Re: I-D Action: draft-ietf-6man-ipv6-address-generation-privacy-01.txt
Fernando Gont <fgont@si6networks.com> Fri, 14 February 2014 22:17 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A5BE1A01D1 for <ipv6@ietfa.amsl.com>; Fri, 14 Feb 2014 14:17:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IbkXi_J_6BcL for <ipv6@ietfa.amsl.com>; Fri, 14 Feb 2014 14:17:41 -0800 (PST)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 16B941A00FA for <ipv6@ietf.org>; Fri, 14 Feb 2014 14:17:40 -0800 (PST)
Received: from [2001:5c0:1400:a::dfb] by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.82) (envelope-from <fgont@si6networks.com>) id 1WER4h-0005Jk-BW; Fri, 14 Feb 2014 23:17:35 +0100
Message-ID: <52FE95ED.7090900@si6networks.com>
Date: Fri, 14 Feb 2014 19:17:17 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: Christian Huitema <huitema@microsoft.com>, Alissa Cooper <alissa@cooperw.in>, "ipv6@ietf.org" <ipv6@ietf.org>
Subject: Re: I-D Action: draft-ietf-6man-ipv6-address-generation-privacy-01.txt
References: <20140214184335.29433.45425.idtracker@ietfa.amsl.com> <CF23A554.13ED6%alissa@cooperw.in> <C91E67751B1EFF41B857DE2FE1F68ABA3DFC18C5@TK5EX14MBXC302.redmond.corp.microsoft.com>
In-Reply-To: <C91E67751B1EFF41B857DE2FE1F68ABA3DFC18C5@TK5EX14MBXC302.redmond.corp.microsoft.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ipv6/eoyIdFKDML61jKIVaIdpXgCOW24
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Feb 2014 22:17:52 -0000
Hi, Christian, On 02/14/2014 06:43 PM, Christian Huitema wrote: > I read this draft, and while I generally agree with the discussion, I > feel that a particular angle is missing, the relation between IPv6 > address and MAC address tracking. > > There are tracking systems that can record and correlate the MAC > addresses of mobile nodes as they connect to various networks. Yes, as e.g.: <http://www.ftc.gov/news-events/blogs/techftc/2014/02/my-phone-your-service>. > The > obvious countermeasure is to randomize the MAC address. This has issues. Do you randomize the the whole six bytes of the address? Not that MAC addresses are guaranteed to be unique (MAC address duplication is well-known) -- but if you do randomize the MAC address, the collisions are of course more likely. Besides do you randomize it each time you connect to a network? If you do, you might end up with a different IPv6 address each time (this will be guaranteed if your doing traditional SLAAC, but may be the case with stable-privacy if you employ the mac address as the interface_id). While this wouldn't be an issue for the roam around cyber-cafes scenario, it is probably not desirable for e.g. enterprises. Also, what if I want to keep my TCP connections open in the presence of a temporal link disconnection? So it looks like you'd want to implement some sort of stable-privacy but for the MAC address... > The question then is whether the IPv6 would remain constant even if > the MAC address changed. There are generation schemes where the > address would remain constant. CGA for example only depends of the > IPv6 header and the public key. Stable IID would remain constant if > the network interface parameter used in the generation (Net_Iface) > remained constant, e.g. was based on the interface name. It would > obviously change if the interface was identified by the MAC address. (Apologies for responding before reading your whole message :-) ) > Can we add a discussion of the issue to this address privacy draft? I personally have no issues. My only "concern" is that if we start discussing IDs other than the IPv6 addresses, we might later discuss e.g. layer-7 stuff. Not that layer-2 and layer-7 privacy issues are uninteresting.. but rather than the more focused we stay, the more tractable the problem is. Thanks! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- I-D Action: draft-ietf-6man-ipv6-address-generati… internet-drafts
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Alissa Cooper
- RE: I-D Action: draft-ietf-6man-ipv6-address-gene… Christian Huitema
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Fernando Gont
- RE: I-D Action: draft-ietf-6man-ipv6-address-gene… Christian Huitema
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Fernando Gont
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Mark ZZZ Smith
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Fernando Gont
- Re: I-D Action: draft-ietf-6man-ipv6-address-gene… Mark ZZZ Smith