Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>

Eliot Lear <> Wed, 18 April 2012 09:38 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C915F21F85DF for <>; Wed, 18 Apr 2012 02:38:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -110.55
X-Spam-Status: No, score=-110.55 tagged_above=-999 required=5 tests=[AWL=0.049, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5j3hF3But-Gy for <>; Wed, 18 Apr 2012 02:38:08 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5BE9321F8566 for <>; Wed, 18 Apr 2012 02:38:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1812; q=dns/txt; s=iport; t=1334741888; x=1335951488; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=YOR3iTBcTCuuwBc+FbMHhaD+1mZR5tExADvdbi5wMpo=; b=Xh9vVp4oNCIP/04y5b9OZ/b7RwA8Gg50+WJ+E4QuuYaGcAuXNztCXTvw EkCU9KpwTmQciJl+JdQ0cFT7FlpS9l09ZjkXvlcFvol0cBYDDG19RB+la x/RW76sJEzxDUKlgm0mfdE9OYtXuAJo58kx5PP7ekzAcMITtYx7Tg36xq g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="4.75,441,1330905600"; d="scan'208";a="135504857"
Received: from ([]) by with ESMTP; 18 Apr 2012 09:37:58 +0000
Received: from ( []) by (8.14.3/8.14.3) with ESMTP id q3I9bv6L003564; Wed, 18 Apr 2012 09:37:58 GMT
Message-ID: <>
Date: Wed, 18 Apr 2012 11:37:57 +0200
From: Eliot Lear <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0) Gecko/20120327 Thunderbird/11.0.1
MIME-Version: 1.0
To: Fernando Gont <>
Subject: Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>
References: <> <> <>
In-Reply-To: <>
X-Enigmail-Version: 1.4
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: 6man Chairs <>, IPv6 WG Mailing List <>, Bob Hinden <>
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 18 Apr 2012 09:38:12 -0000

Dear Fernando,

My apologies for the delayed response:

On 4/13/12 2:31 PM, Fernando Gont wrote:
> hI, Eliot,
> On 04/13/2012 10:09 AM, Eliot Lear wrote:
>> At one point you write that the intent is to replace EUI-64-based
>> addresses (Section 5).  
> Exactly.
>> But that doesn't seem to jibe with what you
>> write in the intro about RFC-4941.  
> Could you please cite the "conflicting" text?

Yes, I'm looking at the quoted paragraphs (I'm not quite sure from where
you're quoting):
>      As noted in [RFC4941], "anytime a fixed identifier is used in
>       multiple contexts, it becomes possible to correlate seemingly
>       unrelated activity using this identifier".  Therefore, since
>       "privacy addresses" [RFC4941] do not eliminate the use of fixed
>       identifiers for server-like functions, they only *partially*
>       mitigate the correlation of host activities (see Section 7 for
>       some example attacks that are still possible with privacy
>       addresses).  Therefore, it is vital that the privacy

And so on.  In essence you set up an argument against 4941 but that
isn't really your argument for the draft and so I don't really know what
it's doing there.  But perhaps that's not as important as this:

>> I am concerned that adopting this
>> mechanism will make matters worse if this mechanism is being used as an
>> alternative to CGAs, as opposed to EUI-64s..
> I don't follow. Could you clarify your concern?

You argue that this is an alternative to EUI-64s.  But in practice I am
concerned that people will not use this as an alternative to EUI-64s,
but instead as an alternative to CGAs, thus improving tracibility (not
generally a good thing).  Please explain what I'm missing (I'm sure it's
a lot).