IETF Logo Mail Archive

Re: Address privacy

Tom Herbert <tom@herbertland.com> Tue, 28 January 2020 22:45 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 820811200EF for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 14:45:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8vP6EzNMkIqH for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 14:45:31 -0800 (PST)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E459B12006D for <ipv6@ietf.org>; Tue, 28 Jan 2020 14:45:30 -0800 (PST)
Received: by mail-ed1-x52a.google.com with SMTP id p3so14747155edx.7 for <ipv6@ietf.org>; Tue, 28 Jan 2020 14:45:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5JfDyHpT1l+KD70K02MIfR+JkPYkJWUtOchhO1ll6IY=; b=rgv4AuAqxAC7VQF1FdxO/fpw8ciKoUQXJFOY6aEhWoRlhpGB1tlMOvbdjQtF7MbW37 tEVPI9JJC7LysLeVifL37fwRMYAj2Nq9uw+kMoOBKhV+H8OSRWqeq6CH+NPl2bUrK0qA FGcIAUrEVb351u9AfQrZFLCl2hqP9CH5/wO3KGrx9idCI3BQ3NX+SJNLAaCjGkt/edbD G2vgVhYLt3z4uPNidraKKVwRihJq1ntKy8CvCtuAiJ4Jjq0lxQWRFWSsHKDkUP8pDJa7 NbbUd403k/2HISYyyUVLo3E4pH2pHnz/HBXW6AHuGzbZ8fYOTofn6H92+A+AXkM4Ip7N KhRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5JfDyHpT1l+KD70K02MIfR+JkPYkJWUtOchhO1ll6IY=; b=nFCRRa3GUKNnIRKT9YetIaC5bSw8aGOPkCkBW40HI+KtLpu7UmkOwcxsPloqfrQsv8 8DD3qvSoJRmBoWMpGXo/pYZnjXS71+l3qGcDQqb80lEgfic323ftIBdi0OboFP+G+Cgx 5irX5JOOuS8H2ukzs/ciX/XNm4vYK5xpy2y2XGcv7T6uGV0e9YFVjwq4xIRSP/MkEFZj Atat5Cs4ZMAuu8teEnDa1/NG1AsgkTks0RwVuzzsLi07Zw08fvkANs2S2JS6gF9DgW7O c3++EYy3T4bYnk7+ZEIcsg74o346umpD8g71e30lfWwyYlInHymHif40B2SmB4dPmIY5 gD7w==
X-Gm-Message-State: APjAAAViEDO42PxK7DlwP5aZoJvAfiXdLysgYRfiaUnEE05sS9VsyhAC ULMbc8gc0fnIK/5J5qqPx2RH/D4Hxp7BB+LwRZfJZto1f3Y=
X-Google-Smtp-Source: APXvYqxFnBaeOqn0AmU5UK7H6oS110avreP6aa7k0XHbUXBjU1uEPgpjhs10lhNT3yw32tEnlxi5R71aM2TvwBbJToI=
X-Received: by 2002:aa7:d9c2:: with SMTP id v2mr5458443eds.88.1580251529345; Tue, 28 Jan 2020 14:45:29 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <32626.1580060558@localhost> <CALx6S37prWACD0jv9c-XHD-JtPqZAcgeT2Ax0EZHkiQaDR4t=g@mail.gmail.com> <419b7c7a-e364-7951-5a44-6c39e1da65fb@joelhalpern.com> <CALx6S36802oDaEgojAPq2c6hM_s1BayidXPh1Sc6RZmZa9UHpQ@mail.gmail.com> <6c5ba72d-9289-90ba-a1c9-2307ed29a4da@foobar.org> <a98bf2ab-32e7-459b-14d2-5e0e1c65a229@si6networks.com> <CALx6S36J5TPnXJQyMW2NUbQV6KL_oqUQ01m+BEzBJ+xcHpmQWw@mail.gmail.com> <bc0d1eb8-2301-224d-dc33-19f6a60e593e@si6networks.com> <CALx6S34i67ivt8t1P3omRVzsj9NfxY2t41JLjmjT6X0vtBQHKQ@mail.gmail.com> <1fc7816e-6179-28d6-7b11-be2027561a54@si6networks.com>
In-Reply-To: <1fc7816e-6179-28d6-7b11-be2027561a54@si6networks.com>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 28 Jan 2020 14:45:18 -0800
Message-ID: <CALx6S37KXfLE22uHMZTD41+jR7fdZd9PZGqO-r4SE2LehtN=Gg@mail.gmail.com>
Subject: Re: Address privacy
To: Fernando Gont <fgont@si6networks.com>
Cc: Nick Hilliard <nick@foobar.org>, 6man WG <ipv6@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/eDa3vFQ05VDRQVa1Ave4ijMQ8DE>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 22:45:35 -0000

