IETF Logo Mail Archive

Re: Status of Privacy Extensions for Stateless Address Autoconfiguration in IPv6

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 02 April 2020 12:49 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 776623A0CDE for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 05:49:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.668
X-Spam-Level:
X-Spam-Status: No, score=0.668 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FORGED_GMAIL_RCVD=1, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8MdGMJacxxTf for <ipv6@ietfa.amsl.com>; Thu, 2 Apr 2020 05:49:46 -0700 (PDT)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C88103A0CDD for <ipv6@ietf.org>; Thu, 2 Apr 2020 05:49:45 -0700 (PDT)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 032CnilD024049; Thu, 2 Apr 2020 14:49:44 +0200
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 16D73209C39; Thu, 2 Apr 2020 14:49:44 +0200 (CEST)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 08B8F200D02; Thu, 2 Apr 2020 14:49:44 +0200 (CEST)
Received: from [10.11.242.37] ([10.11.242.37]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 032Cnhuk010591; Thu, 2 Apr 2020 14:49:43 +0200
Subject: Re: Status of Privacy Extensions for Stateless Address Autoconfiguration in IPv6
To: Fernando Gont <fgont@si6networks.com>
References: <02C1F5E2-2CA6-4555-8623-D11E82A0B4E7@gmail.com> <b36015ea-6de5-f562-1328-0a047b1ad6ee@gmail.com> <2931a700-51e9-88bf-a3a6-113b3bdeaaa4@gmail.com> <007cd7e4-6a37-604b-2c25-940cfb2f0e79@si6networks.com> <aec5b715-8690-1922-8ec1-90b9de5a53a7@gmail.com> <1e3c3741-c0eb-31e8-0013-7dc6c529d2a6@si6networks.com>
Cc: ipv6@ietf.org
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <7c7e6b54-6519-856c-59ea-3cf4b1d8d808@gmail.com>
Date: Thu, 02 Apr 2020 14:49:43 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <1e3c3741-c0eb-31e8-0013-7dc6c529d2a6@si6networks.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/fYt91InwpGBxqdwNPV1Y07wmKPw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2020 12:49:48 -0000

Le 02/04/2020 à 14:35, Fernando Gont a écrit :
> On 2/4/20 09:23, Alexandre Petrescu wrote:
>> 
>> 
>> LF/HF
>> 
>> Le 02/04/2020 à 13:36, Fernando Gont a écrit :
>>> Hi, Alexandre,
>>> 
>>> On 2/4/20 07:08, Alexandre Petrescu wrote:
>>>> Hi,
>>>> 
>>>> draft says:
>>>>> This document describes an extension that causes nodes to
>>>>> generate global scope addresses with randomized interface
>>>>> identifiers that change over time.
>>>> 
>>>> It is not sufficient to use randomized IIDs to offer a sense of
>>>>  privacy.
>>>> 
>>>> The network prefix might need to not be fixed either.
>>>> 
>>>> It is not only about changing the IID over time, it is also the
>>>> fact that the length of that IID is likely to be fixed
>>>> forever.
>>>> 
>>>> With these two things at hand: fixed length of IID, and single
>>>>  prefix advertised by the router for SLAAC, an adversary might
>>>> do attacks on privacy, despite the IID changing over time.
>>> 
>>> This was already discussed on the mailing-list, is noted in the
>>> draft,
>> Do you mean this in the draft?
> 
> Yes.
> 
> 
>>> If the network contains a very small number of nodes, say, just
>>> one, changing just the interface identifier will not enhance
>>> privacy, since the prefix serves as a constant identifier.
>> 
>> Would it be possible to specifically say this: "not only the the
>> contents of a prefix is constant, but its length is a constant as
>> well."
>> 
[...]
> Not sure what you mean. At the time of this writing, SLAAC mandates 
> /64s. This document has not say about the prefix length.  Am I
> missing something?

We work on a draft for SLAAC with variable length (not only 64).  You
dont miss anything.  It is an individual proposal.  We have not posted
the draft to IETF because various deadline problems, but it's there on 
github.

The Internet Draft rfc4941bis does say 'length' at several places.

>> Would it be possible to suggest a requirement like this: "It is a
>> requirement that the network accepts a prefix dictated by the UE"

This ^ has nothing to do with SLAAC and 64.  It is about the network 
accepting or refusing that it is the Host who suggests the prefix, not 
the network.

Alex

> 
> 
> Thanks,

v2.23.0 | Report a Bug | By Email