IETF Logo Mail Archive

RE: draft-gont-6man-managing-privacy-extensions-00.txt

"Dan Wing" <dwing@cisco.com> Thu, 10 March 2011 19:52 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B29953A67FF for <ipv6@core3.amsl.com>; Thu, 10 Mar 2011 11:52:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.57
X-Spam-Level:
X-Spam-Status: No, score=-110.57 tagged_above=-999 required=5 tests=[AWL=0.029, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YPD+mDvKzChT for <ipv6@core3.amsl.com>; Thu, 10 Mar 2011 11:51:58 -0800 (PST)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 6C5A93A696F for <ipv6@ietf.org>; Thu, 10 Mar 2011 11:51:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2375; q=dns/txt; s=iport; t=1299786795; x=1300996395; h=from:to:references:in-reply-to:subject:date:message-id: mime-version:content-transfer-encoding; bh=F8o/LbH6HX5kU1hsw38kcjKMDs8OZu25Ud2LDTKUhS0=; b=Wc4sdC51vXAWUq5n2ELWiyTGyxcSJ34phn2eDlonKy4/zf7bnlmhXkSu zmv3oSkDGPHw5u1S1o1SCfY0svxWmk2pVunzRCTusyU0zptvhmoiCRJjc wDigDagBCjllrtlcbSJI40R8YGbd9B8OH+7bTaHR3MAQmZAeiPV/TIHqL c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AggBAOu6eE2rR7H+/2dsb2JhbACYX4Fki253pUicMYViBIUk
X-IronPort-AV: E=Sophos;i="4.62,297,1297036800"; d="scan'208";a="276847016"
Received: from sj-core-2.cisco.com ([171.71.177.254]) by sj-iport-3.cisco.com with ESMTP; 10 Mar 2011 19:53:13 +0000
Received: from dwingWS ([10.32.240.195]) by sj-core-2.cisco.com (8.13.8/8.14.3) with ESMTP id p2AJrDXq023512; Thu, 10 Mar 2011 19:53:13 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Ran Atkinson' <ran.atkinson@gmail.com>, ipv6@ietf.org
References: <7111FC5F-BC3F-4242-9C3F-037E79894749@gmail.com> <alpine.DEB.1.10.1103091212570.7942@uplift.swm.pp.se> <4D77CBB9.1080702@gmail.com> <233b01cbdef5$8e214550$aa63cff0$@com> <25B3D469-F3DA-4A1D-A462-FEB71FA69485@gmail.com>
In-Reply-To: <25B3D469-F3DA-4A1D-A462-FEB71FA69485@gmail.com>
Subject: RE: draft-gont-6man-managing-privacy-extensions-00.txt
Date: Thu, 10 Mar 2011 11:53:12 -0800
Message-ID: <262e01cbdf5c$ca372cf0$5ea586d0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcvfHCE+bOTkuaBZQTi1E8M4VbAJ/gAP5kmg
Content-Language: en-us
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 19:52:02 -0000

> -----Original Message-----
> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of
> Ran Atkinson
> Sent: Thursday, March 10, 2011 4:10 AM
> To: ipv6@ietf.org
> Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt
> 
> 
> On 10  Mar 2011, at 02:34 , Dan Wing wrote:
> > Nobody wants it removed in corporate deployments, either.
> 
> That statement is far too strong; it simply is not true.
> 
> > Consider for a moment an IPv6-enabled telephone,
> > on the desk of a Very Important Person at a company, ...
> 
> (Laugh.  I don't believe in that untrue example for a second,
> but thanks for the humorous start to my morning.  :-)

Laughing at IPv6, or an IP telephone on someone's desk, or
the combination of the two?

> Oh, and consider that Caller-ID, usually including a full name,
> is already widely deployed in many countries.  It is so
> much simpler just to read the Caller-ID string off of the
> telephone handset.
>
> If one wants to intercept traffic, it is MUCH simpler to intercept
> the SIP traffic -- which is never encrypted in real-world corporate
> deployments because that would make VoIP too hard to debug.

Ergo, we should let it all hang out?

We have many customers which enable encryption on their IP PBXs.
All of our telepresence systems ship with encryption enabled 
by default (both signaling and media).

If you didn't like the SIP example, is SIP the one and only case 
where an IPv6 privacy address is useful?

> > If we don't have IPv6 privacy addresses, we will also soon
> > see NAPT66 (with UDP and TCP port rewriting) in order to
> > achieve the same result as privacy addresses:  trying to
> > obfuscate which host is communicating.
> 
> It seems pretty clear that Fred's NPTv6 is going to be
> deployed in at least some locations, albeit for entirely
> different reasons.  I'm not sure if that meets your
> definition of NAPT66 or not.

It doesn't; NPTv6 does not provide obfuscation of the endpoint,
because it only rewrites the IPv6 prefix.

-d


> Cheers,
> 
> Ran
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email