IETF Logo Mail Archive

Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)

Ca By <cb.list6@gmail.com> Sat, 25 January 2020 19:57 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78D2B12007C for <ipv6@ietfa.amsl.com>; Sat, 25 Jan 2020 11:57:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.747
X-Spam-Level:
X-Spam-Status: No, score=-1.747 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7fEiuv41AVRM for <ipv6@ietfa.amsl.com>; Sat, 25 Jan 2020 11:57:33 -0800 (PST)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F24312001E for <ipv6@ietf.org>; Sat, 25 Jan 2020 11:57:33 -0800 (PST)
Received: by mail-il1-x133.google.com with SMTP id x2so689986ila.9 for <ipv6@ietf.org>; Sat, 25 Jan 2020 11:57:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0dauahpiZr3sE0XjBI/Y2ZK/5R8e6H1HWG2WGcQFAzU=; b=NMtdAMrqFlg7UpQDkrpsOp/CHlRTpRkQU4MryvdX6ErCnSf0gR4XrJtFGT/SZa+md9 IAZSGZbgmWNpttXMctJ8g6j6yAi7r6QLFIG52CG+a8cFtyHjs72RUSNVYlEcD4jm6Jwo UU146BA8kiRA5p7uw0j1MXNh8xUDE28NQsq6FwJkx971+BO8kvQtUFIRox98JSZBIgDT 9KyRp/MDc3f5JmeG+BMCeZSNBQFZMZ7Vh+0qpZ1HEvF+iu3Ak1zkAqsAqVNQy2R6NQ8O YPU4f8BS6eQ98V52JlZzl3iBM9wAt4mPr2hw6LrUR44BpbdN62wciIjbpOHYdL/BRNF9 CoBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0dauahpiZr3sE0XjBI/Y2ZK/5R8e6H1HWG2WGcQFAzU=; b=IlBX3eOKCVntt/rsga2C0T5hi94B9b6SQ+dP/ra5NgjMaswOlw47Dqz/ZlPkX8v7Hu Zq7LvKYiCvTnggHD22XUmbartCtGxR9Xu077Aw6dEa1rouSeIQnzuWTC2Sb75hbTb8wM mMZcKW4FN0zY0Z6rCHBVuv6KXW+ru6gnRbQQUmPLomgVqgmtf6759vNKXAMnLyST3kqb fgKG4oEGo/oLSZ8Z5cgy0Dr6k2zxOKX1Sr72X9A/gVfeBdP3VHUj8ggU8rTypC9N+mh2 qGd2DoCPDLtDNVozHKEx916jfC8EbWUDGaDy732yD6aW8Bz48AE0wpJEerXoO0HkimEg wTIQ==
X-Gm-Message-State: APjAAAUr3M93uKK0Ax7zLAHexyHnCg1u3jelDjt4nPTuaHCp3p2Qvcr4 PDJGBlX7zcSqnLxfdLj9fRZMMRvCOk8CT+q1gLc=
X-Google-Smtp-Source: APXvYqyXOEwB8EirdvJc3YUralqRV1w7EO4H1V9o7dgRQPGnxS2ug1sqbl/bNf8eSp6JpPTU1BvQummdTHuf3ORLvdA=
X-Received: by 2002:a92:8dc3:: with SMTP id w64mr8041021ill.68.1579982252514; Sat, 25 Jan 2020 11:57:32 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com>
In-Reply-To: <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com>
From: Ca By <cb.list6@gmail.com>
Date: Sat, 25 Jan 2020 11:57:21 -0800
Message-ID: <CAD6AjGSSU5oe7BQo78rGXXF0nwT_8YeVPj71jbujkmcEN4PycQ@mail.gmail.com>
Subject: Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)
To: Tom Herbert <tom@herbertland.com>
Cc: 6man WG <ipv6@ietf.org>, Christian Huitema <huitema@huitema.net>, Michael Richardson <mcr+ietf@sandelman.ca>
Content-Type: multipart/alternative; boundary="000000000000e9a1d7059cfc4843"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/c5AO0CT_67SXCRHAN_42ZbxFtgQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Jan 2020 19:57:36 -0000

On Sat, Jan 25, 2020 at 11:48 AM Tom Herbert <tom@herbertland.com> wrote:

> On Sat, Jan 25, 2020 at 11:21 AM Michael Richardson
> <mcr+ietf@sandelman.ca> wrote:
> >
> >
> > Ted Lemon <mellon@fugue.com> wrote:
> >     > Another solution that could be useful is to do connections through
> an
> >     > anonymity concentrator that tunnels your flow to the selected
> server.
> >     > The idea here is that your ISP (but it doesn’t have to be your
> ISP!)
> >     > has a bunch of anonymity boxes sitting in their data centers, and
> when
> >     > you want to connect to foo.com <http://foo.com/>, you establish a
> >     > connection to the anonymity server.   The anonymity server
> constructs a
> >     > new 5-tuple using its own fixed IP address.   This is effectively
> a NAT
> >     > translation, and of course it can maintain a set of IP addresses
> large
> >
> > Except that instead of doing it at layer 4, you do it with IPsec, and
> extrude
> > that /128 to your machine.  This is already a thing :-)
> >
> >     > Another solution I’ve considered is to have a giant anonymity mesh,
> >     > with every ISP’s user participating, and forward flows through this
> >     > mesh, treating each customer as an anonymity server.   I think
> this is
> >
> > This is also a thing called Tor.
> >


+1, dont re-invent Tor


> Michael,
>
> Doesn't that require that the users must explicitly configure when
> they want privacy? I think a general solution should be transparent to
> the user and "just works" to ensure their privacy. That in fact is one
> of the arguments for NAT. If there is a significantly large enough
> pool of users behind a NAT device, then the obfuscation is transparent
> to the use and seems to be pretty good privacy (good enough that law
> enforcement is concerned about NAT). I suppose a similar effect could
> be achieved with a transparent proxy.
>

CGN/NAT logs all your sources and destinations.

The network operators will say they must do it for LEA compliance.

But once it is logged and stored it is available for nefarious hackers and
big data marketing folks.

That said, most of you in north america have ipv6 on your phones. Do you
feel that behavior of cycling addresses is not sufficient (barring ATT
which proxies all HTTP afaik) ?




> You might want to take a look at
> draft-herbert-ipv6-prefix-address-privacy-00.
>
> Tom
>
> > --
> > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
> >  -= IPv6 IoT consulting =-
> > --------------------------------------------------------------------
> > IETF IPv6 working group mailing list
> > ipv6@ietf.org
> > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> > --------------------------------------------------------------------
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email