IETF Logo Mail Archive

Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)

Tom Herbert <tom@herbertland.com> Sun, 26 January 2020 19:51 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 882C8120072 for <ipv6@ietfa.amsl.com>; Sun, 26 Jan 2020 11:51:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ymi7gEn3crkp for <ipv6@ietfa.amsl.com>; Sun, 26 Jan 2020 11:51:30 -0800 (PST)
Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B729B12006E for <ipv6@ietf.org>; Sun, 26 Jan 2020 11:51:29 -0800 (PST)
Received: by mail-ed1-x530.google.com with SMTP id j17so8678947edp.3 for <ipv6@ietf.org>; Sun, 26 Jan 2020 11:51:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=K6WWp1G6Q7o0bIehlcNv9nWFa/LZRtOmKEnn+aHG5HM=; b=f+6iWa31XfP9shZ5yWOfqBJXKk607vR06p4/uQAC2yMnxplyH5hELsAuWtx5BZHmnf 2jgK/fKaZ6FBAfO8Q96fsJto8hjtw8c+JhJL0jBJW+M4QpBiDnl4htD4h7KzRD162LaU m1tZ1lpEfuD7TGTMUuTPWxKrJgkZlj7K8wTp6mt88owfakKNeqzejhx0UQqmG/EnKEOP uAjM/lnf2D9mylDBVu1D/1SZl3jAu1vcmT4ZL+xke1lvXAJ+c/67dYsjlYOjpL+7MBjj OZSJFcGWn7UvdfsWkv5SFVQ9+53x5ATzOtvsFkb2WAKDkdop0+Czuixgz0kp3A3Rg13j w/nA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=K6WWp1G6Q7o0bIehlcNv9nWFa/LZRtOmKEnn+aHG5HM=; b=fCJhGrvyNHkGqGKuxT5SoI5yterJw8LdHKI2Bxl0D7dHvrX2GHuU6f25Wefb+PjDoe edHunq5kbn0FSMtYWf+QujCH6V96Cr47wANYM9ddTAnKMKvJ/xWgh+zv+XZ6liTu7WwA lxFKC3xk1YgXoMUwn9JgwjTCrs+SU7vHKGflQ0T5EqxtMAdZwu1xOGxMmyPqzEcL7KwI nfCF+oVNKcAxuZH6ogcXAq/ul9pV4dHC8l6bvEKQRiZ7zsoFIZPrbwuERceG2tLcndpV CUJI7oOJGRaorOdeyuf+4/Wns+ylTQTGFppsSdBD98Fksk6+LJ7a52vU4KEyDZOp7G1u 7bWA==
X-Gm-Message-State: APjAAAUwTpa930+PrOMMSpV8rcW9o2+XfFrLWF7pIW+yFEpxY7bQOjyu 4kv8L5ndJEwZzlcg9rriwidaDvSz7BkoQ6ChpdDcW3CT
X-Google-Smtp-Source: APXvYqzud1vTCA5ociyM4vBl+M7+VIbc+mzLUVEiHmXJzj8RhOAHioqa7swxLe1AC3edyoNGyJ0CmVv0QVblKTxUJfA=
X-Received: by 2002:a17:906:55d3:: with SMTP id z19mr5843499ejp.304.1580068288018; Sun, 26 Jan 2020 11:51:28 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <32626.1580060558@localhost>
In-Reply-To: <32626.1580060558@localhost>
From: Tom Herbert <tom@herbertland.com>
Date: Sun, 26 Jan 2020 11:51:16 -0800
Message-ID: <CALx6S37prWACD0jv9c-XHD-JtPqZAcgeT2Ax0EZHkiQaDR4t=g@mail.gmail.com>
Subject: Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Do_aRWTvZZFGONhl-xMCsaSUmFU>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jan 2020 19:51:33 -0000

On Sun, Jan 26, 2020 at 9:42 AM Michael Richardson
<mcr+ietf@sandelman.ca> wrote:
>
>
> Tom Herbert <tom@herbertland.com> wrote:
>     >> Except that instead of doing it at layer 4, you do it with IPsec, and extrude
>     >> that /128 to your machine.  This is already a thing :-)
>     >>
>     >> > Another solution I’ve considered is to have a giant anonymity mesh,
>     >> > with every ISP’s user participating, and forward flows through this
>     >> > mesh, treating each customer as an anonymity server.   I think this is
>     >>
>     >> This is also a thing called Tor.
>     >>
>     > Michael,
>
>     > Doesn't that require that the users must explicitly configure when
>     > they want privacy? I think a general solution should be transparent to
>
> Yes, I agree, it requires explicit configuration.
> I agree that this is not a good thing.
>
>     > the user and "just works" to ensure their privacy. That in fact is one
>     > of the arguments for NAT. If there is a significantly large enough
>     > pool of users behind a NAT device, then the obfuscation is transparent
>     > to the use and seems to be pretty good privacy (good enough that law
>     > enforcement is concerned about NAT). I suppose a similar effect could
>     > be achieved with a transparent proxy.
>
> Yes, and I think that more and more LEA will grow ever concerned about this
> situation, and it *is* pushing IPv6 adoption.  So, how can we find a happy medium?
>
>     > You might want to take a look at draft-herbert-ipv6-prefix-address-privacy-00.
>
> An interesting read. I'm not sure where it goes.
>
> I would like Locator/Identifier separation.
> I wanted SHIM6. LISP would work, I think.
> Then privacy needs don't need to screw up efficient routing at the edge.
>
Hi Michael,

The problem of LISP is that it potentially includes a cache in the
operator network that can be driven by downstream untrusted users--
hence there is possibility of DOS attack on the cache (this is the
primary reason why LISP hasn't been accepted into Linux).

What we really want is Identifier/Locator routing that neither
requires per flow state to be maintained in the network nor relies on
caches to get reasonable performance.
draft-herbert-ipv6-prefix-address-privacy suggests crypto functions to
map identifiers to locators at the edge.

Tom


>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email