RE: 3484bis and privacy addresses
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Thu, 05 April 2012 07:01 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC9911E80F8 for <ipv6@ietfa.amsl.com>; Thu, 5 Apr 2012 00:01:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oZMLMIuuvDT for <ipv6@ietfa.amsl.com>; Thu, 5 Apr 2012 00:01:39 -0700 (PDT)
Received: from bgl-iport-1.cisco.com (bgl-iport-1.cisco.com [72.163.197.25]) by ietfa.amsl.com (Postfix) with ESMTP id 583D011E80AB for <ipv6@ietf.org>; Thu, 5 Apr 2012 00:01:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=tireddy@cisco.com; l=10136; q=dns/txt; s=iport; t=1333609298; x=1334818898; h=mime-version:subject:date:message-id:in-reply-to: references:from:to:cc; bh=Prx8nTOFJYivrW0wbXQUym+j4gTvnz+IVd2vV/PoWvM=; b=HoREjPc7qH9DhEdVg/a/H/vdO1RyU8uufHcPtYeSxN529J7mJHLp5orc A4OtH8BXJA9mvxT/o0wDSvQF6BAX4+swa0SChpy1sQ2j4UZxXZew28f4d bnYEB2Y2aAs1D4iD2/4Yv6v/gZ5oOdW+zFC31L+28s33YdvBnBWC8+Z8P g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AqAEAF5CfU9Io8UY/2dsb2JhbAA7AQmCRrcZggkBAQEEEgEJEQNJEAIBCBEEAQELBhcBBgFFCQgBAQQBCgYCCBqHbAubQJ9kiwkBhGJjBIhXjiKNOYFpgm82gRYX
X-IronPort-AV: E=Sophos;i="4.75,374,1330905600"; d="scan'208,217";a="9329834"
Received: from vla196-nat.cisco.com (HELO bgl-core-1.cisco.com) ([72.163.197.24]) by bgl-iport-1.cisco.com with ESMTP; 05 Apr 2012 07:01:36 +0000
Received: from xbh-bgl-412.cisco.com (xbh-bgl-412.cisco.com [72.163.129.202]) by bgl-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id q3571ast016278; Thu, 5 Apr 2012 07:01:36 GMT
Received: from xmb-bgl-41b.cisco.com ([72.163.129.217]) by xbh-bgl-412.cisco.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 5 Apr 2012 12:31:36 +0530
X-MimeOLE: Produced By Microsoft Exchange V6.5
x-cr-hashedpuzzle: CB5M CQ0H ELko EVSi Ejxt G0BQ HtRS IXOw RY25 RzWc R7ow Wxtg Xlqh Ydil ZrKk aPKt; 3; YgByAGkAYQBuAEAAaQBuAG4AbwB2AGEAdABpAG8AbgBzAGwAYQBiAC4AbgBlAHQAOwBpAHAAdgA2AEAAaQBlAHQAZgAuAG8AcgBnADsAcgBhAHkALgBoAHUAbgB0AGUAcgBAAGcAbABvAGIAaQBzAC4AbgBlAHQA; Sosha1_v1; 7; {6906F1D6-4174-4B4B-A023-D68BE76C5779}; dABpAHIAZQBkAGQAeQBAAGMAaQBzAGMAbwAuAGMAbwBtAA==; Thu, 05 Apr 2012 06:59:12 GMT; UgBFADoAIAAzADQAOAA0AGIAaQBzACAAYQBuAGQAIABwAHIAaQB2AGEAYwB5ACAAYQBkAGQAcgBlAHMAcwBlAHMA
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CD12F9.F0E426DA"
x-cr-puzzleid: {6906F1D6-4174-4B4B-A023-D68BE76C5779}
Content-class: urn:content-classes:message
Subject: RE: 3484bis and privacy addresses
Date: Thu, 05 Apr 2012 12:29:12 +0530
Message-ID: <454A16E4DA86094EB66BB2C1DBBBC0180796978B@XMB-BGL-41B.cisco.com>
In-Reply-To: <4F71F217.7000209@globis.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: 3484bis and privacy addresses
Thread-Index: Ac0MPnpod08JiVUiTzCsLTHstD7KwwGtnTkA
References: <4F716D5C.40402@innovationslab.net> <4F71F217.7000209@globis.net>
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Ray Hunter <Ray.Hunter@globis.net>, Brian Haberman <brian@innovationslab.net>
X-OriginalArrivalTime: 05 Apr 2012 07:01:36.0415 (UTC) FILETIME=[F1105AF0:01CD12F9]
Cc: "Prashanth Patil (praspati)" <praspati@cisco.com>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 07:01:45 -0000
Firewall policies are moving towards identity (user, user-group) + context (location, Bring your Own Device (BYOD)) attributes to enforce appropriate policies. In enterprises hosts with EAP kind of supplicants can be tracked even when the IP changes but for guests, BYOD without such supplicants IP address based authentication is still required and for such users, switches acting as DHCP relay agent can influence the DHCP server not to assign temporary addresses (http://tools.ietf.org/html/draft-reddy-mif-dhcpv6-precedence-ops-00) Regards Tiru. From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of Ray Hunter Sent: Tuesday, March 27, 2012 10:30 PM To: Brian Haberman Cc: ipv6@ietf.org Subject: Re: 3484bis and privacy addresses >From the corporate World: option A as default, with local user controlled option to override. RFC3484 (which references RFC3041) "Temporary addresses" are a menace to fault finding, audit, logging, firewall rules, filtering, QoS matching, conformance: anywhere where an ACL or stable address is used today. Sure we shouldn't use fixed/stable IP