IETF Logo Mail Archive

Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text

sthaug@nethelp.no Wed, 07 June 2017 12:29 UTC

Return-Path: <sthaug@nethelp.no>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8CCE612EBF7 for <ipv6@ietfa.amsl.com>; Wed, 7 Jun 2017 05:29:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QpuID04D9De8 for <ipv6@ietfa.amsl.com>; Wed, 7 Jun 2017 05:29:38 -0700 (PDT)
Received: from bizet.nethelp.no (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D1C112EBF4 for <ipv6@ietf.org>; Wed, 7 Jun 2017 05:29:38 -0700 (PDT)
Received: from localhost (bizet.nethelp.no [IPv6:2001:8c0:9e04:500::1]) by bizet.nethelp.no (Postfix) with ESMTP id 26BACE6065; Wed, 7 Jun 2017 14:29:36 +0200 (CEST)
Date: Wed, 07 Jun 2017 14:29:36 +0200
Message-Id: <20170607.142936.74725051.sthaug@nethelp.no>
To: ek@google.com
Cc: fredbaker.ietf@gmail.com, markzzzsmith@gmail.com, job@instituut.net, ipv6@ietf.org
Subject: Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text
From: sthaug@nethelp.no
In-Reply-To: <CAAedzxqWqShdneSBVTEN=5b+KsyQdCroOoyviH9AOJKV262xyg@mail.gmail.com>
References: <EB4E2A17-B77F-40B8-B565-B3BBC1E378B3@gmail.com> <20170607.075131.74727436.sthaug@nethelp.no> <CAAedzxqWqShdneSBVTEN=5b+KsyQdCroOoyviH9AOJKV262xyg@mail.gmail.com>
X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/Iy_EmBJUR1tFvtgljVYNtFL4Pgc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 12:29:40 -0000

> > That's precisely the point. I configure fixed addresses typically for
> > servers, and I put the addresses in the DNS. I *want* those addresses
> > to be publically known. Security and privacy is not relevant in this
> > particular case.
> 
> For an authoritative server, sure.
> 
> But if you're a recursive resolver then using privacy addresses while doing
> recursion (and changing the privacy addresses frequently) might indeed be
> very useful.  (In fact: a unique source address per query is wonderful.)

Different strokes for different folks. I'm fine with fixed addresses
for the query sources of my recursive resolvers, and have no plans to
change this. I have no problems with others using a unique source
address per query.

Steinar Haug, AS2116

v2.23.0 | Report a Bug | By Email