IETF Logo Mail Archive

Re: A common problem with SLAAC in "renumbering" scenarios

Tom Herbert <tom@herbertland.com> Sat, 16 February 2019 03:07 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C4F7131057 for <ipv6@ietfa.amsl.com>; Fri, 15 Feb 2019 19:07:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F6hIEMGOWjrs for <ipv6@ietfa.amsl.com>; Fri, 15 Feb 2019 19:07:11 -0800 (PST)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D04A3129AA0 for <ipv6@ietf.org>; Fri, 15 Feb 2019 19:07:10 -0800 (PST)
Received: by mail-qt1-x82c.google.com with SMTP id o6so13327528qtk.6 for <ipv6@ietf.org>; Fri, 15 Feb 2019 19:07:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=IfGM3Kxpm2HCdi5KhtoJSW3iGmPZDAr17Y7AtCNp9kU=; b=c2p6ZPHwAv7LW1phtW1CleIAb17x6q3a/iSB1oYvdLMARLmkyUVAWszm1g4/BDp5ds WGtJrKWjUkmKP4YLZtVpreUUWCDlGTYOTWdn6UU6W9gUThenCp5debjdsS76hFJ2WXPz Ijuis9EXpj9dN9IkqAqnHvGZD84uSOAGN5vXpB8uJHQOVxaAW0tuC5AxWb9SM1UPEo8L hP0+lk/PSM26UqGDhBykLLHasxzNAEE3XmSZLslY6pGa3UIo8Y3kSz/b9sylfT78wtLG /P4QodQXtztVTcOWfJS3cMQuX4d5OVkDEJGiJIYgQMdoi5TdiJD6MoOoHemtLvs3JFWJ oTSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=IfGM3Kxpm2HCdi5KhtoJSW3iGmPZDAr17Y7AtCNp9kU=; b=SY9+p+WHPKT0diNwy0FN+mCvQiz/XcMtk8QgT5K7XDoGQDhhTuoxT8t37NO9zF5vi7 +6T1SDV+SngDyrH6+Npbrb1fx8bhBGNFP865Yd8DlSlLD6SFydduiz8Q/FGr3dM/ogoJ wbzWtHTvuv1hOZwMUnwjl8z+MxUqooa8rcZIifDG3v0ELtphnD2sMuY5SnLO6z88lkjH BK76u5qe6d6ZI8PH+vjYtPuEFxRGuHNg0A3swAeM6DQ9n3uphTcWs6siWl30sm5a8iIz ZjDBAErffNF9aqE0uppomOv9KgOCh2O45uEtXJDd2fpYN9M3LxKZRnZBXXJ0OHEyLgdv w9FA==
X-Gm-Message-State: AHQUAuauGE/LIR3HLncu3/V6x/Mo7dgZrpE009FEl+5t4iwl4b5BXxn9 xUQulkboh9hKvqvFAcGKvKx5rZ58WC0lkngkCn6evg==
X-Google-Smtp-Source: AHgI3IZ5xaFdvuZTy/FhOIqCqgJgQBxBCdDrCUOKICyHH/ockOYLexaHyB9Nzu7ojGfiuk79ZJVDzj0XPJvvY8Wzapo=
X-Received: by 2002:aed:3a69:: with SMTP id n96mr10285832qte.246.1550286429654; Fri, 15 Feb 2019 19:07:09 -0800 (PST)
MIME-Version: 1.0
References: <60fabe4b-fd76-4b35-08d3-09adce43dd71@si6networks.com> <4602.1549908472@localhost> <CAO42Z2w1swQNuwnrOyTCEMXt0NSyrBx7Ww3kUN-7dfEV=fvk3A@mail.gmail.com> <c16e0e1f-1ed2-ad88-80f1-070bdd8bccca@go6.si> <1F2C2AEE-1C7D-481C-BBA7-7E507312C53A@employees.org> <e56a6e5b-648d-200e-c35d-97f15a31fb2a@asgard.org> <CAO42Z2zh7fKAgQJq9aLCTiFoSSsTeGM=pK3gXitg+gcxH=9fhQ@mail.gmail.com> <d38857c2-6e92-91d6-bb5d-d3eeeb61276a@gmail.com> <CAO42Z2yb47OyXk__Sz-kO00pfcBJgLAhff5DF=mpAddR0iCnAA@mail.gmail.com> <2612280f-195a-ae7a-b3b1-9022d9282fa7@foobar.org> <56F813F4-C512-40A9-8A68-1090C76A80F6@consulintel.es> <CAHL_VyCN8kU7qnLOphfGR25-xGBe_p6WeGTkKVXwU5uy5aJ8Dg@mail.gmail.com> <65DB4854-97D2-4C31-A691-2CD93812EF93@consulintel.es> <CAHL_VyCMpCcGkEQu+RV1GRf2QLB-HD0+AOOBV0YhfQ5sbydVzQ@mail.gmail.com> <8CE7A0CD-97D9-46A0-814D-CAF8788F9964@consulintel.es> <e3e0bf2273e04f15b792665d0f66dfe5@boeing.com> <4c5fab33-2bff-e5b5-fc1d-8f60a01a146d@go6.si> <2dc2fe13-6799-50ff-01d3-b8d916a55884@si6networks.com>
In-Reply-To: <2dc2fe13-6799-50ff-01d3-b8d916a55884@si6networks.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 15 Feb 2019 19:06:57 -0800
Message-ID: <CALx6S37FJdV70pWpG4mRYcBFAzt=Cc+PPNUb5fh22wmHZT-mAw@mail.gmail.com>
Subject: Re: A common problem with SLAAC in "renumbering" scenarios
To: Fernando Gont <fgont@si6networks.com>
Cc: Jan Zorz - Go6 <jan@go6.si>, 6man <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/TJRlbS2xp95bid1BV1Td_NJPDQM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Feb 2019 03:07:13 -0000

