IETF Logo Mail Archive

RE: [6man] Stable privacy addresses (upcoming rev)

Christian Huitema <huitema@microsoft.com> Sat, 31 March 2012 05:32 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F3DA21F846B for <ipv6@ietfa.amsl.com>; Fri, 30 Mar 2012 22:32:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.048
X-Spam-Level:
X-Spam-Status: No, score=-4.048 tagged_above=-999 required=5 tests=[AWL=2.551, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YqMSyD7X-Kwe for <ipv6@ietfa.amsl.com>; Fri, 30 Mar 2012 22:32:09 -0700 (PDT)
Received: from tx2outboundpool.messaging.microsoft.com (tx2ehsobe002.messaging.microsoft.com [65.55.88.12]) by ietfa.amsl.com (Postfix) with ESMTP id E382F21F85A3 for <ipv6@ietf.org>; Fri, 30 Mar 2012 22:32:06 -0700 (PDT)
Received: from mail49-tx2-R.bigfish.com (10.9.14.247) by TX2EHSOBE003.bigfish.com (10.9.40.23) with Microsoft SMTP Server id 14.1.225.23; Sat, 31 Mar 2012 05:32:04 +0000
Received: from mail49-tx2 (localhost [127.0.0.1]) by mail49-tx2-R.bigfish.com (Postfix) with ESMTP id A624C6024E; Sat, 31 Mar 2012 05:32:04 +0000 (UTC)
X-SpamScore: 0
X-BigFish: VS0(zzzz1202hzzz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC103.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail49-tx2: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=huitema@microsoft.com; helo=TK5EX14MLTC103.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail49-tx2 (localhost.localdomain [127.0.0.1]) by mail49-tx2 (MessageSwitch) id 1333171923364055_30861; Sat, 31 Mar 2012 05:32:03 +0000 (UTC)
Received: from TX2EHSMHS038.bigfish.com (unknown [10.9.14.240]) by mail49-tx2.bigfish.com (Postfix) with ESMTP id 536972C004E; Sat, 31 Mar 2012 05:32:03 +0000 (UTC)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (131.107.125.8) by TX2EHSMHS038.bigfish.com (10.9.99.138) with Microsoft SMTP Server (TLS) id 14.1.225.23; Sat, 31 Mar 2012 05:32:03 +0000
Received: from TK5EX14MBXC272.redmond.corp.microsoft.com ([169.254.2.3]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi id 14.02.0283.004; Sat, 31 Mar 2012 05:32:03 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Fernando Gont <fgont@si6networks.com>, Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: RE: [6man] Stable privacy addresses (upcoming rev)
Thread-Topic: [6man] Stable privacy addresses (upcoming rev)
Thread-Index: AQHNDPsLlDIhpBxAmkyyyMolypoNkZaC0UIAgABwn4CAAAk9gIAAmOCQ
Date: Sat, 31 Mar 2012 05:32:02 +0000
Message-ID: <C91E67751B1EFF41B857DE2FE1F68ABA03CDAA08@tk5ex14mbxc272.redmond.corp.microsoft.com>
References: <4F7333F9.9090007@si6networks.com> <4F75AF50.5000308@globis.net> <4F760DC9.8090109@gmail.com> <4F761589.7090800@si6networks.com>
In-Reply-To: <4F761589.7090800@si6networks.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.37]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: Ray Hunter <v6ops@globis.net>, "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Mar 2012 05:32:13 -0000

> If the regime controls the local-link, then as far as address-tracking is concerned, you're toast. -- They could sniff the 
>network and log the address->MAC mappings, have RAs require you to do DHCPv6 and then have DHCPv6 assign you a
 > constant address, etc.

The obvious solution is to randomize the MAC address, and I would definitely want to do that when visiting untrusted networks. 

Of course, randomizing the MAC address is necessary but not sufficient. There are many other ways in which our computer leak information. DHCP messages, for example, contains names and other identifiers. Computers connecting to a network issue a flurry of DNS lookups that can make for good signatures. Etc.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email