Re: I-D Action: draft-ietf-6man-ipv6-address-generation-privacy-01.txt
Fernando Gont <fgont@si6networks.com> Sat, 15 February 2014 00:45 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F9BC1A0047 for <ipv6@ietfa.amsl.com>; Fri, 14 Feb 2014 16:45:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VPF2mmGb4EAx for <ipv6@ietfa.amsl.com>; Fri, 14 Feb 2014 16:45:49 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id A81971A000C for <ipv6@ietf.org>; Fri, 14 Feb 2014 16:45:49 -0800 (PST)
Received: from [2001:5c0:1400:a::dfb] by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.82) (envelope-from <fgont@si6networks.com>) id 1WETO3-0001g2-AK; Sat, 15 Feb 2014 01:45:43 +0100
Message-ID: <52FEB7DA.7070506@si6networks.com>
Date: Fri, 14 Feb 2014 21:42:02 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Christian Huitema <huitema@microsoft.com>, Alissa Cooper <alissa@cooperw.in>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: I-D Action: draft-ietf-6man-ipv6-address-generation-privacy-01.txt
References: <20140214184335.29433.45425.idtracker@ietfa.amsl.com> <CF23A554.13ED6%alissa@cooperw.in> <C91E67751B1EFF41B857DE2FE1F68ABA3DFC18C5@TK5EX14MBXC302.redmond.corp.microsoft.com> <52FE95ED.7090900@si6networks.com> <C91E67751B1EFF41B857DE2FE1F68ABA3DFC1CB3@TK5EX14MBXC302.redmond.corp.microsoft.com>
In-Reply-To: <C91E67751B1EFF41B857DE2FE1F68ABA3DFC1CB3@TK5EX14MBXC302.redmond.corp.microsoft.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/VT0ltwekt1KBIfQ3s9Ej0yzVWk8
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Feb 2014 00:45:52 -0000
Hi, Christian, On 02/14/2014 09:23 PM, Christian Huitema wrote: >> >> I personally have no issues. My only "concern" is that if we start >> discussing IDs other than the IPv6 addresses, we might later >> discuss e.g. layer-7 stuff. Not that layer-2 and layer-7 privacy >> issues are uninteresting.. but rather than the more focused we >> stay, the more tractable the problem is. > > I would not want to discuss in an IPv6 draft the precise mechanics of > changing MAC addresses, or the policy controls to make avoid nasty > side effects. I would like to see a simple issue debated: "assuming > that the host administrator has programmed the host to change its MAC > address before visiting network X, can we guarantee that the IPv6 IID > does not leak information about the identity of the host." My simple answer would be "Depends on the algorithm employed to generated the IID". For example, if you do the traditional SLAAC IIDs, "randomizing the MAC adress" would essentially mitigate the privacy/security issues related with IPv6 addressing. OTOH, if the node implements Microsoft's scheme (randomized but constant IIDs along the life of the node), then I'd expect to randomized MACs to just mitigate the MAC-tracking issue. (I don't think they regenerate the IID when the NIC is replaced.. buy I might be wrong). P.S.: While we won't be able to commit any of these before the IETF meeting, I will craft some text and post it here for discussion asap. Thanks! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- I-D Action: draft-ietf-6man-ipv6-address-generati… internet-drafts
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Alissa Cooper
- RE: I-D Action: draft-ietf-6man-ipv6-address-gene… Christian Huitema
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Fernando Gont
- RE: I-D Action: draft-ietf-6man-ipv6-address-gene… Christian Huitema
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Fernando Gont
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Mark ZZZ Smith
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Fernando Gont
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Mark ZZZ Smith