6man Working Group                                           Yu hua bing 	
Internet-Draft                                    Ruijie Networks, China 	
Intended status: Standards Track                                         	
Expiration: September 10, 2011                                               	
                                                          March 10, 2011 	
                                                                         	
            DisablePrivacy Flag of Prefix-information Option 
                  in the Router Advertisement              	
                draft-yhb-6man-ra-privacy-flag-02	

Abstract

   The temporary addresses described by RFC4941 makes it more difficult
   for eavesdroppers and other information collectors to track the 
   hosts,and it is necessary to the home networks,but in the enterprise 
   networks, it is not necessary, and some network administrators want 
   to disable the temporary addresses. This document tries to provide a
   solution to these network administrators,and they can specify whether
   the prefixes can be used to generate the temporary addresses.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.
   
   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."
      
Copyright Notice

   Copyright (c) 2011 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.







Yu hua bing              Expires September 2011                 [Page 1]

Internet-Draft     DP Flag of Prefix-information Option       March 2011

Table of Contents

   1. Introduction ....................................................2
   2. Protocol Specification ..........................................3
      2.1. Modified Prefix-information Option .........................3
      2.2. Router Specification .......................................3
      2.3. Host Specification .........................................4
   3. Security Consideration ..........................................4
   4. Acknowledgements ................................................4
   5. Change log ......................................................4   
   6. References ......................................................5
      6.1. Normative References .......................................5
                                                                                 	
1.  Introduction                                                         	
                                                                         	
   The temporary addresses described by RFC4941 makes it more difficult
   for eavesdroppers and other information collectors to track the 
   hosts,and it is necessary to the home networks,but in the enterprise 
   networks,it is not necessary, and some network administrators want to
   disable the temporary addresses.
   
   In some sites, the network administrators want to deploy stateless 
   address autoconfiguration, and just permit the hardware-derived 
   addresses to communicate with the Internet.They will do as follows:

   (1)Bind the MAC address and the hardware-derived address for each 
   host on the access switches.Because the temporary addresses are 
   variable, it is impossible to bind the MAC address and the temporary 
   address.

   (2)Disable the temporary addresses on each host.Why?Because the 
   temporary addresses may be preferred as the source of the outbound 
   IPv6 traffic.Now it is difficult to disable the temporary addresses 
   on all the hosts in the site,because:

   (2.1)The network administrator has to notify every one to disable the 
   temporary adrresses.In the enterprise with thousands of employees, it
   is very difficult to ensure that every one will see the notice.

   (2.2)Many people are not familier with the host operation system, 
   they don't know how to disable the temporary addresses.    
   
   This document tries to provide a solution to these network 
   administrators,and they can specify whether the prefixes can be used
   to generate the temporary addresses.

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in [RFC2119].




   
Yu hua bing              Expires September 2011                 [Page 2]

Internet-Draft     DP Flag of Prefix-information Option       March 2011

2.  Protocol Specification

2.1.  Modified Prefix-information Option

   In order to implement the solution, a "DisablePrivacy" indication bit
   is added to the Reserved1 section of the prefix-information option in 
   the router advertisement.Figure 1 shows the format of the modified 
   prefix-information option,and "DP" stands for "DisablePrivacy".
   (The "R" bit was specified by [RFC3775], and "Rsvd1" stands for 
   "Reserved1".)

       0                   1                   2                   3
       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |     Type      |    Length     | Prefix Length |L|A|R|D| Rsvd1 |
      |               |               |               | | | |P|       |      
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                         Valid Lifetime                        |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                       Preferred Lifetime                      |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                           Reserved2                           |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |                                                               |
      +                                                               +
      |                                                               |
      +                            Prefix                             +
      |                                                               |
      +                                                               +
      |                                                               |
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      
           Figure 1: Modified Prefix-information Option Format
              
2.2.  Router Specification

   A router MUST allow the following autoconfiguration-related variable
   to be configured by system management for each interface:
 
   (1)DefEnablePrivacyOnIf  This variable specifies the default value 
   for each prefix on the interface.The default value of this variable 
   is true.
     
   (2)PrefixEnablePrivacy  The network administrator can explicitly 
   specify whether the specific prefix can be used to generate the 
   temporary addresses.
   
   If the variable DefEnablePrivacyOnIf is false and the variable 
   PrefixEnablePrivacy for the prefix is not specified explicitly, or 
   if the variable PrefixEnablePrivacy for the prefix is false,when the 
   router sends the router advertisement,set the DisablePrivacy flag of 
   the prefix-information option.


 Yu hua bing              Expires September 2011                 [Page 3]

Internet-Draft     DP Flag of Prefix-information Option       March 2011
   
2.3.  Host Specification

   A host MUST allow the following autoconfiguration-related variable to
   be configured by system management:
  
   EnablePrivacyAddr  It means whether the host can generate the 
   temporary addresses.
      
   When a host receives a valid router advertisement, for each Prefix
   -information option in the router advertisement,if the Managed flag 
   is not set,the Autonomous flag is set,and the variable 
   EnablePrivacyAddr is true,do as follows:
   
   (1)If the host doesn't recognize the DisablePrivacy flag,it SHOULD 
   ignore this flag.

   (2)If the DisablePrivacy flag is not set,the host can use the prefix
   to generate a temporary address.
      
   (3)If the DisablePrivacy flag is set,and the prefix is same with the 
   prefix of a temporary address configured by stateless 
   autoconfiguration already in the list of addresses associated with 
   the interface,do as follows:
      
   (3.1)If the temporary address is in preferred state,the host SHOULD
   change the state of the temporary address to deprecated.
   
   (3.2)If the temporary address is in tentative or duplicate state,the
   host SHOULD delete the temporary address at once.   

3. Security Consideration

   It is possible that an attacker use the "DisablePrivacy" flag to 
   force a host to deprecate it's active temporary addresses, but the 
   threat is not so serious, so don't worry about it too much. If the 
   privacy address is deprecated,the host can use the other IPv6 
   addresses, for example,the public address.
   
4.  Acknowledgements

   The author would like to thank James Woodyatt,Ran Atkinson and other 
   members for reviewing this document and suggesting changes.

5.  Change log

   draft-yhb-6man-ra-privacy-flag-02: modify introduction, and add 
   security consideration, 2011-03-08
   
   draft-yhb-6man-ra-privacy-flag-01: The flag's name changed from 
   Privacy to DisablePrivacy, 2011-03-05

   draft-yhb-6man-ra-privacy-flag-00: original version, 2011-02-22


Yu hua bing              Expires September 2011                 [Page 4]

Internet-Draft     DP Flag of Prefix-information Option       March 2011
    
6.  References                                                          	

6.1.  Normative References

   [RFC4862]  Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless    
              Address Autoconfiguration", RFC 4862, September 2007.
              
   [RFC4941]  T. Narten,R. Draves and S. Krishnan, "Privacy Extensions 
              for Stateless Address Autoconfiguration in IPv6", RFC 
              4941, September 2007.
              
Authors' Addresses                                                       
                                                                         	
   Yu hua bing                                                    	
   Ruijie Networks
   Fuzhou
   Fujian                                                   	
   China                                                                   	
                                              	
   Email: yhb@ruijie.com.cn or yhb810501@gmail.com
                                	
Yu hua bing              Expires September 2011                 [Page 5]