IETF Logo Mail Archive

Re: Why /64

Peter Dordal <pld@cs.luc.edu> Mon, 28 October 2013 17:14 UTC

Return-Path: <pld@cs.luc.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 356F711E8292 for <ipv6@ietfa.amsl.com>; Mon, 28 Oct 2013 10:14:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_51=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3a3tDN3AJZGo for <ipv6@ietfa.amsl.com>; Mon, 28 Oct 2013 10:14:47 -0700 (PDT)
Received: from lukasiewicz.cs.luc.edu (lukasiewicz.cs.luc.edu [147.126.65.57]) by ietfa.amsl.com (Postfix) with ESMTP id 48A0311E8282 for <ipv6@ietf.org>; Mon, 28 Oct 2013 10:14:41 -0700 (PDT)
Received: from [10.0.0.5] (ulam2 [147.126.65.47]) by lukasiewicz.cs.luc.edu (Postfix) with ESMTPA id EDF956A237; Mon, 28 Oct 2013 12:14:39 -0500 (CDT)
Message-ID: <526E9B7F.3020004@cs.luc.edu>
Date: Mon, 28 Oct 2013 12:14:39 -0500
From: Peter Dordal <pld@cs.luc.edu>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Jeroen Massar <jeroen@massar.ch>
Subject: Re: Why /64
References: <20131021224346.32495.64932.idtracker@ietfa.amsl.com> <E0F0D3DE-D31B-4CC2-9384-DFEBCCB8F557@ecs.soton.ac.uk> <EMEW3|9f43bef2fe7433173858819bd0eeee2dp9OKUJ03tjc|ecs.soton.ac.uk|E0F0D3DE-D31B-4CC2-9384-DFEBCCB8F557@ecs.soton.ac.uk> <526AC8AF.4060608@si6networks.com> <8C48B86A895913448548E6D15DA7553BA7B978@xmb-rcd-x09.cisco.com> <CAKD1Yr0q2dY041CMarFfTZZx6=qHC-eJ+74qgiHP-dt7+ga7yg@mail.gmail.com> <526CDC59.4070204@massar.ch> <CAKD1Yr0_anudWNpWRkvMGvD_pvyEscnuqEsPUy4YNm3e9Hue9g@mail.gmail.com> <CAPv4CP9k_J2GCOFhTCBz3U-nQmCWSjc4nceexaWwYZ-nDMpJmw@mail.gmail.com> <CAKFn1SG1PC_kA-pO5Or8VyeaOzvLfpmQe0LiiYkXU_HzNqGzCQ@mail.gmail.com> <526E250E.5050607@massar.ch> <CAKD1Yr1evbMf1pD4yBrZyvF2XLXGOre3bHDB0gOZTLme7vnh2A@mail.gmail.com> <526E267E.2070705@massar.ch> <CAKD1Yr1K+4H+Gq9dWK-tVJu_3_pw+q7Q1owGz69eg6jy--XN5A@mail.gmail.com> <526E2A56.7070503@massar.ch> <CAKD1Yr3quaLS8zmDuf301MHL_y+uLQg0UfAEU+Kk-hwfv0oqtw@mail.gmail.com> <526E2E0C.904@massar.ch>
In-Reply-To: <526E2E0C.904@massar.ch>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Tue, 29 Oct 2013 04:09:38 -0700
Cc: Peter Dordal <pld@cs.luc.edu>, "<ipv6@ietf.org>" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Oct 2013 17:33:07 -0000

On 10/28/2013 04:27 AM, Jeroen Massar wrote:
> See my other messages: IPv6 Privacy addresses are a myth, they do not
> work. You can track people even when you just see IP addresses and
> ignore the upper layers. The upper layers just make it easier.
>
> Greets,
>   Jeroen
>
>
In what sense exactly is this claim meant?I agree that "privacy"
addresses are in many scenarios not all that private,
but I am not sure that makes them useless.

1. Suppose I connect both at work and home; each site has
a different /64 prefix. I do not want anyone to correlate my work
and home traffic. Assume I am either not using http, or I erase
cookies frequently; higher layers are not exposing me in any
"obvious" way.

If I use SLAAC at both sites, using the same EUI-64 identifier
as my low-order bits, then this gives me away.

How else can I avoid this besides using privacy addresses?

2. Suppose I connect to two different remote sites, A and B,
while at work. I don't want someone reviewing the logs at A and B
to know the same host made both these connections.

There are thousands of others at my same workplace using the
same /64 prefix; an outside observer will not be able to infer
that the same person connected to A and B from the prefix alone.

I want to choose different IPv6 addresses at my end
for each of these connections, differing of course only in the
low-order bits. Again I use SLAAC. How do I create
the second IPv6 address except by using privacy addresses?



Peter Dordal
Loyola University Chicago

v2.34.0 | Report a Bug | By Email | System Status