Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>

Dominik Elsbroek <dominik.elsbroek@gmail.com> Fri, 20 April 2012 11:38 UTC

Return-Path: <dominik.elsbroek@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 147D321F865B for <ipv6@ietfa.amsl.com>; Fri, 20 Apr 2012 04:38:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I-ehDy-WC3lG for <ipv6@ietfa.amsl.com>; Fri, 20 Apr 2012 04:38:29 -0700 (PDT)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4AEF821F8648 for <ipv6@ietf.org>; Fri, 20 Apr 2012 04:38:29 -0700 (PDT)
Received: by iazz13 with SMTP id z13so16236631iaz.31 for <ipv6@ietf.org>; Fri, 20 Apr 2012 04:38:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=btR6Y+xjNM1lpEBMlVY9xX3EFbCoHDOHabYBiLNAbGk=; b=XKZpxpqSedy4NjTKZmDV9rRJFJENYpq+cmkyCLf3ubUdCLEqVLJzKXgd7yU6EsT0Vp pwC+3X3jDHxdHm0Xaga5xJrMXekAKw022zIE1F7Nm8vSxTRkVwMZf8G/rYJ7Eq0MHFPP 5SEsQ+q4SboJL1+3S+UzYzJGfpmPiZ4N3SJaLV+VJsU7Kz70t20t7q+VrKJxARt53tv7 mmG5E0JmjXqdF3U2+WVGRBwQnGlSYejf/Q+pFj82jEyrLJG+E/Z5Wmi5Brbt2Cw68SYY VPKe+ENFnPHaSn5Ffp+SverLXqry+ocN6AcRpU90iTqU5ERA1d6BpKxVSrpOHmPZev1E ICsg==
MIME-Version: 1.0
Received: by 10.50.94.234 with SMTP id df10mr5593973igb.31.1334921908988; Fri, 20 Apr 2012 04:38:28 -0700 (PDT)
Received: by 10.50.33.74 with HTTP; Fri, 20 Apr 2012 04:38:28 -0700 (PDT)
In-Reply-To: <4F9072E5.7060906@si6networks.com>
References: <E7607B61-9889-43A9-B86B-133BD4238BA2@gmail.com> <4F87DF53.7030009@cisco.com> <4F881C9A.3050908@si6networks.com> <4F8E8B75.4030605@cisco.com> <4F8EE130.8070903@si6networks.com> <4F901471.3070802@cisco.com> <4F9072E5.7060906@si6networks.com>
Date: Fri, 20 Apr 2012 13:38:28 +0200
Message-ID: <CAAVMDnXLoKFsHYvav+Yd8puo9ePEcPvKSZYsyv9=GzRcODHopw@mail.gmail.com>
Subject: Re: Consensus call on adopting: <draft-gont-6man-stable-privacy-addresses-01>
From: Dominik Elsbroek <dominik.elsbroek@gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: 6man Chairs <6man-chairs@tools.ietf.org>, Bob Hinden <bob.hinden@gmail.com>, IPv6 WG Mailing List <ipv6@ietf.org>, Eliot Lear <lear@cisco.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Apr 2012 11:38:33 -0000

Personally I support this draft. But would like to see stable privacy
enhanced addresses as a replacement for IEEE-based addresses since
they allow an attacker to infer to the vendor of a NIC. On OUIs of
Apple Inc. they also allow conclusion to the operating system.

Thus an attacker gets more information by an IPv6 address than they
should in my opinion.

Cheers,
Dominik


On Thu, Apr 19, 2012 at 22:17, Fernando Gont <fgont@si6networks.com> wrote:
> On 04/19/2012 10:34 AM, Eliot Lear wrote:
>>> It's not an argument against RFc4941, but rather an argument that even
>>> with RFC4941, you still need to do something about the IEEE-based IIDs.
>>> At the Paris IETF, some folks argued that if you have RFC 4941 in place,
>>> you don't need draft-gont-6man-stable-privacy-addresses. Section 7 of
>>> draft-gont-6man-stable-privacy-addresses (which should be an Appendix,
>>> rather than a section in the main body of the document) illustrates that
>>> that's not the case: even if you're employing RFC4941, you're still
>>> subject to host-scanning attacks and host tracking.
>>
>> Well, host scanning at least.  Host tracking depends on the implementation.
>
> Not sure what you mean. If you don't do
> draft-gont-6man-stable-privacy-addresses, you do either IEEE-derived
> IIDs, or the randomized-but-stable-across-networks Windows IIDs. -- And
> as long as you have stable-across-networks IIDs, you can be tracked.
>
>
>>> How do you arrive to the conclusion that people might want to use this
>>> instead of CGAs??
>>>
>>> As noted in the I-D tihs mechanism is meant to be a replacement for IIDs
>>> based on IEEE identifiers. This is orthogonal to RFC4941 and orthogonal
>>> to CGAs.
>>
>> I know what you mean.  That matters less than how other people make use
>> of the work.
>
> We can't produce specs for people that cannot read and understand specs.
> draft-gont-6man-stable-privacy-addresses solves a real and existing problem.
>
> To me, "people using draft-gont-6man-stable-privacy-addresses instead of
> CGAs" makes as much sense as "people using
> draft-gont-6man-stable-privacy-addresses instead of TCP" -- I don't even
> know how that might happen, and I've not heard your reasoning of why
> that might happen.
>
> Cheers,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------