Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

<> Wed, 11 June 2014 14:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6D9611A0147; Wed, 11 Jun 2014 07:38:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7EDCabqjXAWl; Wed, 11 Jun 2014 07:38:18 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5BCE41A0127; Wed, 11 Jun 2014 07:38:18 -0700 (PDT)
Received: from (unknown [xx.xx.xx.199]) by (ESMTP service) with ESMTP id ED7B32AC892; Wed, 11 Jun 2014 16:38:16 +0200 (CEST)
Received: from Exchangemail-eme2.itn.ftgroup (unknown []) by (ESMTP service) with ESMTP id CD237C8058; Wed, 11 Jun 2014 16:38:16 +0200 (CEST)
Received: from OPEXCLILM23.corporate.adroot.infra.ftgroup ([]) by OPEXCLILH05.corporate.adroot.infra.ftgroup ([]) with mapi id 14.03.0181.006; Wed, 11 Jun 2014 16:38:16 +0200
From: <>
To: Stephen Farrell <>, Dan Wing <>
Thread-Topic: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
Thread-Index: AQHPglNJdwFj/1Pg2EKVA7MlkS7VwJtr/0Dg
Date: Wed, 11 Jun 2014 14:38:16 +0000
Message-ID: <787AE7BB302AE849A7480A190F8B9330016077@OPEXCLILM23.corporate.adroot.infra.ftgroup>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: fr-FR, en-US
Content-Language: fr-FR
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-PMX-Version:, Antispam-Engine:, Antispam-Data: 2014.6.10.215118
Cc: "" <>, Internet Area <>, Joe Touch <>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 11 Jun 2014 14:38:20 -0000


Please see inline.


>-----Message d'origine-----
>De : ietf-privacy [] De la part de
>Stephen Farrell
>Envoyé : samedi 7 juin 2014 15:21
>À : Dan Wing
>Cc :; Internet Area; Joe Touch
>Objet : Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
>Hi Dan,
>On 07/06/14 02:38, Dan Wing wrote:
>> Stephen,
>> It seems NAPT has become IETF's privacy feature of 2014 because
>> multiple users are sharing one identifier (IP address and presumably
>> randomized ports [RFC6056], although many NAPT deployments use
>> address ranges because of fear of compressing log files).  As a
>> former co-chair of BEHAVE it is refreshing to see the IETF embracing
>> NAPT as a desirable feature.
>Embracing seems like significant overstatement to me, but maybe
>that's understandable given how calmly NAT is generally debated.
>NATs have both good and bad properties. The slightly better privacy
>is one of the good ones.
>Recognising that reality is neither embracing nor refreshing IMO,
>nor does it mean NAPT is (un)desirable overall. (That's an argument
>I only ever watch from the side-lines thanks:-)
>> However, if NAPT provides privacy and NAT Reveal removes it, where
>> does that leave a host's IPv6 source address with respect to BCP188?
>> Afterall, an IPv6 address is quite traceable, even with IPv6 privacy
>> addresses (especially as IPv6 privacy addresses are currently
>> deployed which only obtain a new IPv6 privacy address every 24 hours
>> or when attaching to a new network).  If BCP188 does not prevent
>> deployment of IPv6, I would like to understand the additional privacy
>> leakage of IPv4+NAT+NAT_Reveal compared to the privacy leakage of
>> IPv6+privacy_address.
>I'm frankly amazed that that's not crystal clear to anyone who
>has read all 2.5 non-boilerplate pages of the BCP. Or even just
>the last two words of the 1-line abstract (hint: those say "where
>Yes, source addresses leak information that affects privacy. But
>we do not have a practical way to mitigate that. So therefore
>BCP188 does not call for doing stupid stuff, nor for new laws of
>physics (unlike -04 of the draft we're discussing;-)

[Med] FWIW, this draft does not hint solutions but it aims to describe scenarios with problems. I understand you have concerns with privacy but this is not an excuse to abuse and characterize this effort as "stupid". Privacy implications should be assess on a per use case basis (see for example cases where all involved entities belong to same administrative entity). Furthermore, the document (including -04) says the following : "the document does not elaborate whether explicit authentication is enabled or not."

>Adding new identifiers with privacy impact, as proposed here, is
>quite different.

[Med] I have already clarified this point: the scenario draft does not propose any identifier!

>PS: If someone wants to propose what they think is a practical
>way to mitigate the privacy issues with source addresses, please
>write a draft first and then start a separate thread somewhere.
>> -d
>ietf-privacy mailing list