Re: draft-gont-6man-managing-privacy-extensions-00.txt

On Wed, 09 Mar 2011 14:32:45 -0500
"Joel M. Halpern" <jmh@joelhalpern.com> wrote:

> I would observe that we have multiple documents which note the 
> importance of traceability for "problem" resolution.  Treating privacy 
> as an all-or-nothing thing is probably a misleading perspective.
> It is extremely likely that privacy addresses, and their bindings to 
> homes or office desktops, will be logged.  I would hope that said logs 
> will be handled in a manner that preserves privacy in the normal course 
> of events.
> 
> Pretending that such things will not happen strikes me as even sillier 
> than assuming that a malicious host will cooperate with some unenforced 
> flags.
> 

I also think there is a fundamentally incorrect assumption is being
made - that IPv6 addresses and humans are tightly coupled. An IPv6
address identifies an end-node, and the traffic to or from it, but does
not always identify the human that caused that traffic to occur. If you
truly need auditable access/traffic logs, you need to identify the
human at the time via "human-facing" authentication methods e.g.
802.1x.

IOW, machines (and their IPv6 addresses) aren't really the security
threat, it's the people behind them.

Regards,
Mark.

> Yours,
> Joel
> 
> On 3/9/2011 2:17 PM, RJ Atkinson wrote:
> >
> > On 09  Mar 2011, at 13:49 , Brian E Carpenter wrote:
> >> On 2011-03-10 00:17, Mikael Abrahamsson wrote:
> >>>
> >>> I don't think it solves what it thinks it solves, but if this REALLY
> >>> should be implemented, it's my initial thinking that the H flag should
> >>> be a MUST demand to only have ONE and only one MAC-based IPv6 address
> >>> according to EUI64. I would appreciate some reasoning in the draft why
> >>> this was chosen as a SHOULD option.
> >>
> >> For the reason I just gave against the disable-private flag: this
> >> violates the host's right to use an untraceable address.
> >
> > (Hardware I am familiar with is not sentient.  So I don't know
> > what it means to talk about the rights of a host, as above ---
> > I'll assume the meaning is that human users have privacy rights. :-)
> >
> >> It may be that in corporate deployments, that right can be removed.
> >
> > At least within the US, I am told that multiple courts have ruled
> > that when an employee is using employer-owned equipment attached
> > to an employer-owned network, then a reasonable expectation of
> > privacy does not exist.  My examples and discussion have solely
> > focused on this "corporate deployment" scenario.
> >
> > [ASIDE:  I am also told that the courts have ruled differently with
> > respect to people accessing the Internet from their own home when
> > using their own equipment.]
> >
> > [ASIDE: Of course the IETF is global; legal systems vary from one place
> > to another.  So the above is intended narrowly as a practical example. :-]
> >
> >> But removing it for public subscribers would be a political blunder.
> >
> >
> > Earlier, I specifically noted that the privacy issue ought to be
> > discussed in the Security Considerations section of (any) I-D on
> > this topic, in (2A) and (2B) of this previous list email:
> >
> > 	<http://www.ietf.org/mail-archive/web/ipv6/current/msg13489.html>
> >
> > Cheers !
> >
> >
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------