IETF Logo Mail Archive

Re: Address privacy

Mark Smith <markzzzsmith@gmail.com> Wed, 29 January 2020 02:01 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 255B11200EC for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 18:01:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.497
X-Spam-Level:
X-Spam-Status: No, score=-0.497 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pcHbeHjLNvlp for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 18:01:26 -0800 (PST)
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B6E71200B3 for <ipv6@ietf.org>; Tue, 28 Jan 2020 18:01:26 -0800 (PST)
Received: by mail-ot1-x333.google.com with SMTP id r27so14075728otc.8 for <ipv6@ietf.org>; Tue, 28 Jan 2020 18:01:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=InHgbyx61mYXLoMkQTkAoUVc0So+ZxTNrCWnI7GV/Is=; b=ZfB3TBzb4/pTJGm0LDIv4HvYUS5fp8on8iGGkxI2PInFG3vffQQOE2GKp1LhQsguhf ce5tIxyQNU8OJZMYL/RZONtC9VSWQJDk6iMKZaWx/CFhv1EMS7hG1U3vPEQFFyKUuuDG pH0dD5FiTFS482C5PdkDGumFuJScb9myj0lqsRoJgQE9cxdoC1rV1QKQ7OGs7ppWtSyX pNv5kxPRTkjAC88e8+CHvEx0ZMPAuTrd/zr3Rti3yx3gmOM9uhGJ7OAwhGTGPi31ZCOr dKvKLCRrn13jbrkKQHpvvrWS20l1Y7FU15jCAqxnPcR0tlgBnCtJXU87JT9Aw2dEkPZb 63Yg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=InHgbyx61mYXLoMkQTkAoUVc0So+ZxTNrCWnI7GV/Is=; b=C+5H6K1dFTwStMRwPi5Phm6yeh17AIex7CtAh0SQJ0W1gHWaA0TTqm/S7L20J3zxq9 94X6xP73MNOX7FDsNp1Zlx8a+K61bh7JfJ/wengTfyKnH9mCFnbLpOxJN8yORnntxCKH n8e3TfmWgyzyyv2d8dfg/lLEjvUKWuFraub3X9LJNjRCrB9vtIEBcl8SzLHPpZ546VLs +TvaTFEYZp/9YXjlQyWH+dlH0TtecluDZUJ7lOLv/fkWegEA1JHkoj2Tvik3Yq5Mc7I2 y80ULM9/PZgsUvsZs2iHmQjOGg+kJ/xKj+HMFwjpS8ym7iPNcGO1+NvakeYYXK+y8153 Bh/w==
X-Gm-Message-State: APjAAAXwu+qzcpwtzjiBYinJVg9JXBYgK0BhpmGVI8yinm5rT4rnouUx x+8ukSjfcLsEbtsotq/LGS1ef/9LxtR1F8QTU/I=
X-Google-Smtp-Source: APXvYqy0ROZWUiykEV5RKj+4yDfM+JArJzo0H/D9uI8nXaspMB5B6YIui7MBB5gjAFTMvh+mFfNRWQeNg2sPOYZFRm0=
X-Received: by 2002:a9d:798e:: with SMTP id h14mr18101211otm.257.1580263285913; Tue, 28 Jan 2020 18:01:25 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <32626.1580060558@localhost> <CALx6S37prWACD0jv9c-XHD-JtPqZAcgeT2Ax0EZHkiQaDR4t=g@mail.gmail.com> <419b7c7a-e364-7951-5a44-6c39e1da65fb@joelhalpern.com> <CALx6S36802oDaEgojAPq2c6hM_s1BayidXPh1Sc6RZmZa9UHpQ@mail.gmail.com> <6c5ba72d-9289-90ba-a1c9-2307ed29a4da@foobar.org> <a98bf2ab-32e7-459b-14d2-5e0e1c65a229@si6networks.com> <CALx6S36J5TPnXJQyMW2NUbQV6KL_oqUQ01m+BEzBJ+xcHpmQWw@mail.gmail.com> <bc0d1eb8-2301-224d-dc33-19f6a60e593e@si6networks.com> <CALx6S34i67ivt8t1P3omRVzsj9NfxY2t41JLjmjT6X0vtBQHKQ@mail.gmail.com> <1fc7816e-6179-28d6-7b11-be2027561a54@si6networks.com> <CALx6S37KXfLE22uHMZTD41+jR7fdZd9PZGqO-r4SE2LehtN=Gg@mail.gmail.com> <2d312ecf-e037-5c24-28d7-2a2c3dc06363@si6networks.com> <CALx6S37A1QzR0PhDUzujXGiB+a-9c1qG4g8TE8KOcxOLKP18TQ@mail.gmail.com> <42900FAF-7FD8-46D8-9831-5B9E520814BB@fugue.com> <CALx6S36f41nbj=2fibt9X2EpDO1Rz6o2Fm-QeNMvUfzPCu10jw@mail.gmail.com>
In-Reply-To: <CALx6S36f41nbj=2fibt9X2EpDO1Rz6o2Fm-QeNMvUfzPCu10jw@mail.gmail.com>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Wed, 29 Jan 2020 15:01:13 +1300
Message-ID: <CAO42Z2xhmmrYqkBYF9PNSEtyRaZs8bdj_5DjYYk8Bc040OGCmw@mail.gmail.com>
Subject: Re: Address privacy
To: Tom Herbert <tom@herbertland.com>
Cc: Ted Lemon <mellon@fugue.com>, Fernando Gont <fgont@si6networks.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000cefc42059d3db72e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/GuevcyldlVamSzfolg6sgR2mUWs>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 02:01:28 -0000

On Wed, 29 Jan 2020, 13:47 Tom Herbert, <tom@herbertland.com> wrote:

> On Tue, Jan 28, 2020 at 4:35 PM Ted Lemon <mellon@fugue.com> wrote:
> >
> > On Jan 28, 2020, at 7:17 PM, Tom Herbert <tom@herbertland.com> wrote:
> >
> > It is quantified. If a flow uses a unique address then the risk of
> > using the address of packets in the flow to correlate to other flows
> > is zero.
> >
> >
> > Er, no, because the address contains a lot of bits that don’t change.
> 64, typically.  Those bits can be used to correlate other flows.
>
> Addresses might be correlated to a provider, but no correlations can
> be made between addresses within the provider space so attributing
> different flows to the same user cannot be done.

A NAT device with a
> large number backend users would exhibit these properties even in
> IPv4.
>

I think this is assuming that IP addresses are the only way to identify
people and their devices

NAT made people resort to much smarter ways that don't rely on IP addresses.

https://panopticlick.eff.org

Internet search for "browser fingerprinting" for other examples.

All we can do, being limited to the IPv6 layer, is improve baseline and
default privacy, while also trying to avoid it impacting typical end-user
experience. The conservative 24 hour preferred lifetime should cover the
maximum length of any typical end-user's transport layer connection.

RFC4291bis is "better than nothing" IID privacy.


If an end user wants assured privacy they need to have mechanisms and
methods that work at all layers from IPv6 upwards.

That could include running the connection through an application layer
anonymising proxy that strips out all possible identifiers at all layers.

To the external destination, the anonymising proxy would be
indistinguishable from a single native client.

Ideally the anonymising proxy is reached internally with ULA addresses, and
hosts only have ULA addresses. That should mean failing safe if the
application layer anonymising proxy fails.


Regards,
Mark.



> Tom
>
> >
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email