[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: set Global ID field to SHA hash of domain name

Hi Iljitsch,

On Fri, 12 Sep 2003, Iljitsch van Beijnum wrote:

> On vrijdag, sep 12, 2003, at 11:07 Europe/Amsterdam, George Gross wrote:
> > 	At the risk of triggering another firestorm of pro/con debate, is
> > there any reason why the centrally assigned Global ID defined by
> > hinden-ipv6-global-local-addr-02.txt could not be simply the low-order
> > 40
> > bits of a SHA hash of a domain name? i.e. if you own the domain name,
> > you
> > get the IP-v6 global ID for "free"? This would side step the angst of
> > setting up yet another global registry...
> Hm, with 2^40 possible prefixes and already something in the order of
> 2^25 domains in use, I expect collisions will be a definite factor.

In a parallel e-mail to Zefram, I offered an algorithm for probing for
uniqueness, and then retrying. OTOH, if you merely want a genuinely local
pseudo-random number, then the collision factor is moot.

> I would also be interested in seeing how the SHA-1 algorithm holds up.
> Anyone care to get a suitably large list of domain names (a million or
> so) and do some statistics on the lower 40 bits of the associated
> SHA-1 hash?

SHA-1 has fairly strong hashing properties, even changing one bit in the
input yields a reasonably diverse output. OTOH, I'm not a cryptographer,
though I'll add that most of what I've heard about SHA-1 is that it is
held in high regard. FYI, you may wish to dredge the IRTF CFRG e-mail
archives for the thread with the Subject line of "one question about hash"
that occured in July of this year.

The good news about those 2^25 domain name holders is that they are the
most likely consumers of this local IP-v6 address prefix, and they would
immediately inherit their's for free without doing anything.

> It did occur to me that the domain name sellers are in a better
> position to give out these prefixes than the traditional IP address
> registries, though. Especially if you consider that they'd just be
> selling domain names under c.f.ip6.arpa.  :-)

Another implicit benefit is that every domain name holder already has a
local IP-v6 prefix allocated on the shelf waiting for them. Musing
outloud, I wonder how that could be leveraged to automatically compute the
IP-v6 address of any IP-v4 endpoint for which you know the FQDN and
your DNS query returned an IP-v4 address record.


IETF IPv6 working group mailing list
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6