Internet-Draft Pars Mutaf Expires: December 19, 2006 Institut National des Telecommunications Evry, France June 2006 Constructing an IPv6 interface identifier from a human name Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on December 19, 2006. Copyright Notice Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Mutaf Expires December 9, 2006 [Page 1] Internet-Draft IPv6 interface identifier from human name June 2006 Abstract This document describes some rules for constructing an IPv6 interface identifier from a human name (denoted HUMID). A HUMID-based IPv6 address can augment the reachability of a node in some critical scenarios. HUMID-based IPv6 addresses are configured using standard stateless address autoconfiguration. 1. Introduction This document describes the construction and utilization of IPv6 interface identifiers obtained from human name, or HUMIDs. This document refers to the type of IPv6 addresses where the leftmost 64 bits of a 128-bit address form the subnet prefix and the rightmost 64 bits of the address form the interface identifier [1]. A HUMID is constructed using a cryptographic hash of the user's real name (i.e. human name). For example, John Smith's HUMID is: HUMID = hash(John Smith) A session initiating user can then try to contact his/her friend John Smith by sending a packet to the HUMID-based IPv6 address: subnet_prefix | hash(John Smith) if other methods of obtaining his address have failed. This mode of operation can be used when, for example, DNS is down or unreachable. 2. Guessing the destination's subnet prefix In order to reach a user at his/her HUMID-based IPv6 address, the destination node's subnet prefix must be known. In this section, two different cases are discussed. 2.1 Initiator and responder are in the same subnet In some cases, the session initiating user may know or can guess that the target user is currently located in the same subnet as the session initiating user (same building, campus, village, etc). In this case, the destination's HUMID-based address can easily be constructed. Mutaf Expires December 9, 2006 [Page 2] Internet-Draft IPv6 interface identifier from human name June 2006 2.2 Initiator has a list of possible subnets In some cases, the session initiating user may have obtained a list of 'n' potential subnets where the target user is likely to be located. The initiator may have a subnetting map of the target region, for example. In this case, the initiator may attempt to locate and contact his/her friend John Smith by sending a packet to the IPv6 addresses: subnet_prefix1 | hash(John Smith) subnet_prefix2 | hash(John Smith) subnet_prefix3 | hash(John Smith) ... subnet_prefixn | hash(John Smith) if other methods of obtaining his/her address have failed. When doing so, it is in the initiator's interest to respect the congestion control principles. Otherwise, some packets may be lost and the paging procedure may fail. The initiator will have no reliable way to detect lost packets. Therefore, packets should be inserted slowly, in order to avoid packet loss. It should be noted that the above paging procedure does not have guaranteed success. It is the "last chance method" for contacting a destination host when every other method fails because of infrastructure failure. 3. HUMID construction and guidelines HUMIDs should be as simple as possible. If too much personal information is input to the hash function, other nodes may fail to construct the same HUMID. HUMIDs are based on information that is input by a human. Consequently, it should be easy to remember and guess. Mutaf Expires December 9, 2006 [Page 3] Internet-Draft IPv6 interface identifier from human name June 2006 This document recommends the following method for constructing a HUMID: HUMID=hash(firstname middlename lastname i) where hash is a 62-bit output of a cryptographic hash function. "firstname" is the firstname of the user, without capital letters. "middlename" is the middlename of the user, if any and if used, without capital letters. It is important to note that the "middlename" must be easy to remember as well. If not, it should not be used. "lastname" is the lastname of the user, without capital letters. "i" is 0, 1, 2, etc. By default i=0 should be set. Each time an address collision is detected (with DAD[3]), "i" should be incremented. A white space separates the "firstname", the "middlename" the "lastname" and "i". When attempting to contact a host at its HUMID address, the initiator should send a packet to subnet_prefix | hash(firstname middlename lastname 0) and upon failure another packet to subnet_prefix | hash(firstname middlename lastname 1) and upon failure another packet to subnet_prefix | hash(firstname middlename lastname 2) etc. 4. Security considerations The use of a HUMID contradicts user privacy[4]. Users who configure a HUMID should be beware that a HUMID may reveal the presence and/or location of a user to unwanted parties. Suspecting that John Smith in this subnet, an adversary may verify it by sending a packet to his HUMID address. Sending a reply from the HUMID address will reveal the user's presence and/or location. Mutaf Expires December 9, 2006 [Page 4] Internet-Draft IPv6 interface identifier from human name June 2006 HUMIDs should be used by users for whom, and in cases where, augmented reachability outweighs the above threat. HUMIDs are by no means a proof of address ownership. For proof of address ownership a CGA[2] should be used. HUMID IPv6 addresses are not different from a standard IPv6 address. It is possible to spoof a HUMID-based address. However, HUMID-based address ownership of the responder can be verified during a voice session, since the initiator recognizes his/her voice. 5. Conclusion This document described the construction and utilization of IPv6 interface identifiers obtained from human name, or HUMIDs. HUMIDs can be constructed from information that can easily be remembered and/or guessed. Consequently, they can improve the reachability of an IPv6 node in some critical scenarios. 6. Future work Section 3 does not cover all kinds of human names in the world. More work is needed. References [1] Hinden, R. and S. Deering, "Internet Protocol Version 6 (IPv6) Addressing Architecture", RFC 3513, April 2003. [2] Aura, T., "Cryptographically Generated Addresses (CGA)", RFC 3972, March 2005. [3] Thomson, S., Narten, T., and T. Jinmei, "IPv6 Stateless Address Autoconfiguration", draft-ietf-ipv6-rfc2462bis-08 (work in progress), May 2005. [4] Narten, T. and R. Draves, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", RFC 3041, January 2001. Mutaf Expires December 9, 2006 [Page 5] Internet-Draft IPv6 interface identifier from human name June 2006 Author's Address Pars Mutaf Institut National des Telecommunications Email: pars.mutaf@int-evry.fr This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Mutaf Expires December 9, 2006 [Page 6] Internet-Draft IPv6 interface identifier from human name June 2006