IETF Logo Mail Archive

Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)

Tom Herbert <tom@herbertland.com> Sat, 25 January 2020 19:48 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0078D12007C for <ipv6@ietfa.amsl.com>; Sat, 25 Jan 2020 11:48:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XGzd5C0zmlCT for <ipv6@ietfa.amsl.com>; Sat, 25 Jan 2020 11:48:29 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03D2412001E for <ipv6@ietf.org>; Sat, 25 Jan 2020 11:48:29 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id f8so6613950edv.2 for <ipv6@ietf.org>; Sat, 25 Jan 2020 11:48:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=GPAQgkgvng2UaN3l0mAC46DMW0fgHN7bDGRfhZPGwGo=; b=1ybrogANW+B9GDYgqv25xb2C71hUvlXRmnNxeKlCWHzUv8522Q6/rm/Be6Q+ejzkdg EremB9r6MKpDI1wPlg6TXWkanuX3oG3xNoBU6ClrNLKufede1czSHoxqmg4SB6aoNp07 z74UBDOz2mYNFm8SihsADYXGeTjAewp109/4fFOmXV31Y80OadtP0CVcIvdaSfsprB3b mt+fw/iHx2wRrbN7Fqdp5Pm3LBAL+GKlEMy0rj/lFk6OGSUF7vcU3M6U8oia5CLinCUG kEO+A63sZ1YGMVmbWyWXdrJElDwuBhARgF6pLDRjhAkEWBlyU9DLAVISuI4DhmKHTnQC Bsog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=GPAQgkgvng2UaN3l0mAC46DMW0fgHN7bDGRfhZPGwGo=; b=VzJdMiY3rZ7qOHvLEuW7au1z65hE6iCRmJmZrSYBtmI3pa+cHisKy6OiJRaHLh/pts q+Dc2/40wS4i4FUjPm5d5ddMkXfb+rC1CdwuU4KlYNz4an+BTzT+p8gWyq+NIQYuP1Ko iR9Ya38/HX3Dk/bV0HjLZgUBA0nVWC1wUKEiOGOCloefnMKyxR2LUqG7bVgNuDUN0+MR Oe7TP7ubEutnrigSVsrL0krKGzQfGTBaolqEXEqyIY53Y0dtyHM2EbM2YqSmsjlSpj1A EhqhnldOzthftm2NzvWlbbX/SxRss/bkO6FnM67L9mFGQ8NGjFAnJNKjQV30iQtpaIWK zXLg==
X-Gm-Message-State: APjAAAWwYUATH0tSjHxPHYnx2DhrSweeQTU9Y4NnMXBc0YUjp0J3cVfW iFxBkHZ7vaIOMxdzk74ZSK5IX6oFUAhFoBXXWISBdlmrqg8=
X-Google-Smtp-Source: APXvYqz5tx06r1xyNON4bsEINoBUIovVibnw/7Jdm/jlPMN19JXW9SzYVM848AtLU2Jf0CVclxW6u6sYe6haFYGdVNU=
X-Received: by 2002:a05:6402:3132:: with SMTP id dd18mr8090590edb.118.1579981707393; Sat, 25 Jan 2020 11:48:27 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost>
In-Reply-To: <11855.1579980079@localhost>
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 25 Jan 2020 11:48:16 -0800
Message-ID: <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com>
Subject: Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Ted Lemon <mellon@fugue.com>, 6man WG <ipv6@ietf.org>, Christian Huitema <huitema@huitema.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/4vhcse08bzf-fx9XXNTqtZNHStM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2020 19:48:31 -0000

On Sat, Jan 25, 2020 at 11:21 AM Michael Richardson
<mcr+ietf@sandelman.ca> wrote:
>
>
> Ted Lemon <mellon@fugue.com> wrote:
>     > Another solution that could be useful is to do connections through an
>     > anonymity concentrator that tunnels your flow to the selected server.
>     > The idea here is that your ISP (but it doesn’t have to be your ISP!)
>     > has a bunch of anonymity boxes sitting in their data centers, and when
>     > you want to connect to foo.com <http://foo.com/>, you establish a
>     > connection to the anonymity server.   The anonymity server constructs a
>     > new 5-tuple using its own fixed IP address.   This is effectively a NAT
>     > translation, and of course it can maintain a set of IP addresses large
>
> Except that instead of doing it at layer 4, you do it with IPsec, and extrude
> that /128 to your machine.  This is already a thing :-)
>
>     > Another solution I’ve considered is to have a giant anonymity mesh,
>     > with every ISP’s user participating, and forward flows through this
>     > mesh, treating each customer as an anonymity server.   I think this is
>
> This is also a thing called Tor.
>
Michael,

Doesn't that require that the users must explicitly configure when
they want privacy? I think a general solution should be transparent to
the user and "just works" to ensure their privacy. That in fact is one
of the arguments for NAT. If there is a significantly large enough
pool of users behind a NAT device, then the obfuscation is transparent
to the use and seems to be pretty good privacy (good enough that law
enforcement is concerned about NAT). I suppose a similar effect could
be achieved with a transparent proxy.

You might want to take a look at draft-herbert-ipv6-prefix-address-privacy-00.

Tom

> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email