IETF Logo Mail Archive

Re: A common problem with SLAAC in "renumbering" scenarios

Jan Zorz - Go6 <jan@go6.si> Fri, 15 February 2019 09:30 UTC

Return-Path: <jan@go6.si>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDD1F130F5F for <ipv6@ietfa.amsl.com>; Fri, 15 Feb 2019 01:30:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=go6.si
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e3Y9-ZSKhWVT for <ipv6@ietfa.amsl.com>; Fri, 15 Feb 2019 01:30:25 -0800 (PST)
Received: from mx.go6lab.si (mx.go6lab.si [IPv6:2001:67c:27e4::23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F437130F28 for <ipv6@ietf.org>; Fri, 15 Feb 2019 01:30:24 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.go6lab.si (Postfix) with ESMTP id A9CD266077; Fri, 15 Feb 2019 10:30:19 +0100 (CET)
X-Virus-Scanned: amavisd-new at go6.si
Received: from mx.go6lab.si ([IPv6:::1]) by localhost (mx.go6lab.si [IPv6:::1]) (amavisd-new, port 10024) with LMTP id mNGZ0t2XpKl4; Fri, 15 Feb 2019 10:30:18 +0100 (CET)
Received: from mail.go6.si (mail.go6.si [IPv6:2001:67c:27e4::61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.go6.si", Issuer "Let's Encrypt Authority X3" (not verified)) by mx.go6lab.si (Postfix) with ESMTPS id 7FA7765E65; Fri, 15 Feb 2019 10:30:18 +0100 (CET)
Received: from haktar.local (unknown [IPv6:2001:67c:27e4:102:ccac:ae35:707c:f432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Jan Zorz", Issuer "COMODO RSA Client Authentication and Secure Email CA" (not verified)) (Authenticated sender: jan) by mail.go6.si (Postfix) with ESMTPSA id 6340D80642; Fri, 15 Feb 2019 10:30:18 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=go6.si; s=mail; t=1550223018; bh=g//chX6XmKwN6HU69f2v/Hsf8EDyq1Fj2sRslGK0oC8=; h=Subject:To:References:From:Date:In-Reply-To:From; b=OV7nmwbsrZril3GZPbEqgUzXNjzxiY+8b0nIWxzifdJiIpzG0UsWovtFwEqRTuNb+ OtCWVcwJA+djNS43qhZrUWmgI5REifiqVg9IvBlVlcod/H0Io2piIFHe9rlPlXhRy4 t9X5tPLXuBTPW5aoblD8KFe842ucYwhP27mGOrfk=
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
To: Christian Huitema <huitema@huitema.net>, ipv6@ietf.org
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <4602.1549908472@localhost> <CAO42Z2w1swQNuwnrOyTCEMXt0NSyrBx7Ww3kUN-7dfEV=fvk3A@mail.gmail.com> <c16e0e1f-1ed2-ad88-80f1-070bdd8bccca@go6.si> <1F2C2AEE-1C7D-481C-BBA7-7E507312C53A@employees.org> <e56a6e5b-648d-200e-c35d-97f15a31fb2a@asgard.org> <CAO42Z2zh7fKAgQJq9aLCTiFoSSsTeGM=pK3gXitg+gcxH=9fhQ@mail.gmail.com> <d38857c2-6e92-91d6-bb5d-d3eeeb61276a@gmail.com> <CAO42Z2yb47OyXk__Sz-kO00pfcBJgLAhff5DF=mpAddR0iCnAA@mail.gmail.com> <2612280f-195a-ae7a-b3b1-9022d9282fa7@foobar.org> <56F813F4-C512-40A9-8A68-1090C76A80F6@consulintel.es> <CAHL_VyCN8kU7qnLOphfGR25-xGBe_p6WeGTkKVXwU5uy5aJ8Dg@mail.gmail.com> <65DB4854-97D2-4C31-A691-2CD93812EF93@consulintel.es> <CAHL_VyCMpCcGkEQu+RV1GRf2QLB-HD0+AOOBV0YhfQ5sbydVzQ@mail.gmail.com> <8CE7A0CD-97D9-46A0-814D-CAF8788F9964@consulintel.es> <e3e0bf2273e04f15b792665d0f66dfe5@boeing.com> <4c5fab33-2bff-e5b5-fc1d-8f60a01a146d@go6.si> <b4525832-9151-20bf-7136-31d87ba6c88d@huitema.net>
From: Jan Zorz - Go6 <jan@go6.si>
Message-ID: <463f15cf-2754-e2e8-609d-dc0f33448c6c@go6.si>
Date: Fri, 15 Feb 2019 10:30:15 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <b4525832-9151-20bf-7136-31d87ba6c88d@huitema.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/3d934LqerXQVo6Cm1oiFbzszDm8>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Feb 2019 09:30:28 -0000

On 15/02/2019 08:57, Christian Huitema wrote:
> 
> On 2/14/2019 1:19 PM, Jan Zorz - Go6 wrote:
>>
>> To augment what many already have said here - it's a tie between IP
>> address and household address and name/surname that should not be
>> public, the address itself is mostly harmless and it doesn't matter if
>> it's static or dynamic. Tracing gets done on L7 and above anyway ;)
> 
> 
> In the current state of the web, if a user gets a new address, the
> various web surveillance mechanisms will associate it with the previous
> user identity and context after maybe a dozen web queries or two. That
> gets better if the user has a strong defensive posture, blocks web
> trackers, etc. But it just takes one cookie, or one login, or some other
> inference, and poof, the surveillance databases know that new_address_X
> is the same user as old_address_Y.
> 
> The case of the household is even worse. It takes only one cookie,
> login, etc, and the surveillance databases will learn that new_prefix_P
> is the same household as old_prefix_Q. Even you run Ghostery or Privacy
> Badger or the latest release of Firefox, you won't escape if you share a
> prefix with someone in your household who doesn't. Or with one of those
> surveillance devices that masquerade as thermostats or light switches or
> voice assistants.

Exactly.

> 
> So that's pretty bleak. If you want defense, you probably want to
> allocate different /64 prefixes to different devices, and change them
> really often. You may not need to change them for every devices -- no
> point providing privacy to the surveillance thermostat. But for your
> laptop, your tablet or your phone, they to change before the
> surveillance advertisers see you access a dozen web pages or two.

/64 for each device is fine. What I'm questioning is if we really need 
to make underlying to be something that was never meant to be if L7 and 
above is broken? I think L7 and above needs to be fixed first and then 
changing of addresses in transport layer can have any effect. Until then 
- let's transport packets in a way that doesn't break often and make 
user grumpy.

To put "lipstick on a pig" is a rhetorical expression, but quite useful 
in our case :) :) :)

Cheers, Jan

v2.23.0 | Report a Bug | By Email