If i may summarize this thread as a method to conclude it. 1. Some people like GUA the most. 2. Smart network operators understand the facts and make decisions based on facts (ULA exist, and it meets a need in some scenarios. NAT and lack of addresses are not reasons to use ULA). 3. Most FUD around ULA comes from an over-reaction to ipv4 NAT sins, misunderstandings about how security policy works in the real world , and deficiencies in mathmatical education. CB On Jul 19, 2012 5:48 AM, "Mark Andrews" <marka@isc.org> wrote:
In message < CAAAwwbXh1wS_9aX4FwGrqmSBJmKGJ0nWHRi9EN53HtL36VhSSg@mail.gmail.com> , Jimmy Hess writes:
On 7/18/12, Karl Auer <kauer@biplane.com.au> wrote:
I don't understand the professed need for provable randomness. Without a number *space* to provide context, randomness is inherently non-provable. The whole point of the randomness of those 40 bits of ULA infix is that any number is as likely as any other number. Someone,
When numbers are selected by choosing a random value; certain ratios of bits set to "1" are more likely to occur than other ratios of bits set to "1".
A random generator that is operating correctly, is much more likely to emit a number with 50% of the bits set to 1, than it is to emit a number with 0% of the bits set to 1, given a sufficient number of bits. If the ratio is inconsistent by a sufficient margin, and your sample of the bits is large enough in number, you can show with high confidence that the number is not random; a 1 in 10 billion chance of the number being randomly generated, would be pretty convincing, for example.
Actually you can't.
fdaa:aaaa:aaaa has 20/20 0/1 bits but is entirely non random. fdf0:f0f0:f0f0 has 20/20 0/1 bits but is entirely non random.
The ratio of the number of bits doesn't tell you anything about whether the number was random or not.
Removing the temptation by excluding the small number of choices with 90% - 95% of the bits set to 1 may eliminate future problems caused by an early "accident"/"error" in assigning the initial ULA, compared to the minor inconvenience of needing to run the ULA generator one more time to get an actual usable range.
somewhere, is eventually going to get 10:0000:0000, someone else will eventually get 20:0000:0000 and so on. And they are just as likely to get them now as in ten years time.
That is extremely improbable. If you generate a million ULA IDs a day, every day, it is expected to be over 1000 years before you generate one of those two.
improbable != impossible
-- -JH
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org