Re: draft-gont-6man-managing-privacy-extensions-00.txt
Scott W Brim <scott.brim@gmail.com> Sat, 12 March 2011 15:13 UTC
Return-Path: <scott.brim@gmail.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B74F3A69DB for <ipv6@core3.amsl.com>; Sat, 12 Mar 2011 07:13:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.574
X-Spam-Level:
X-Spam-Status: No, score=-103.574 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m8D7-Vf3R0AS for <ipv6@core3.amsl.com>; Sat, 12 Mar 2011 07:13:25 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by core3.amsl.com (Postfix) with ESMTP id 291A73A69BA for <ipv6@ietf.org>; Sat, 12 Mar 2011 07:13:25 -0800 (PST)
Received: by iyi12 with SMTP id 12so490615iyi.31 for <ipv6@ietf.org>; Sat, 12 Mar 2011 07:14:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=9jwHQoLg/evtXTrUZD5ySTFjFO6kjyiJEVu1bByPQjQ=; b=nZ9v2MrxGUNLiqABxcEAsNA2su2rVcZ62APX1RxMg7EJM02pBgDrOZ8/v/ymLvkaYZ 1S6ixK5k/oeyIoX4mj/stjxQr0icJQ+GmiHd49euj4Igb7MuVtYnIIOJteD66Nb+C/xZ 5tukzb7o/dO+iI2+A3n5gtWwZKwrxOfr0nGzA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=qe/M87//dlCFmTYYHcVO4zQHoJO+QApfi+PauWKNFoHHrFzaahpVfmhtshjWcLt+HA bc0nUmD4bMdPXmna6hh3dODcJEno7IoyR7h44YjHYzk9btmFhvBrAKlu28MHNezhEnKk nADP7RMa1i92aiqvkjq+vdGdpisWQQkyk1QdI=
Received: by 10.43.51.65 with SMTP id vh1mr3115668icb.435.1299942885530; Sat, 12 Mar 2011 07:14:45 -0800 (PST)
MIME-Version: 1.0
Received: by 10.42.114.81 with HTTP; Sat, 12 Mar 2011 07:14:25 -0800 (PST)
In-Reply-To: <EF3F736B-777F-4F03-8AB5-62D46452B942@townsley.net>
References: <7111FC5F-BC3F-4242-9C3F-037E79894749@gmail.com> <alpine.DEB.1.10.1103091212570.7942@uplift.swm.pp.se> <4D77CBB9.1080702@gmail.com> <233b01cbdef5$8e214550$aa63cff0$@com> <25B3D469-F3DA-4A1D-A462-FEB71FA69485@gmail.com> <091D1284-99E4-450E-8AFF-7D4C6310D760@apple.com> <78B923726E7D59429936580CF127E943A13E758C27@eu1rdcrdc1wx032.exi.nxp.com> <262f01cbdf5d$607c69f0$21753dd0$@com> <22F6318E46E26B498ABC828879B08D4F0C15B1@TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <EF3F736B-777F-4F03-8AB5-62D46452B942@townsley.net>
From: Scott W Brim <scott.brim@gmail.com>
Date: Sat, 12 Mar 2011 10:14:25 -0500
Message-ID: <AANLkTik4FEfjUjwH4EsVHA6kQRQ+6PcMNEX6=4e6FqM_@mail.gmail.com>
Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt
To: Mark Townsley <mark@townsley.net>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: ipv6@ietf.org, draft-brim-mobility-and-privacy@tools.ietf.org, Christian Huitema <huitema@microsoft.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Mar 2011 15:13:26 -0000
On Fri, Mar 11, 2011 at 08:01, Mark Townsley <mark@townsley.net> wrote: >> On Mar 11, 2011, at 3:32 AM, Christian Huitema wrote: >> >> I'm saying the reasons people are tempted to disable RFC4941 are >> misplaced. >> >> +1 >> >> Consider that if I want privacy and you won't let me use RFC4941, I >> might just make up a new MAC address each time I connect. >> >> Consider also the effect of unique identifiers on tracking. The MAC >> address follows you when you roam. By embedding it in the IPv6 >> address, we are effectively offering a "super cookie" to all web >> services. Is it really what we want? In addition to privacy issues, >> displaying the MAC address allows third parties to track hardware >> purchase, and enables other attacks by providing the data necessary >> for MAC spoofing. In short, it looked like a great idea at the >> time... but wasn't. > > One person's attack is another's targeted ad business case ;-) > > That aside, the considerations proposed in this document may be > relevant to this discussion: > > http://tools.ietf.org/html/draft-brim-mobility-and-privacy-00 - Mark Since you called it out :-) ... I think less in terms of privacy than confidentiality scopes. Privacy is the right to withhold information. Confidentiality is an agreement that a second party will honor your wish for privacy from others, i.e. that information you