On Apr 25, 2013, at 5:32 PM, Fernando Gont <fgont(_at_)si6networks(_dot_)com>
wrote:
Hi, Ben,
Thanks so much for your feedback! Please find my comments in-line...
On 04/25/2013 03:39 PM, Ben Campbell wrote:
Minor issues:
-- section 3, third paragraph from end:
The paragraph suggests that changing the number of network interfaces
should be rare. I think it's quite common in practice for the sorts
of hosts likely to move between subnets regularly. For example, my
Macbook Pro uses an external (Thunderbolt attached) ethernet
interface which regularly gets disconnected and reconnected. Same
might hold true for a USB attached wireless modem. And I have any
number of VPNs which may be active or not at any given time.
I will tweak the text a bit -- as noted in other threads, I will replace
"Interface Index" with a generic "Interface_ID", and will comment on the
desired properties, and note that two possible options for it are the
Interface Index and the Interface name -- with the interface name
probably being more constant in the scenarios that you describe.
Works for me.
-- section 3, 2nd paragraph from end:
You describe the affects of including Network_ID in some detail. It
would be helpful to note the consequences of _not_ including it.
Well, should we really do it? -- after all, you MUST include it.
Hmm. Section 3 says Network_ID is optional.
Nits/editorial comments:
-- section 1, 4th paragraph: "Therefore, it is vital..."
That seems a bit overstated. We're not talking about breaking the
Internet here, are we?
Well, that depends... there are scenarios in which privacy is really vital.
It's not a big deal, really, but it might be worth mentioning the context in
which it's "vital". Or maybe tone it down to merely "important" :-)
[...]
-- 1, paragraph 11: "This document does not update..."
How is adding an alternative algorithm _not_ an update?
Well, you still send an RS, receive an RA, and generate an IID.
Me, I'd probably update RFC 4862, so that we make sure that folks
implementing SLAAC take a look at this document, but....
...?
(The reason you mention is one of the best reasons I can think of to call it an
update--but if the working group consciously chose not to make it an update, I
can live with it.)
--1, paragraph 12: "... may already address"
Is the "already addressing" part in question? Or is it a matter of
addressing it in some circumstances, but not others? If the latter,
it would help to elaborate.
Not sure what you mean. The idea is that, in many scenarios,
draft-ietf-stable-privacy-addresses may be good enough to address your
privacy concerns.
The way it's worded, it looks like you think it might address the concerns, but
aren't sure. I doubt that's the intent. Simply saying "may address certain
privacy concerns", or "in some circumstances, will address...". OTOH,
elaborating on the specific concerns addressed would be even better. Do you
mean to say it addresses the concerns already mentioned in this draft? If so,
you could use language stronger than "may".
Your answer to my next comment is instructive for this as well.
-- 6, last paragraph: "... may mitigate..."
Not sure? Or only under some circumstances?
The idea is that the only privacy implication that this doesn't mitigate
is correlation of node activities within the same network.
However, that really depends on the number of active nodes within the
same subnet. For example, if you have only one active node in the
subnet, then no matter whether its changes its addresses, its activities
can be easily correlated.
Saying that would be helpful.
-- references: RFC1948 is obsoleted by 6528. Is there a reason to
reference the obsolete version?
Yes: RFC1948 is only referenced in the Acks section, where I note that
this document was inspired by Bellovin's work on RFC1948. While RFC6528
obsoletes RFC1948, the algorithm in that RFC is the same as that in RFC1948.
So 6528 equally illustrates Steve Bellovin's work, and is also more current,
right? If someone decided to follow up to better understand your inspiration,
which draft would you prefer them to read?
Thanks!
Ben.