IETF Logo Mail Archive

Re: Disabling temporary addresses by default?

Christopher Morrow <christopher.morrow@gmail.com> Wed, 29 January 2020 23:06 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F1DEB120047 for <ipv6@ietfa.amsl.com>; Wed, 29 Jan 2020 15:06:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PCK4GeY9cV_n for <ipv6@ietfa.amsl.com>; Wed, 29 Jan 2020 15:06:51 -0800 (PST)
Received: from mail-qk1-x741.google.com (mail-qk1-x741.google.com [IPv6:2607:f8b0:4864:20::741]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A38212001B for <ipv6@ietf.org>; Wed, 29 Jan 2020 15:06:51 -0800 (PST)
Received: by mail-qk1-x741.google.com with SMTP id h23so1138625qkh.0 for <ipv6@ietf.org>; Wed, 29 Jan 2020 15:06:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ayMY8qzZNoWXNrU64X96hl6qn+gnWW8OIv/EZRy+QCM=; b=SEuNbKvAxT1qOUaAOVcZDJd0X6zm0eTly2+EHxbojMrIF+CKGiqM3lNbF5d//rnDl9 0pa7/bkfLOWZQArNpgNrKQIBE6BdvQ5EbE214i/30AXs0cmp8xl09yTaitTr2YPrXwxm vJytpm/kDU0DcHTt9wSUFJJiDcTeULOdsFFS1Htof/8anXXr+Cjh8HxS43NttUqBq5VW XSuzkYrsOl8XE1KAnQPvaJWtcnF59QAmAnO+iOO6uGQBq1ygSKwtVdV550WWaNxehtE/ RbxxlB08SUnnGHKiwzYTAM/4juZ4gxW7b4FWJmgYpyzGStGS6lr34djlauJeQtnfwWdh BKhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ayMY8qzZNoWXNrU64X96hl6qn+gnWW8OIv/EZRy+QCM=; b=GZu9o0IoRNhyVhiyyyiti7z+qEtow06cdUxsl2/uxNfWMTk9R7qYcAk3nu2GdWwOs/ EtTPbXVY+fV6U1AOxzDKCzr3k2RrIjCMQM/73AM2ReBTxomNAHNdM+KsoASrpfQ+VQKY aH4YevqLgxej1W8MNSBwPO/3T+0ougaShZwmvfTGvJBE/+us+GAUJp8vIXP4AGDbxLQq /56Ji8ry9F7bk59YdZw8lesk/0TimCUvI6iroJYuoHFQELR3iSXZuBzGngNdfikIJS0e XocEpO3cKagKW4PLbjejPuDWj1VlubVS8q61CbFCTNoTI1iKP5K8kTOXDMjqCevIL2pS utOw==
X-Gm-Message-State: APjAAAVYfp+tKIVkV/GmbccQVguEf3RYc0ykcekXpNOoXG0kK2zw4pyV 9+r9Frgc/SDl1R/t0ei0H5+0+0nqYCsKwEWIQME=
X-Google-Smtp-Source: APXvYqzO9XVrjEZIEkqcOJgeP/mP6m5eyQpcLTLD9zDvfDKeGZesePUqhER0yINa+fBUDTcNnYjX5Jph3yDpFZPBFls=
X-Received: by 2002:a05:620a:1401:: with SMTP id d1mr2158878qkj.79.1580339210450; Wed, 29 Jan 2020 15:06:50 -0800 (PST)
MIME-Version: 1.0
References: <CAKD1Yr11_SSUkCBuQ3-h+eRg0LPZQdhe+h7f0YZy9TiyRWj6mw@mail.gmail.com> <751D59E0-F60B-4FE1-840F-3FEAB82F618F@huitema.net> <c058863d-9e29-3ddb-a020-0ebadef26ad4@si6networks.com> <CABNhwV0KsKN7LQY2D-BJkCtvB40oZCT65EmOCr0oE56c9g7-aQ@mail.gmail.com> <CAKD1Yr05GqFr1r018qHZev8SB6Gd=zm_45TtuShQH_5PVkXpKw@mail.gmail.com> <56BD2286-D761-44EF-812B-82BAFB380992@employees.org> <CAKD1Yr23BOEQztLyxu8BF4ivVCmX-Aspv6XfAMUHNR=iDp7uKg@mail.gmail.com> <83FE7A0B-DB50-47CB-85DA-507A33CFCD37@employees.org>
In-Reply-To: <83FE7A0B-DB50-47CB-85DA-507A33CFCD37@employees.org>
From: Christopher Morrow <christopher.morrow@gmail.com>
Date: Wed, 29 Jan 2020 18:06:39 -0500
Message-ID: <CAL9jLaZu_HbU3zv67SvFx3jfWBrZRsf-yKxFxuOSniQOoKLgOQ@mail.gmail.com>
Subject: Re: Disabling temporary addresses by default?
To: otroan@employees.org
Cc: Lorenzo Colitti <lorenzo@google.com>, Fernando Gont <fgont@si6networks.com>, Christian Huitema <huitema@huitema.net>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SQvlUbO70P1GL_tGnw9pE1kKP-o>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 23:06:54 -0000

(I'm going to hate myself in the morning for this, but..)

On Wed, Jan 29, 2020 at 6:54 AM <otroan@employees.org> wrote:
>
> Lorenzo,
>
> > So, are you saying that using temporary addresses does not leak the habits of employees?
> >
> > I'm saying using temporary addresses makes a number of attacks, including cross-site tracking, more difficult, infeasible, or defeatable by the employee or IT admin. If you believe that to be false, you can always try to see if you can get consensus on a document that says that privacy addresses are not useful and declares RFC 4941 historic. :-)
>
> Anything you can cite here?
> Just because you state it does not make it fact.
> After almost 20 years of temporary addressing, it seems there is very little data available.

If we're talking about 'employees' and 'employers' (you can extend
this to the ISP if you like easily enough)
  1) you can see port / mac / neighbor maps on
switches/routers/brouters/swouters  (this gets you a
person/desk/machine)
  2) you can link DNS requests and firewall logs to the IP address(es)
  3) you can be even simpler by just logging the IP src-address on any
'single sign-on' (or access to authenticated corporate resource) to
ensure you mapped the things in 1 correctly
  4) you can sort / sift / alert on that data to your heart's content.

This isn't rocket science... Is there data for this? kinda? there are
products which do this today, One even I think made by the Cisco /
Talos folks for 'idp / ids / exfiltration detection' and similar uses.
Heck, any SEIM today can/does do this work trivially.


Now, extend that to your ISP? sure, same problem, larger userbase and
higher feeds/speeds.

v2.23.0 | Report a Bug | By Email