IETF Logo Mail Archive

Re: Disabling temporary addresses by default?

Erik Kline <ek.ietf@gmail.com> Thu, 30 January 2020 17:10 UTC

Return-Path: <ek.ietf@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74365120154 for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 09:10:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jeop9AmoX12w for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 09:10:07 -0800 (PST)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAD851200DE for <ipv6@ietf.org>; Thu, 30 Jan 2020 09:10:06 -0800 (PST)
Received: by mail-ot1-x32e.google.com with SMTP id h9so3800352otj.11 for <ipv6@ietf.org>; Thu, 30 Jan 2020 09:10:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jsDJ6iqhnxfA5ktiORM3koqJXLHZAd1xlVrbI3f1m5A=; b=EYu+ueA/fEY1/VBle+X+Z2CJvSihs6d/3U4k/cdTBPiJC5xgg2G3NH+AntTtZOhdSo pAPpYXY5kiNJizhxHTOCtDBmLQEAM/BY9tzTyk6PQ+ivVNuqdZMXHbuwgDZfCxJ2MXTJ BAsPLJiT7MRBFVhIo9/qtFAdjWywOGA6lVfPc2UDlFw6tABaH5Ba9fnYuze6rkfh++jB 9So+GIsygZ+wZsSa1WR4wQqVkk39hiMDs9jYnk4vXx+3qJVNmoA5JjQlRvrl5q4jHlik t9TKe1qxf/r1uW1VD+nbIrMxb/ynDjeDSLWva2ucqOgyyvY9rSYoLjJ8UZVy8TJZVo1C r9OQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jsDJ6iqhnxfA5ktiORM3koqJXLHZAd1xlVrbI3f1m5A=; b=HMaMWBhjJ4ct4HvD0agndR5hLnUdFybqLYYhKqM3rl8SboE2NT+TV/qMIbNesr52hJ /Yr/ss8svbeUHga0VmlgN7Yot801bwmwH6+gNV06XX/TUOPBvWJ3FYsb4tBoxi3RsDjY qOLHrSWMOnJ2yVeezSM96J7i0NVPjDryNJ+krCCPB76hkzTJNIptv17xtrODeOG/BkZx x8aH9hzTOWFOXAqRJrCOGsEZ18nq3nhPTGotPzLh+Z6jOn41LfvJ+d2Wg4DWxQSgYREy o6aCUad/8LucAE8aKlu2/jdBBgP6v5YseEIoJ0fiNOPANaRDXE1fo0INYlQKVlZSnzfL UwHg==
X-Gm-Message-State: APjAAAVs4FXW0RQGrBznXXyiEIVhQ/L2SngJxVqGi2V2vFH7tSJYZON8 ZVn51LLxnb93lxz77kwkdRX7qK7IU1nPLryOWbQ=
X-Google-Smtp-Source: APXvYqyazENEU8+lk6BWGS5ws59Eaxg1Ec1jJGJiYT1RCmJTQN3aWSWih+hSS0KvlwqmYJIQjWH1YsFTK6Y+Ia0mzLU=
X-Received: by 2002:a05:6830:15d7:: with SMTP id j23mr3967835otr.357.1580404206209; Thu, 30 Jan 2020 09:10:06 -0800 (PST)
MIME-Version: 1.0
References: <CAKD1Yr11_SSUkCBuQ3-h+eRg0LPZQdhe+h7f0YZy9TiyRWj6mw@mail.gmail.com> <751D59E0-F60B-4FE1-840F-3FEAB82F618F@huitema.net> <c058863d-9e29-3ddb-a020-0ebadef26ad4@si6networks.com> <CABNhwV0KsKN7LQY2D-BJkCtvB40oZCT65EmOCr0oE56c9g7-aQ@mail.gmail.com> <CAKD1Yr05GqFr1r018qHZev8SB6Gd=zm_45TtuShQH_5PVkXpKw@mail.gmail.com> <90119933-89cf-dbc3-2e7e-434229f38840@foobar.org> <CABNhwV09uiOMG7M5rtktW4S5FeF5DGdDHaaiUD_FES=bHErxMg@mail.gmail.com>
In-Reply-To: <CABNhwV09uiOMG7M5rtktW4S5FeF5DGdDHaaiUD_FES=bHErxMg@mail.gmail.com>
From: Erik Kline <ek.ietf@gmail.com>
Date: Thu, 30 Jan 2020 09:09:54 -0800
Message-ID: <CAMGpriVNFxRqJAFnqjrAjT1MXxp5JB+1Z_VOShhoTej4Uo4mfg@mail.gmail.com>
Subject: Re: Disabling temporary addresses by default?
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: Nick Hilliard <nick@foobar.org>, Lorenzo Colitti <lorenzo=40google.com@dmarc.ietf.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000500f55059d5e87da"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/MYm-zlRr-ISQcIB_5riGWM6cgS0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2020 17:10:08 -0000

On Thu, Jan 30, 2020 at 8:52 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:

>
>
> On Wed, Jan 29, 2020 at 6:26 AM Nick Hilliard <nick@foobar.org> wrote:
>
>> Lorenzo Colitti wrote on 29/01/2020 11:13:
>> > But don't enterprises care about not leaking the habits of their
>> employees?
>>
>> This is only a problem in SLAAC environments where privacy addresses are
>> turned off.  In DHCP environments, the network operator can change
>> endpoint addresses by policy if this is what they want to do.
>>
>
>    Gyan> Enterprises fall into a totally different camp altogether as far
> as “employee” privacy as that is non existent as all traffic is monitored
> to be business related traffic to the extent of web content blocking which
> most all companies implement.   The use of temporary addresses does not
> make sense for enterprises to employ as operations stability and 99.99999%
> available and MTTR( mean time to recovery) is of utmost importance.  By
> disabling the temporary address - simplified the enterprise network
> troubleshooting tremendously as only a single “stable” random address
> exists at all times.  As far as temporary address and “long lived”
> connections for enterprise business critical applications that can all be
> solved by disabling the temporary address..
>

There's difference between "the enterprise can track the employees' work
devices' connections" and "the whole word can track the enterprise's
employees' work devices' connections".  Disabling temporary addresses
altogether is more in the 2nd category.  Temporary addresses + enterprise
logging (on premises' equipment and on the devices themselves) fits
comfortably in the first category.

v2.23.0 | Report a Bug | By Email