Re: [6man] Stable privacy addresses (upcoming rev)

Fernando Gont <fgont@si6networks.com> Fri, 30 March 2012 20:20 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C6E821F866A for <ipv6@ietfa.amsl.com>; Fri, 30 Mar 2012 13:20:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TNief0e4rdYi for <ipv6@ietfa.amsl.com>; Fri, 30 Mar 2012 13:20:34 -0700 (PDT)
Received: from srv01.bbserve.nl (unknown [IPv6:2a02:27f8:1025:18::232]) by ietfa.amsl.com (Postfix) with ESMTP id A975721F861D for <ipv6@ietf.org>; Fri, 30 Mar 2012 13:20:34 -0700 (PDT)
Received: from static-qvn-qvu-166143.business.bouyguestelecom.com ([89.81.166.143] helo=[192.168.101.212]) by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1SDiIz-0006Jn-JQ; Fri, 30 Mar 2012 22:20:17 +0200
Message-ID: <4F761589.7090800@si6networks.com>
Date: Fri, 30 Mar 2012 22:20:25 +0200
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: Re: [6man] Stable privacy addresses (upcoming rev)
References: <4F7333F9.9090007@si6networks.com> <4F75AF50.5000308@globis.net> <4F760DC9.8090109@gmail.com>
In-Reply-To: <4F760DC9.8090109@gmail.com>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: Ray Hunter <v6ops@globis.net>, "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Mar 2012 20:20:35 -0000

Brian,

On 03/30/2012 09:47 PM, Brian E Carpenter wrote:
> On 2012-03-31 02:04, Ray Hunter wrote:
> ...
>> The idea being that authorized persons e.g. law enforcement and network
>> managers SHOULD be able to correlate activity at a later date (for legal
>> compliance, logging, fault finding etc.) whilst an attacker or
>> unauthorized person SHOULD NOT.
> 
> If you were a blogger sitting in an Internet cafe in a country governed
> by a repressive regime, you would probably hold a different view.

If the regime controls the local-link, then as far as address-tracking
is concerned, you're toast. -- They could sniff the network and log the
address->MAC mappings, have RAs require you to do DHCPv6 and then have
DHCPv6 assign you a constant address, etc.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492