IETF Logo Mail Archive

Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)

Christopher Morrow <christopher.morrow@gmail.com> Wed, 07 June 2017 03:48 UTC

Return-Path: <christopher.morrow@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9250A129BDA for <ipv6@ietfa.amsl.com>; Tue, 6 Jun 2017 20:48:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t9Xjp8OUSwYR for <ipv6@ietfa.amsl.com>; Tue, 6 Jun 2017 20:48:10 -0700 (PDT)
Received: from mail-qt0-x230.google.com (mail-qt0-x230.google.com [IPv6:2607:f8b0:400d:c0d::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF4EE129B9B for <ipv6@ietf.org>; Tue, 6 Jun 2017 20:48:09 -0700 (PDT)
Received: by mail-qt0-x230.google.com with SMTP id u12so853106qth.0 for <ipv6@ietf.org>; Tue, 06 Jun 2017 20:48:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=/11PpIj5VClQy4hjO31YzbqT19bPlkdyI13S3kJz9Rg=; b=SeVilZNFYWPIXL3ZcEGm5/wirn9tZAESOSqsNOf651p3ld4pFt/CWvGWJnBBFmoAGO 0uNQJY2hy393it5z18BfY8lc2rhPbagpOaA68Kik6b3gSXNJa+62X2ry+1YzXtidsPaZ PhrLagSwoXZObZKorqRUEDQhCAl858Z/o2XUp8OpHj0Kft7SURyyLGgqcdhYr+7GDFBT ivXKsreBk20FftjpI5WTApx3/G0v+OpeRGCMqhsA+Xvy7nEZ+6dE4a+uW199KdWqIxM4 MMW5aKggDZ7/+73RojHl1K+n0rEyfo1esbWeeA1rugVorc/MnOfPwV+A8XwYj9Zyt9RU zGgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=/11PpIj5VClQy4hjO31YzbqT19bPlkdyI13S3kJz9Rg=; b=Jle+VQZz3sL9ZQNOOMyQvnthRghUwDfTcZ6zD3B8og/QrtQZ0vlRRRrAaNeEkuDioJ pwaa6hc81FdvuupzZAwVPu5VZsQ2yenrfheSy5BDb28B6CWutzfWc3WjgvU8GElS9aUI kbTEKzsgXapNQt7bWIhP0tuNBT2sGu1Gs1K72kfxpJmM8RgZReIJ25pkm//blEW+ZsNg egtNwWqGa8ByVCE2fLBWDCc6lxY0NZP1/04V82shNaw3fpDYbnCGDMEL+QgXUxvdzP3P tFlBe1ueRaVP54wxy9q0Qp14lSekNAgpbT0AyGd9i9zBcM+ktvtw2vfHt5AOaqix8/Gw Jx0w==
X-Gm-Message-State: AODbwcCAQ9gJPmyUFee3415+9JXK9cYXuq36jgaucU1MbzAR7QoKGOIW 1RnV04O3vjFVNidtlIMCJKrS74QCGA==
X-Received: by 10.237.48.161 with SMTP id 30mr36997118qtf.201.1496807289206; Tue, 06 Jun 2017 20:48:09 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.86.106 with HTTP; Tue, 6 Jun 2017 20:48:08 -0700 (PDT)
In-Reply-To: <EB4E2A17-B77F-40B8-B565-B3BBC1E378B3@gmail.com>
References: <CAO42Z2ziUZnK+n2f9N_Xvb5TZBppApXgNSmDsRLxaT1_taLvFw@mail.gmail.com> <EB4E2A17-B77F-40B8-B565-B3BBC1E378B3@gmail.com>
From: Christopher Morrow <christopher.morrow@gmail.com>
Date: Tue, 06 Jun 2017 23:48:08 -0400
Message-ID: <CAL9jLaZY73sFC2BfJkkuGMWdWhvGqYADNE8Txst2=FzcPRtHaw@mail.gmail.com>
Subject: Re: Giving up security & privacy when manually configuring addresses - rfc4291bis text (Re: draft-bourbaki-6man-classless-ipv6-00)
To: Fred Baker <fredbaker.ietf@gmail.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Job Snijders <job@instituut.net>, Erik Kline <ek@google.com>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0cb03ac53e6c0551569aab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/YqF6IwBc6ByN2kDlBfMVgBXQW-k>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Jun 2017 03:48:11 -0000

On Tue, Jun 6, 2017 at 11:37 PM, Fred Baker <fredbaker.ietf@gmail.com>
wrote:

>
> On Jun 6, 2017, at 6:23 PM, Mark Smith <markzzzsmith@gmail.com> wrote:
> >
> > That doesn't mention that security and privacy properties of addresses
> > will be compromised if the manually configured addresses are from a
> > small prefix.
>
> Or advertised in DNS?
>
> I would expect that any address configured manually would also be
> advertised in DNS, the latter being the reason for the former. If the
> address is publicly announced, does one have a reasonable expectation of
> privacy?
>
>
for the router interface case there's also just:
  1) traceroute, see interfaces in question
  2) ddos engine on!

there are many ways to skin this cat, address 'privacy' here isn't really
the thing that helps (make routers less vulnerable to randos and packet
cannons)

v2.23.0 | Report a Bug | By Email