On Fri, Feb 15, 2019 at 6:23 PM Fernando Gont <fgont@si6networks.com> wrote:
>
> On 14/2/19 20:19, Jan Zorz - Go6 wrote:
> > On 14/02/2019 20:30, Manfredi (US), Albert E wrote:
> >> If the prefix is known to be 64 bits wide, and is persistent, that
> >> prefix identifies a household every bit as positively as a persistent
> >> 64-bit IID identifies a device. How come we aren't seeing
> >> recommendations AGAINST persistent prefixes for CPE devices?
> >
> > Because in current state of today generic
> > ISP_provisioning/CPE/host_stack implementations combination it doesn't
> > work properly in real environment.
>
> Yeah, we need to improve what we have. :-)
>
>
>
> > ISPs ASNs and IPv6 traffic gets
> > blacklisted by large content providers that are measuring for broken
> > IPv6 implementations. Happened many times, hence this effort to make
> > situation better :)
> >
> > To augment what many already have said here - it's a tie between IP
> > address and household address and name/surname that should not be
> > public, the address itself is mostly harmless and it doesn't matter if
> > it's static or dynamic. Tracing gets done on L7 and above anyway ;)
>
> Not really. RFC4941 and RFC7721 is actually and argument against that.
>
As does several public incidents where people were tracked on the
Internet by IP address (see ICE tracking illegal immigrants), and law
enforcement's fear of NAT because it creates untrackable addresses
under the right conditions
(https://www.europol.europa.eu/newsroom/news/are-you-sharing-same-ip-address-criminal-law-enforcement-call-for-end-of-carrier-grade-nat-cgn-to-increase-accountability-online).

IP addresses can expose Personally Identifiable Information in
themselves-- the privacy threat is real. There's at least two drafts
on the subject:

draft-herbert-ipv6-prefix-address-privacy-00
draft-nordmark-id-loc-privacy-00

Tom


> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email