Hi, Ben,
Thanks so much for your feedback! Please find my comments in-line...
On 04/25/2013 03:39 PM, Ben Campbell wrote:
Minor issues:
-- section 3, third paragraph from end:
The paragraph suggests that changing the number of network interfaces
should be rare. I think it's quite common in practice for the sorts
of hosts likely to move between subnets regularly. For example, my
Macbook Pro uses an external (Thunderbolt attached) ethernet
interface which regularly gets disconnected and reconnected. Same
might hold true for a USB attached wireless modem. And I have any
number of VPNs which may be active or not at any given time.
I will tweak the text a bit -- as noted in other threads, I will replace
"Interface Index" with a generic "Interface_ID", and will comment on the
desired properties, and note that two possible options for it are the
Interface Index and the Interface name -- with the interface name
probably being more constant in the scenarios that you describe.
-- section 3, 2nd paragraph from end:
You describe the affects of including Network_ID in some detail. It
would be helpful to note the consequences of _not_ including it.
Well, should we really do it? -- after all, you MUST include it.
Nits/editorial comments:
-- section 1, 4th paragraph: "Therefore, it is vital..."
That seems a bit overstated. We're not talking about breaking the
Internet here, are we?
Well, that depends... there are scenarios in which privacy is really vital.
-- 1, 6th paragraph: "Also, they result in increased complexity..."
What sort of complexity? Implementation complexity? It's a bit
confusion because the previous sentences already talk about increased
complexity of specific sorts. It would help to mention what sort of
additional complexity is referred to here.
Yep, implementation complexity -- I will clarify this.
-- 1, paragraph 11: "This document does not update..."
How is adding an alternative algorithm _not_ an update?
Well, you still send an RS, receive an RA, and generate an IID.
Me, I'd probably update RFC 4862, so that we make sure that folks
implementing SLAAC take a look at this document, but....
--1, paragraph 12: "... may already address"
Is the "already addressing" part in question? Or is it a matter of
addressing it in some circumstances, but not others? If the latter,
it would help to elaborate.
Not sure what you mean. The idea is that, in many scenarios,
draft-ietf-stable-privacy-addresses may be good enough to address your
privacy concerns.
-- 6, last paragraph: "... may mitigate..."
Not sure? Or only under some circumstances?
The idea is that the only privacy implication that this doesn't mitigate
is correlation of node activities within the same network.
However, that really depends on the number of active nodes within the
same subnet. For example, if you have only one active node in the
subnet, then no matter whether its changes its addresses, its activities
can be easily correlated.
-- references: RFC1948 is obsoleted by 6528. Is there a reason to
reference the obsolete version?
Yes: RFC1948 is only referenced in the Acks section, where I note that
this document was inspired by Bellovin's work on RFC1948. While RFC6528
obsoletes RFC1948, the algorithm in that RFC is the same as that in RFC1948.
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont(_at_)si6networks(_dot_)com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492