IETF Logo Mail Archive

Re: [homenet] IPv6 & firewall config in a home net

"Ray Hunter (v6ops)" <v6ops@globis.net> Sun, 08 September 2019 12:48 UTC

Return-Path: <v6ops@globis.net>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EF09120074 for <homenet@ietfa.amsl.com>; Sun, 8 Sep 2019 05:48:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W8Of46k2dxxh for <homenet@ietfa.amsl.com>; Sun, 8 Sep 2019 05:48:30 -0700 (PDT)
Received: from globis01.globis.net (92-111-140-212.static.v4.ziggozakelijk.nl [92.111.140.212]) by ietfa.amsl.com (Postfix) with ESMTP id 96AA7120018 for <homenet@ietf.org>; Sun, 8 Sep 2019 05:48:30 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id 8B755401CD; Sun, 8 Sep 2019 14:48:27 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vR2iEloY77Ny; Sun, 8 Sep 2019 14:48:24 +0200 (CEST)
Received: from MacBook-Pro-3.local (h9041.upc-h.chello.nl [62.194.9.41]) (Authenticated sender: v6ops@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 90A7E401B6; Sun, 8 Sep 2019 14:48:24 +0200 (CEST)
To: Mikael Abrahamsson <swmike@swm.pp.se>
Cc: homenet@ietf.org
References: <ca32dd0fca31411588917d55556e2a91@rew09926dag07b.domain1.systemhost.net> <8aab1064-9782-d5dd-e2db-41a5248b5c37@globis.net> <alpine.DEB.2.20.1909060837060.21167@uplift.swm.pp.se>
From: "Ray Hunter (v6ops)" <v6ops@globis.net>
Message-ID: <f21a267f-6aac-044b-5196-cb09236d82de@globis.net>
Date: Sun, 08 Sep 2019 14:48:23 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:52.0) Gecko/20100101 PostboxApp/6.1.18
MIME-Version: 1.0
In-Reply-To: <alpine.DEB.2.20.1909060837060.21167@uplift.swm.pp.se>
Content-Type: multipart/alternative; boundary="------------B0B3238C83276033E7535042"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/HY6qkQ8wwz0lyhDIsXG0mRAIuQA>
Subject: Re: [homenet] IPv6 & firewall config in a home net
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Sep 2019 12:48:33 -0000


Mikael Abrahamsson wrote on 06/09/2019 08:59:
> On Thu, 5 Sep 2019, Ray Hunter (v6ops) wrote:
>
>> IMHO Expected behavior. Many European data protection people consider 
>> an IP(v6) address to be privacy-sensitive personal data. That will 
>> likely mean regular renumbering of IA PD by ISP's as the norm rather 
>> than the exception.
>
> This is the first time I've seen anyone make this claim (I guess 
> related to GDPR). I've gone through GDPR review and talked to others 
> who have done the same, and I from a GDPR point of view there is no 
> reason to renumber on a regular basis. From what I can tell, 
> renumbering at some frequency makes no difference from a GDPR point of 
> view. The addresses are privacy sensitive regardless if you change 
> them frequently or not.
This last sentence is key.

FYI The opinion I read was as follows:

"The same also applies to IP addresses. If the controller has the legal 
option to oblige the provider to hand over additional information which 
enable him to identify the user behind the IP address, this is also 
personal data."

So if the provider intentionally destroys any method of linking an IP 
address to a user behind an address (by regularly renumbering using 
pseudo-random prefixes) then by the opposite argument the IP address 
shouldn't be considered personal data any more.

This is a method that I've also seen used to pseudo-anonymize MAC 
addresses logged via wifi in a building management system. The MAC 
addresses were hashed with a pseudo random key that rotated every day, 
and the key was not stored anywhere. So the location data could be 
tracked accurately for an individual device over a period of 24 hours, 
but the privacy people considered this good enough that the result 
wasn't considered as personal data, because there was no practical way 
to work backwards from the hashed addressed to the movements of an 
individual device carried by an individual person.

I ain't a lawyer.
>
> My experience is that the frequent renumbering is a local market 
> practice that people in that market got used to. As a swedish user, I 
> hadn't heard of this practice until I started talking about these 
> things with people that ran/experienced ISPs in other nations. The 
> defaults are also different.
>
> Some markets have frequent renumbering (some even reset the PPPoE 
> session once per day, which is a flash renumbering eevent), some never 
> renumber unless there is a big network change (I've had the same IPv6 
> prefix now for a year).
>
> The conclusion is that we need to create solutions that handle both 
> these cases.
>
I agree with your conclusion, so the rest is pretty much a moot point 
for Homenet.



-- 
regards,
RayH
<https://www.postbox-inc.com/?utm_source=email&utm_medium=siglink&utm_campaign=reach>

v2.23.0 | Report a Bug | By Email