IETF Logo Mail Archive

Re: Address privacy

Alexandre Petrescu <alexandre.petrescu@gmail.com> Mon, 27 January 2020 15:11 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 119CA12029C for <ipv6@ietfa.amsl.com>; Mon, 27 Jan 2020 07:11:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E2qTdhX4QJMG for <ipv6@ietfa.amsl.com>; Mon, 27 Jan 2020 07:11:23 -0800 (PST)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD5DE120251 for <ipv6@ietf.org>; Mon, 27 Jan 2020 07:11:22 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 00RFBKDg022362 for <ipv6@ietf.org>; Mon, 27 Jan 2020 16:11:20 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 0E9A6206200 for <ipv6@ietf.org>; Mon, 27 Jan 2020 16:11:20 +0100 (CET)
Received: from muguet2-smtp-out.intra.cea.fr (muguet2-smtp-out.intra.cea.fr [132.166.192.13]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 04610206204 for <ipv6@ietf.org>; Mon, 27 Jan 2020 16:11:20 +0100 (CET)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet2-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 00RFBJuI018995 for <ipv6@ietf.org>; Mon, 27 Jan 2020 16:11:19 +0100
Subject: Re: Address privacy
To: ipv6@ietf.org
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <CAD6AjGSSU5oe7BQo78rGXXF0nwT_8YeVPj71jbujkmcEN4PycQ@mail.gmail.com>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <9c52ec15-2a16-48e8-1967-176db010bc13@gmail.com>
Date: Mon, 27 Jan 2020 16:11:19 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <CAD6AjGSSU5oe7BQo78rGXXF0nwT_8YeVPj71jbujkmcEN4PycQ@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/LHTLln3lFwazy8jQCD0IlPPuKlY>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jan 2020 15:11:25 -0000


Le 25/01/2020 à 20:57, Ca By a écrit :
> 
> 
> On Sat, Jan 25, 2020 at 11:48 AM Tom Herbert <tom@herbertland.com 
> <mailto:tom@herbertland.com>> wrote:
> 
>     On Sat, Jan 25, 2020 at 11:21 AM Michael Richardson
>     <mcr+ietf@sandelman.ca <mailto:mcr%2Bietf@sandelman.ca>> wrote:
>      >
>      >
>      > Ted Lemon <mellon@fugue.com <mailto:mellon@fugue.com>> wrote:
>      >     > Another solution that could be useful is to do connections
>     through an
>      >     > anonymity concentrator that tunnels your flow to the
>     selected server.
>      >     > The idea here is that your ISP (but it doesn’t have to be
>     your ISP!)
>      >     > has a bunch of anonymity boxes sitting in their data
>     centers, and when
>      >     > you want to connect to foo.com <http://foo.com>
>     <http://foo.com/>, you establish a
>      >     > connection to the anonymity server.   The anonymity server
>     constructs a
>      >     > new 5-tuple using its own fixed IP address.   This is
>     effectively a NAT
>      >     > translation, and of course it can maintain a set of IP
>     addresses large
>      >
>      > Except that instead of doing it at layer 4, you do it with IPsec,
>     and extrude
>      > that /128 to your machine.  This is already a thing :-)
>      >
>      >     > Another solution I’ve considered is to have a giant
>     anonymity mesh,
>      >     > with every ISP’s user participating, and forward flows
>     through this
>      >     > mesh, treating each customer as an anonymity server.   I
>     think this is
>      >
>      > This is also a thing called Tor.
>      >
> 
> 
> +1, dont re-invent Tor

Re-invent a Tor that's well accepted by society.

Alex

> 
> 
>     Michael,
> 
>     Doesn't that require that the users must explicitly configure when
>     they want privacy? I think a general solution should be transparent to
>     the user and "just works" to ensure their privacy. That in fact is one
>     of the arguments for NAT. If there is a significantly large enough
>     pool of users behind a NAT device, then the obfuscation is transparent
>     to the use and seems to be pretty good privacy (good enough that law
>     enforcement is concerned about NAT). I suppose a similar effect could
>     be achieved with a transparent proxy.
> 
> 
> CGN/NAT logs all your sources and destinations.
> 
> The network operators will say they must do it for LEA compliance.
> 
> But once it is logged and stored it is available for nefarious hackers 
> and big data marketing folks.
> 
> That said, most of you in north america have ipv6 on your phones. Do you 
> feel that behavior of cycling addresses is not sufficient (barring ATT 
> which proxies all HTTP afaik) ?
> 
> 
> 
> 
>     You might want to take a look at
>     draft-herbert-ipv6-prefix-address-privacy-00.
> 
>     Tom
> 
>      > --
>      > Michael Richardson <mcr+IETF@sandelman.ca
>     <mailto:mcr%2BIETF@sandelman.ca>>, Sandelman Software Works
>      >  -= IPv6 IoT consulting =-
>      > --------------------------------------------------------------------
>      > IETF IPv6 working group mailing list
>      > ipv6@ietf.org <mailto:ipv6@ietf.org>
>      > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>      > --------------------------------------------------------------------
> 
>     --------------------------------------------------------------------
>     IETF IPv6 working group mailing list
>     ipv6@ietf.org <mailto:ipv6@ietf.org>
>     Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>     --------------------------------------------------------------------
> 
> 
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email