IDs             January 2014

3.  Generation of IPv6 Interface Identifiers

   Nodes SHOULD NOT employ IPv6 address generation schemes that embed
   the underlying hardware address in the Interface Identifier.  Namely,
   nodes SHOULD NOT generate Interface Identifiers with the schemes
   specified in [RFC2464], [RFC2467], and [RFC2470].

   Nodes SHOULD implement and employ
   [I-D.ietf-6man-stable-privacy-addresses] as the default scheme for
   generating stable IPv6 addresses with SLAAC.

Gont, et al.              Expires July 28, 2014                 [Page 5]
Internet-Draft            Default Interface-IDs             January 2014

4.  IANA Considerations

   There are no IANA registries within this document.  The RFC-Editor
   can remove this section before publication of this document as an
   RFC.

Gont, et al.              Expires July 28, 2014                 [Page 6]
Internet-Draft            Default Interface-IDs             January 2014

5.  Security Considerations

   This document recommends [I-D.ietf-6man-stable-privacy-addresses] as
   the default scheme for generating IPv6 stable addresses with SLAAC,
   such that the security and privacy issues of Interface IDs that embed
   hardware addresses are mitigated.

Gont, et al.              Expires July 28, 2014                 [Page 7]
Internet-Draft            Default Interface-IDs             January 2014

6.  Acknowledgements

   The authors would like to thank (in alphabetical order) Fred Baker,
   Scott Brim, Brian Carpenter, Tim Chown, Lorenzo Colitti, Jean-Michel
   Combes, Greg Daley, Ralph Droms, David Farmer, Brian Haberman, Bob
   Hinden, Jahangir Hossain, Ray Hunter, Sheng Jiang, Roger Jorgensen,
   Dan Luedtke, George Mitchel, Erik Nordmark, Simon Perreault, Tom
   Petch, Alexandru Petrescu, Michael Richardson, Arturo Servin, Mark
   Smith, Tom Taylor, Ole Troan, and Tina Tsou, for providing valuable
   comments on earlier versions of this document.

   Fernando Gont would like to thank Ray Hunter for providing valuable
   input on this topic.

Gont, et al.              Expires July 28, 2014                 [Page 8]
Internet-Draft            Default Interface-IDs             January 2014

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2460]  Deering, S. and R. Hinden, "Internet Protocol, Version 6
              (IPv6) Specification", RFC 2460, December 1998.

   [RFC2464]  Crawford, M., "Transmission of IPv6 Packets over Ethernet
              Networks", RFC 2464, December 1998.

   [RFC2467]  Crawford, M., "Transmission of IPv6 Packets over FDDI
              Networks", RFC 2467, December 1998.

   [RFC2470]  Crawford, M., Narten, T., and S. Thomas, "Transmission of
              IPv6 Packets over Token Ring Networks", RFC 2470,
              December 1998.

   [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing
              Architecture", RFC 4291, February 2006.

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless
              Address Autoconfiguration", RFC 4862, September 2007.

   [I-D.ietf-6man-stable-privacy-addresses]
              Gont, F., "A Method for Generating Semantically Opaque
              Interface Identifiers with IPv6 Stateless Address
              Autoconfiguration (SLAAC)",
              draft-ietf-6man-stable-privacy-addresses-16 (work in
              progress), December 2013.

7.2.  Informative References

   [I-D.ietf-6man-ipv6-address-generation-privacy]
              Cooper, A., Gont, F., and D. Thaler, "Privacy
              Considerations for IPv6 Address Generation Mechanisms",
              draft-ietf-6man-ipv6-address-generation-privacy-00 (work
              in progress), October 2013.

   [Microsoft]
              Davies, J., "Understanding IPv6, 3rd. ed",  page 83,
              Microsoft Press, 2012, <http://it-ebooks.info/book/1022/>.

Gont, et al.              Expires July 28, 2014                 [Page 9]
Internet-Draft            Default Interface-IDs             January 2014

Authors' Addresses

   Fernando Gont
   SI6 Networks / UTN-FRH
   Evaristo Carriego 2644
   Haedo, Provincia de Buenos Aires  1706
   Argentina

   Phone: +54 11 4650 8472
   Email: fgont@si6networks.com
   URI:   http://www.si6networks.com

   Alissa Cooper
   Cisco
   707 Tasman Drive
   Milpitas, CA  95035
   US

   Phone: +1-408-902-3950
   Email: alcoop@cisco.com
   URI:   https://www.cisco.com/

   Dave Thaler
   Microsoft
   Microsoft Corporation
   One Microsoft Way
   Redmond, WA  98052

   Phone: +1 425 703 8835
   Email: dthaler@microsoft.com

   Will Liu
   Huawei Technologies
   Bantian, Longgang District
   Shenzhen  518129
   P.R. China

   Email: liushucheng@huawei.com

Gont, et al.              Expires July 28, 2014                [Page 10]