IETF Logo Mail Archive

RE: Address privacy

"Manfredi (US), Albert E" <albert.e.manfredi@boeing.com> Mon, 27 January 2020 02:27 UTC

Return-Path: <albert.e.manfredi@boeing.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20601120108 for <ipv6@ietfa.amsl.com>; Sun, 26 Jan 2020 18:27:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=boeing.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m296s-rSKg-V for <ipv6@ietfa.amsl.com>; Sun, 26 Jan 2020 18:27:19 -0800 (PST)
Received: from clt-mbsout-02.mbs.boeing.net (clt-mbsout-02.mbs.boeing.net [130.76.144.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56D9D120106 for <ipv6@ietf.org>; Sun, 26 Jan 2020 18:27:19 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/DOWNSTREAM_MBSOUT) with SMTP id 00R2RHLk003106; Sun, 26 Jan 2020 21:27:17 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=boeing.com; s=boeing-s1912; t=1580092037; bh=DPvR6AsiWgTTYi9WANgKiuWSP9ni3L9+Vd0k/81IF4w=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=fzWs8aQJpz087MxgQ19oQ95LI7u1CtyH37+TORo0qloqUbPSldHYU5GFbFVgn251L hBxujTe1Qrk1ww5cvEgMn5VLf8Ta2woj+zZT467I+JAgDObQuITb7JJYzlQPWTtfEJ BNDbqcJ1VO/ykDw2i81IFPY9CHjZJnq86rjIoQgNuiAsVMO+MjU0VogdlgsVmfE6TH BVzSrBQQqJ0iOlYB4qDxgUyAuVI3bihmtdWaKXr7bXz7YZoRzvjCmcnqslsWGO43sB 1ozBpoperWJ9CgQl2UpV44IktUYEoKybfcrL0iKBsasbtUKphrUd9KMQuIJDxaK2xk iRfLfmt621FlQ==
Received: from XCH16-01-07.nos.boeing.com (xch16-01-07.nos.boeing.com [144.115.65.217]) by clt-mbsout-02.mbs.boeing.net (8.15.2/8.15.2/UPSTREAM_MBSOUT) with ESMTPS id 00R2R99g001994 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=FAIL); Sun, 26 Jan 2020 21:27:09 -0500
Received: from XCH16-01-11.nos.boeing.com (144.115.66.39) by XCH16-01-07.nos.boeing.com (144.115.65.217) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.1.1779.2; Sun, 26 Jan 2020 18:27:07 -0800
Received: from XCH16-01-11.nos.boeing.com ([fe80::a96c:5d85:1337:4323]) by XCH16-01-11.nos.boeing.com ([fe80::a96c:5d85:1337:4323%4]) with mapi id 15.01.1779.002; Sun, 26 Jan 2020 18:27:07 -0800
From: "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>
To: Gyan Mishra <hayabusagsm@gmail.com>
CC: 6man WG <ipv6@ietf.org>
Subject: RE: Address privacy
Thread-Topic: Address privacy
Thread-Index: AQHV1JP7ycwQxSNrF0KUlu4Qtbvij6f+J+mA//+dRvA=
Date: Mon, 27 Jan 2020 02:27:07 +0000
Message-ID: <22615a0472b74c53bb26603abeed2d46@boeing.com>
References: <6f2a8e5a-a4f6-219b-d7c8-ba79ed257785@huitema.net> <233CE79D-B9BF-4335-8568-D178BD10CEAC@puck.nether.net> <CABNhwV2faDm=8t8KqNVJ5rWkU8or=0pyGmN8D8OyWj1S9ujVhg@mail.gmail.com> <CABNhwV2gY71PrjWQBUdtCU2Og_R3QawLNcANgVmov_3vJz4CvQ@mail.gmail.com> <31ec4e557f8846599f1161ccdf86348b@boeing.com> <18573398-e564-d7a4-d35c-fe72f117362b@gmail.com> <CABNhwV2AnPC++SzRSRwPWX_x8hU91cQAdgpvEKVAd8DbU--PcQ@mail.gmail.com>
In-Reply-To: <CABNhwV2AnPC++SzRSRwPWX_x8hU91cQAdgpvEKVAd8DbU--PcQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [144.115.204.6]
x-tm-snts-smtp: EC814911FCF0A567982E67550723BF4AF7942D248D7CADB777839A417222BC0D2000:8
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-TM-AS-GCONF: 00
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/-PPvpYZkdhSnRz1mRbrINlSPrvU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 02:27:21 -0000

From: Gyan Mishra <hayabusagsm@gmail.com> 

On Sun, Jan 26, 2020 at 5:00 PM Brian E Carpenter <mailto:brian.e.carpenter@gmail.com> wrote:

>> The IID is normally set *before* the host generates its Link Local address, which is normally before it starts to listen for RAs from which it will learn the current prefix(es).
>>
>> So you'd have to make the IID for SLAAC independent of the IID for LL (which is of course exactly what RFC4941 does).
>
> Gyan>  Agreed.  So the happy medium achieved for two camps on opposite ends of the spectrum.

Right. My reaction to Brian's response was, "Exactly!" This holds for any new address the OS wants to configure, obviously including, if it wants for any reason, two addresses with the same prefix.

> 1.  End user privacy on mobile device connected at home or 
>
> 2.  End user privacy within an enterprise- non-existent as IT security and availability for mission critical applications -IPv6 stability and tracking ability is the primary objective.

Or, we should add, the end user privacy when he takes his phone or laptop to Starbucks, and uses it while eating a croissant.

Two more points:

Even finding a way to hide the IP source address does not solve this privacy issue. A hacker can monitor destination addresses too, in that Starbucks joint, to see where someone might be, if IIDs were completely permanent.

And the other, less important point, has anyone else noticed that TV shows have finally gotten a bit of a clue about IP addresses? At least some. Used to be that the presumption was, the source IP address, even on the move, identified an individual, so you could obtain his name. I've noticed lately, the IP address identifies where the bad guy is, at the moment. Progress.

(The addresses are still IPv4, sort of, such as 354.939.535.434. Still haven't found the RFC that describes these. Maybe, IPv7.)

Bert

v2.23.0 | Report a Bug | By Email