On Tue, Jan 28, 2020 at 2:09 PM Fernando Gont <fgont@si6networks.com> wrote:
>
> On 28/1/20 16:50, Tom Herbert wrote:
> >
> >
> > On Mon, Jan 27, 2020, 7:57 PM Fernando Gont <fgont@si6networks.com
> > <mailto:fgont@si6networks.com>> wrote:
> >
> >     On 28/1/20 00:10, Tom Herbert wrote:
> >      > On Mon, Jan 27, 2020 at 5:36 PM Fernando Gont
> >     <fgont@si6networks.com <mailto:fgont@si6networks.com>> wrote:
> >      >>
> >      >> On 26/1/20 18:37, Nick Hilliard wrote:
> >      >>> Tom Herbert wrote on 26/01/2020 20:16:
> >      >>>> It's intuitive
> >      >>>> that a higher frequency of address rotation yields more privacy
> >      >>>
> >      >>> intuitive, but probably inaccurate because of the a priori
> >     assumption
> >      >>> that privacy is strongly associated with the endpoint identifier.
> >      >>
> >      >> In many cases, it is: you log in to fb with a given address, and
> >     reuse
> >      >> that address to do other stuf
> >      >>
> >      > Yes, that's the "always on" network application that would allow
> >      > address tracking and identification at even high frequency of address
> >      > change. An exploit based on that is described in section 4.4 of
> >      > draft-herbert-ipv6-prefix-address-privacy-00. I believe the only way
> >      > to defeat this exploit would be single use (per flow), uncorrelated
> >      > address.
> >
> >     Agreed. That said, temporary addresses, for obvious reasons mitigates
> >     activity correlation over time -- certainly not to the same extent that
> >     the paranoid "one address per flow" would.
> >
> >
> > Fernando,
> >
> > The rationale for temporary addresses may be obvious, but I don't
> > believe anyone has yet quantified the effects. For instance, RFC4941 is
> > thirteen years old, is there any evidence that it has materially
> > improved anyone's privacy? (I'm not being cynical, but I think it's a
> > fair question).
>
> I don't think you can quantify privacy. What would be the units for that?
>
> There's secrecy and not-secrecy. But with these things, you simply
> mitigate (to some extent) the ability to correlate network activity.
>
Fernando,

In the case of single use addresses, that is each flow gets its own
addresses, the privacy effects are quantifiable. Since each flow has a
different source address, no two flows or communications can be
correlated to being sourced from the same user. In this case, the
identifiers are not reused is used in multiple contexts, so it isn't
possible to correlate seemingly unrelated activity using an
identifier. When an identifier is reused for the same node, even once,
then the possibility of correlations exists.

>
>
> > One might compare this to the policy of some sys admins that users need
> > to change passwords regularly. The rationale is similar, but that
> > practice has been most debunked as not improving security and in fact is
> > more of a burden to users that providing any real value.
>
> I don't think it has been debunked. Certainly, if you change your
> password, you limit the ability of the attacker that had obtained your
> password from re-using the same credentials. (assuming they are not used
> for a system where they can install backdoors, etc.). Most things we
> emply for security have an associated lifetime...
>
It's a false sense of security. Here's a good analysis:
https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes

Tom

> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
>

v2.23.0 | Report a Bug | By Email