give them will not be given to others. We give others information all the time, including hardware addresses. Confidentiality issues are at least as important as privacy. Forcing people to reveal information to a larger scope than they wish, i.e. forcing loss of privacy, is a significant issue that must be taken into account by everyone doing protocol work. If we design our systems so that non-privacy addresses used locally must be also be used globally, we are designing away the possibility of both privacy and confidentiality. Requiring an end user to use a MAC or any persistent identifier for all communications with everything else on the Internet is probably illegal in an increasing number of countries around the world. (On the other hand, in some countries it is probably illegal to NOT require it.) However, it's perfectly legitimate to require an identifier within an enterprise -- there is a confidentiality agreement. How can the enterprise get the information it needs without requiring users to give away privacy for other communications? An algorithmic mapping from a hardware identifier to a different one at the enterprise boundary does not solve the problem, because (1) all those problems around non-globalness of addresses/locators/identifiers, and (2) that mapped identifier is also persistent, and usage can be tracked. Blue sky: Could the SP allow privacy addresses, at least for global use, and log its own mappings between privacy addressses and MACs or other persistent identifiers? Then it can always trace back to determine who did what if necessary. Scott
- draft-gont-6man-managing-privacy-extensions-00.txt Ran Atkinson
- Re: draft-gont-6man-managing-privacy-extensions-0… Mikael Abrahamsson
- Re: draft-gont-6man-managing-privacy-extensions-0… huabing yu
- Re: draft-gont-6man-managing-privacy-extensions-0… Mikael Abrahamsson
- Re: draft-gont-6man-managing-privacy-extensions-0… RJ Atkinson
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- Re: draft-gont-6man-managing-privacy-extensions-0… james woodyatt
- Re: draft-gont-6man-managing-privacy-extensions-0… RJ Atkinson
- Re: draft-gont-6man-managing-privacy-extensions-0… Joel M. Halpern
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- RE: draft-gont-6man-managing-privacy-extensions-0… Dan Wing
- Re: draft-gont-6man-managing-privacy-extensions-0… Ran Atkinson
- Re: RE: draft-gont-6man-managing-privacy-extensio… Cameron Byrne
- Re: draft-gont-6man-managing-privacy-extensions-0… james woodyatt
- RE: draft-gont-6man-managing-privacy-extensions-0… Paul Chilton
- RE: draft-gont-6man-managing-privacy-extensions-0… Dan Wing
- RE: draft-gont-6man-managing-privacy-extensions-0… Dan Wing
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… Doug Barton
- Re: draft-gont-6man-managing-privacy-extensions-0… Thomas Narten
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Townsley
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Townsley
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Scott W Brim
- Re: draft-gont-6man-managing-privacy-extensions-0… sthaug
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… Doug Barton
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith
- Re: draft-gont-6man-managing-privacy-extensions-0… Ole Troan
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian E Carpenter
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- RE: draft-gont-6man-managing-privacy-extensions-0… Christian Huitema
- Re: draft-gont-6man-managing-privacy-extensions-0… sthaug
- Re: draft-gont-6man-managing-privacy-extensions-0… Brian Haley
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Mohacsi Janos
- Re: draft-gont-6man-managing-privacy-extensions-0… Yu Hua bing
- Re: draft-gont-6man-managing-privacy-extensions-0… Rémi Després
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Fernando Gont
- Re: draft-gont-6man-managing-privacy-extensions-0… Mark Smith