IETF Logo Mail Archive

RE: Stephen Farrell's Discuss on draft-ietf-6man-default-iids-16: (with DISCUSS and COMMENT)

"Christian Huitema" <huitema@huitema.net> Sat, 17 December 2016 19:54 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B952512995D for <ipv6@ietfa.amsl.com>; Sat, 17 Dec 2016 11:54:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q_Kqs5XHMa41 for <ipv6@ietfa.amsl.com>; Sat, 17 Dec 2016 11:54:42 -0800 (PST)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 689C61296EC for <ipv6@ietf.org>; Sat, 17 Dec 2016 11:54:42 -0800 (PST)
Received: from xsmtp06.mail2web.com ([168.144.250.232]) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1cIL44-0005Wo-Ic for ipv6@ietf.org; Sat, 17 Dec 2016 20:54:41 +0100
Received: from [10.5.2.35] (helo=xmail10.myhosting.com) by xsmtp06.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1cIKz8-0007BU-FI for ipv6@ietf.org; Sat, 17 Dec 2016 14:49:38 -0500
Received: (qmail 16580 invoked from network); 17 Dec 2016 19:49:33 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[172.56.39.17]) (envelope-sender <huitema@huitema.net>) by xmail10.myhosting.com (qmail-ldap-1.03) with ESMTPA for <6man-chairs@ietf.org>; 17 Dec 2016 19:49:33 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Tim Chown' <Tim.Chown@jisc.ac.uk>, 'Fernando Gont' <fernando@gont.com.ar>
References: <148163723896.29410.4395729745467243392.idtracker@ietfa.amsl.com> <F2B82D3E-A06C-4A72-8E23-61B0BEB2CC04@cisco.com> <c8274d4f-5b4d-a008-7f80-506a74115d81@gmail.com> <6086C482-FDBD-4A97-890B-E4C10D35D474@jisc.ac.uk> <fa600cd8-9892-90e2-d93d-07d02ef1ff93@gont.com.ar> <A5B46E4A-3D66-48C1-A8C6-7619B4E6B1C9@jisc.ac.uk>
In-Reply-To: <A5B46E4A-3D66-48C1-A8C6-7619B4E6B1C9@jisc.ac.uk>
Date: Sat, 17 Dec 2016 11:49:29 -0800
Message-ID: <032401d2589e$af9fd3d0$0edf7b70$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIU+qbarZrWV7dqseUN20dRDD4yZAC6HxmLAO6R2eABaU/uaQKjRScmAsJpyi6gQ4UXkA==
Content-Language: en-us
Subject: RE: Stephen Farrell's Discuss on draft-ietf-6man-default-iids-16: (with DISCUSS and COMMENT)
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dF092GArb6kyBXD11EAERgQ0HbLcIXRK+rCYHS2Pxr4sUvWQm1ERVuodk8O3ETzMD85B Q+5XLzAYHZhnNvmlH/ew796aOFUL8/WT0n5tyKoCdcmtTcWSOKD5RASVzg27isAXVRQgHbLLzV7b 3SwTZqt5kYwBFjHSX1ySASMY7Q8kB9L5ZtBNVI+9Qx1iUeEDv6vlm5bIS/7+niZp9XBOa3yfIyPa B+nRnOnncyxSbUjNQcVc7DCeSlpKhzvl7ajXRucORJzL3o1PImT0GNRxIHUMQOp+UtDOd2Xrp4Ao XsNbR5gKbK3xJI2P/mgJSlQCj8ajQpZU2HoSraNABsQx+TneNHk15VolAGHS5rCXQKDy7WmLSP+L g+ESZWbM7Yv2tv4nD/5nJ2uhobXclUauFd2nNgqa/CCGIrC+9iFtJySZiR3bHfnMCIEU+nrglojK wD9TAOxA+4LNeua6YnevHxNnmFCUctm6OHeH6tWPSXJE7T02ZXdoQxMs//iOE4FlhnMcN6qoXPje nLhIOF1oeRYE83tH9htpyVATiooT/rJiGHIfgXXvuhI9vwJN89WVO9R0tarUwIt7i7NiVJNL9jNC r2VPLfZa8ts/I6OTYjIAMS+4ayUpOtEhdxekWDmK9g==
X-Report-Abuse-To: spam@quarantine5.antispamcloud.com
X-Originating-IP: 168.144.250.232
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.33)
X-Classification: unsure/combined
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/WIVhPoHegyDCeLTBjlTT11wTby0>
Cc: "'Alissa Cooper (alcoop)'" <alcoop@cisco.com>, "'Robert M. Hinden'" <bob.hinden@gmail.com>, draft-ietf-6man-default-iids@ietf.org, 'IESG' <iesg@ietf.org>, ipv6@ietf.org, 6man-chairs@ietf.org, 'Stephen Farrell' <stephen.farrell@cs.tcd.ie>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Dec 2016 19:54:44 -0000

On Thursday, December 15, 2016 1:23 AM, Tim Chown wrote:

> On 14 Dec 2016, at 21:27, Fernando Gont <fernando@gont.com.ar> wrote:
>> ...
>> This is a side comment, but the benefits in such case are debatable.
>> Changing the IID within the same network over time may not buy you much
>> since, e.g.:
>> 
>> 1) traffic patterns may leak your identity anyway, and... it's not clear
>> to what extent changing every 24hs vs not changing is worth the
>> operational expense. (OTOH, change it as you move buys you something...
>> although in this case, it's a design goal of RFC7217).

Of course, there are other identity cues besides IP addresses. HTTP cookies, for example. Hosts that want privacy need to manage for that across multiple layers. But if we assume that kind of host management for privacy, then changing addresses does help.

>> 2) If there are not many hosts in the same subnet, changing the IID over
>> time within the same network will not conceal your identity a lot.
>
> Right, but I think the privacy argument is that it all helps.  

It does. There are two issues, hide the identity from local hosts, and hide the identity from remote hosts. It is true that just changing the IID does little to hide the identity from local hosts. To achieve that, the host would need to disconnect, change its MAC address, host name, and DHCP ID, and reconnect. With RFC7217, that may mean changing the local secret that goes in the IID computation formula. Even so, the host would have to be careful with all timing correlation, not to mention all kinds of metadata hiding in various places. 

But changing the IID removes the ability for remote hosts to use the IPv6 address as an identity cue. And that's definitely a good idea.

>> I see RFC7217 and RFC4941 as tools. Depending on the scenarios, and how
>> you use these addresses, you may get the best tradeoff by using only ne
>> of them, or some combination of them. please see e.g.,
>> draft-gont-6man-address-usage-recommendations
>
> Agreed.

The current proposal is designed so that a given host will always use the same IID on a given network. This is certainly a nice property for some network managers, but it is just one of the possible tradeoffs between manageability and privacy. There are other tradeoffs. For example, a privacy oriented extreme would be, changing the IID each time a machine wakes up. An in between would be, change every so many days. Once the current draft is published, maybe we need to work on another RFC explaining how to manage addresses for privacy.

-- Christian Huitema

v2.23.0 | Report a Bug | By Email