Keith,
Fortunately the mistake is easily rectified, so long
as software doesn't get into the habit of expecting the lower 64 bits
of an address to be a unique interface identifier.
This is a dangerous prospect. The company I work for makes a networking
stack and our IPv6 implementation expects the lower 64 bits to be the unique
interface identifier. Other implementations do the same. Now would be the
time to change the spec if its going to be done, otherwise it will already
have market penetration just like NAT.
Dan
-----Original Message-----
From: owner-ietf(_at_)ietf(_dot_)org [mailto:owner-ietf(_at_)ietf(_dot_)org]On
Behalf Of Keith
Moore
Sent: Tuesday, December 02, 2003 1:03 PM
To: Iljitsch van Beijnum
Cc: moore(_at_)cs(_dot_)utk(_dot_)edu; anthony(_at_)atkielski(_dot_)com;
ietf(_at_)ietf(_dot_)org
Subject: IPv6 addressing limitations (was "national security")
RFC 3513 mandates that all unicast IPv6 addresses except the ones
starting with the bits 000 must have a 64-bit interface identifier in
the lower 64 bits.
This was shortsighted, just like having the notion of "class" built into
IPv4 addresses was shortsighted. People are going to need to subnet
past /64 sooner rather than later, and subnetting past /64 is a LOT
better than NAT. Fortunately the mistake is easily rectified, so long
as software doesn't get into the habit of expecting the lower 64 bits
of an address to be a unique interface identifier.
This has some important advantages, most notably it
allows stateless autoconfiguration.
Providing an alternative to stateless autoconfiguration for subnets
past /64 might be a acceptable compromise.
Putting a 64-bit crypto-based host identifier in the bottom 64 bits of
IPv6 addresses shouldn't get in the way of regular IPv6 addressing
mechanisms and/or operation.
Putting a crypto-based host identifier in the address is unnecessary,
since there's really no need to include a strong host identifier in
every packet sent to a host. The locator alone is usually sufficient,
and if that's not sufficient, the sender can generally encrypt the
traffic with a secret known only to the intended destination.
Keith