IETF Logo Mail Archive

Re: Address privacy

Tom Herbert <tom@herbertland.com> Wed, 29 January 2020 03:06 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEA3E120152 for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 19:06:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8XYLxTUynkLP for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 19:06:32 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C04AB120130 for <ipv6@ietf.org>; Tue, 28 Jan 2020 19:06:31 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id p23so8294864edr.5 for <ipv6@ietf.org>; Tue, 28 Jan 2020 19:06:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=wLZeATVBPkFSAOXJlaX/3ElJwp16QaQyX2M0WRcXUOg=; b=rhX4QKrXkXQqoU91iJOZZ9HMliA7PDQihxNmuC3/u9woWXkAuoIUiLfhHN81WRu6YD agesEeulPXEdbIM1bzQvO3vTnT1Rxmw4t2GGFmzWIDxLjB5P7LqOZCxbxF4JJpr/qEVF QkKz0xrNd1UR5gxwDgGWipAeUW6gFZQAsjZyE+EQ8oujXGV0gS4xNCvR5gI/vVTv1Zmk USSWW1GYQrDXczdTVBO6FXBkZkzpa4MXOfyiePbkdkjvtigfQsnAtWhklBAac4jUsUkA C9XKTQ4sDyhAn5eR8AEO6F8CsnqV6QdUCr053pknzk2UxltHsz623WJE4RiMzRqsJS1a 9Wtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=wLZeATVBPkFSAOXJlaX/3ElJwp16QaQyX2M0WRcXUOg=; b=VJ6h07BgjuFPAIELdRHzUdy8UJwLQUJKVqoe6LaJ4im6fVHGzCzu+U7vuU9uDQ9Hiw KzYNBlzabnR9QMmesGPse+s9gQf9njwhm+ZfscBoFNbGgExH9EdG4qJXmnSpSZrxqeSg OxbqiyU2gzu/oG9TfMv9lgwFav/xnIlitb3MfcwjBohzr5g5kfA1n0pbPUVYsNGCpGRl kDkpDHK+g4tHQsneUa2xOpO1/In80bqSJTAhzaSXCBgutstCC7jNv3sFZHBcpE3qZ/pP 24uxMDl2sf6yNKokTZfibbLQB+CaTwdpg1/3BYn9HR9d/UGUbw9/gF4NOF4tMQSeFIOb h4zQ==
X-Gm-Message-State: APjAAAWFQYb6XYFZFrF8dg8EHVeGcnpUNUSjWU/Rzixg6z8ruaF2khX1 5xLxBT1D2j65MrYWmU75iqQoT4MkXWOkDWIPskJN2g==
X-Google-Smtp-Source: APXvYqw6SUeeIfXNwVhc0gLg4XM3jJ3807B/4jY8tpBLutPVXskvc0wXLWXrmlRjKQas+eQdDmF0BUWXEg0/cSsVP0s=
X-Received: by 2002:a17:906:c791:: with SMTP id cw17mr5403882ejb.69.1580267190250; Tue, 28 Jan 2020 19:06:30 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <32626.1580060558@localhost> <CALx6S37prWACD0jv9c-XHD-JtPqZAcgeT2Ax0EZHkiQaDR4t=g@mail.gmail.com> <419b7c7a-e364-7951-5a44-6c39e1da65fb@joelhalpern.com> <CALx6S36802oDaEgojAPq2c6hM_s1BayidXPh1Sc6RZmZa9UHpQ@mail.gmail.com> <6c5ba72d-9289-90ba-a1c9-2307ed29a4da@foobar.org> <a98bf2ab-32e7-459b-14d2-5e0e1c65a229@si6networks.com> <CALx6S36J5TPnXJQyMW2NUbQV6KL_oqUQ01m+BEzBJ+xcHpmQWw@mail.gmail.com> <bc0d1eb8-2301-224d-dc33-19f6a60e593e@si6networks.com> <CALx6S34i67ivt8t1P3omRVzsj9NfxY2t41JLjmjT6X0vtBQHKQ@mail.gmail.com> <1fc7816e-6179-28d6-7b11-be2027561a54@si6networks.com> <CALx6S37KXfLE22uHMZTD41+jR7fdZd9PZGqO-r4SE2LehtN=Gg@mail.gmail.com> <2d312ecf-e037-5c24-28d7-2a2c3dc06363@si6networks.com> <CALx6S37A1QzR0PhDUzujXGiB+a-9c1qG4g8TE8KOcxOLKP18TQ@mail.gmail.com> <42900FAF-7FD8-46D8-9831-5B9E520814BB@fugue.com> <CALx6S36f41nbj=2fibt9X2EpDO1Rz6o2Fm-QeNMvUfzPCu10jw@mail.gmail.com> <CAO42Z2xhmmrYqkBYF9PNSEtyRaZs8bdj_5DjYYk8Bc040OGCmw@mail.gmail.com>
In-Reply-To: <CAO42Z2xhmmrYqkBYF9PNSEtyRaZs8bdj_5DjYYk8Bc040OGCmw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 28 Jan 2020 19:06:19 -0800
Message-ID: <CALx6S36TsYAJgD=s=vA=RpwRsPvQYKagnQB8kXp2mABRLP4HoQ@mail.gmail.com>
Subject: Re: Address privacy
To: Mark Smith <markzzzsmith@gmail.com>
Cc: Ted Lemon <mellon@fugue.com>, Fernando Gont <fgont@si6networks.com>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/FMTLPWn1FTslcWMDRx-ZkE8kiEM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 03:06:36 -0000