literals, but we do. And in many cases there aren't any practical alternatives in today's products, so the IP address is the lowest common denominator used to identify a machine (and dare I say even "a user" in some circumstances). Also not sure if any DHCPv6 server implementations actually provide DHCPv6 assigned temporary addresses in practice. My take on this is that a set of a few hundred individual persons who are worried about privacy are more likely to be able to control their own particular machines to correctly override the "default off" setting than a single corporate network manager is to be able to guarantee overriding a "default on" setting on 100% of 10000 machines attached to their network. regards, RayH Brian Haberman wrote: <div class="moz-text-flowed">All, The chairs would like to get a sense of the working group on changing the current (defined 3484) model of preferring public addresses over privacy addresses during the address selection process. RFC 3484 prefers public addresses with the ability (MAY) of an implementation to reverse the preference. The suggestion has been made to reverse that preference in 3484bis (prefer privacy addresses over public ones). Regardless, the document will allow implementers/users to reverse the default preference. Please state your preference for one of the following default options : A. Prefer public addresses over privacy addresses B. Prefer privacy addresses over public addresses Regards, Brian, Bob, & Ole </div> -- Ray Hunter Ray.Hunter@globis.net Globis Consulting BV, Fazantlaan 23, 5613CB Eindhoven NL, Registered at the KvK, Eindhoven, under number BV 17098279 mobile: +31 620 363864
- Re: 3484bis and privacy addresses Jong-Hyouk Lee
- 3484bis and privacy addresses Brian Haberman
- Re: 3484bis and privacy addresses JORDI PALET MARTINEZ
- Re: 3484bis and privacy addresses Arifumi Matsumoto
- Re: 3484bis and privacy addresses Basavaraj.Patil
- Re: 3484bis and privacy addresses Tassos Chatzithomaoglou
- Re: 3484bis and privacy addresses Teemu Savolainen
- Re: 3484bis and privacy addresses Francis Dupont
- Re: 3484bis and privacy addresses JORDI PALET MARTINEZ
- Re: 3484bis and privacy addresses Mohacsi Janos
- Re: 3484bis and privacy addresses Tim Chown
- Re: 3484bis and privacy addresses Roland Bless
- RE: 3484bis and privacy addresses Samita Chakrabarti
- RE: 3484bis and privacy addresses Eric Vyncke (evyncke)
- Re: 3484bis and privacy addresses Simon Perreault
- Re: 3484bis and privacy addresses Alex Abrahams
- Re: 3484bis and privacy addresses Tina TSOU
- RE: 3484bis and privacy addresses Wuyts Carl
- Re: 3484bis and privacy addresses Karl Auer
- Re: 3484bis and privacy addresses Karl Auer
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Francis Dupont
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Brian Haberman
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Manfredi, Albert E
- Re: 3484bis and privacy addresses Sander Steffann
- Re: 3484bis and privacy addresses Dominik Elsbroek
- Re: 3484bis and privacy addresses Karl Auer
- RE: 3484bis and privacy addresses STARK, BARBARA H
- RE: 3484bis and privacy addresses Karl Auer
- Re: 3484bis and privacy addresses Brian E Carpenter
- Re: 3484bis and privacy addresses Roger Jørgensen
- Re: 3484bis and privacy addresses Francis Dupont
- Re: 3484bis and privacy addresses jonne.soininen
- Re: Re: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses Doug Barton
- Re: 3484bis and privacy addresses t.petch
- Re: 3484bis and privacy addresses Alex Abrahams
- Re: 3484bis and privacy addresses Doug Barton
- Re: 3484bis and privacy addresses Mark Andrews
- Re: 3484bis and privacy addresses Fernando Gont
- RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses JINMEI Tatuya / 神明達哉
- Re: 3484bis and privacy addresses james woodyatt
- RE: 3484bis and privacy addresses Tirumaleswar Reddy (tireddy)
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Brian E Carpenter
- RE: 3484bis and privacy addresses Dave Thaler
- Re: RE: 3484bis and privacy addresses Ray Hunter
- RE: RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Dave Thaler
- RE: 3484bis and privacy addresses Dave Thaler
- Re: RE: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses Arifumi Matsumoto