On Tue, Jan 28, 2020 at 6:01 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>
>
>
> On Wed, 29 Jan 2020, 13:47 Tom Herbert, <tom@herbertland.com> wrote:
>>
>> On Tue, Jan 28, 2020 at 4:35 PM Ted Lemon <mellon@fugue.com> wrote:
>> >
>> > On Jan 28, 2020, at 7:17 PM, Tom Herbert <tom@herbertland.com> wrote:
>> >
>> > It is quantified. If a flow uses a unique address then the risk of
>> > using the address of packets in the flow to correlate to other flows
>> > is zero.
>> >
>> >
>> > Er, no, because the address contains a lot of bits that don’t change.  64, typically.  Those bits can be used to correlate other flows.
>>
>> Addresses might be correlated to a provider, but no correlations can
>> be made between addresses within the provider space so attributing
>> different flows to the same user cannot be done.
>>
>> A NAT device with a
>> large number backend users would exhibit these properties even in
>> IPv4.
>
>
> I think this is assuming that IP addresses are the only way to identify people and their devices
>
> NAT made people resort to much smarter ways that don't rely on IP addresses.
>
> https://panopticlick.eff.org
>
> Internet search for "browser fingerprinting" for other examples.
>
> All we can do, being limited to the IPv6 layer, is improve baseline and default privacy, while also trying to avoid it impacting typical end-user experience. The conservative 24 hour preferred lifetime should cover the maximum length of any typical end-user's transport layer connection.
>
Mark,

I don't understand why 24 hours is considered the preferred lifetime.
Is this based on some empirical or at least theoretical analysis of
the attack vector described in the problem statement. Also it looks
like the default is a carry over from RFC4941 which is over twelve
years old, shouldn't the defaults be reevaluated to see if they are
still reasonable in today's environment (i.e. the capabilities of
would be attackers only increase over time, so what was good enough
twelve years ago might not be good enough today).

Tom

> RFC4291bis is "better than nothing" IID privacy.
>
>
> If an end user wants assured privacy they need to have mechanisms and methods that work at all layers from IPv6 upwards.
>
> That could include running the connection through an application layer anonymising proxy that strips out all possible identifiers at all layers.
>
> To the external destination, the anonymising proxy would be indistinguishable from a single native client.
>
> Ideally the anonymising proxy is reached internally with ULA addresses, and hosts only have ULA addresses. That should mean failing safe if the application layer anonymising proxy fails.
>
>
> Regards,
> Mark.
>
>
>>
>> Tom
>>
>> >
>>
>> --------------------------------------------------------------------
>> IETF IPv6 working group mailing list
>> ipv6@ietf.org
>> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email