IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

Mark Smith <markzzzsmith@gmail.com> Thu, 23 January 2020 21:06 UTC

Return-Path: <markzzzsmith@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 008BA12082D for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 13:06:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.496
X-Spam-Level:
X-Spam-Status: No, score=-0.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ax9dBwNZKBKU for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 13:06:12 -0800 (PST)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E714120823 for <ipv6@ietf.org>; Thu, 23 Jan 2020 13:06:12 -0800 (PST)
Received: by mail-ot1-x32d.google.com with SMTP id g64so321512otb.13 for <ipv6@ietf.org>; Thu, 23 Jan 2020 13:06:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=hjdDt1N+ILTTsgTNARUj10sdrG5hvUQffHqnLesHrRE=; b=dl90EqJECSPOFf1J4U4KRIVBN6bqZHKuarIyNT45HUIaLYe0YAiThktzZJpzlE8QC0 BROzPIy9W81Sn61zMoKtMTg9QmFW8JgrfT//bAjff0OHJ3Y9QtZ4hLnKQH05v4fpXT92 2TeiobnfMEIK14rwLBTuQrhEzQizNFOYRCEzWoN7zWFD6yM+K2dOG26p6/28Aa6IZstD v/pt54vJ0salaBanULC7pwz34DozQQuV2+ChT5wsmVpm6q39QnFv5dC6QX7r93ugZfak O+fAZGMBsR8+vEK3zbT+8C3KvzxYvZ8v15FMOzAOOllmU2p1ieItBHO5HmKowlpI/aLi F1Ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=hjdDt1N+ILTTsgTNARUj10sdrG5hvUQffHqnLesHrRE=; b=bdPkLRUuuIyW1ACrjv2UGN2V/5Dr/Hz9kZrsBMi/sL/KOZ8H/OfxUCvi5eZynNLkjK gqzGZhGfJV4k5uOBDyiqomNoDqffclmX+u2YShzX5mqNpnJsKd6O9tIY8Vh2VzLDn3FM CXSx464MD8QqwX3gqzMPDZ0TSEIXBi+LWvUCzjkQL4r8J6AdPsmejbDg0kRQ0qXvEFwu 6GXeKwbrDV4HOqvUGk7rgzr05Q75KGvrGQoQUlFweXwBjKNX63X1h9GC+5OBSRcLvqns AKC5DI+gr20rPyra7c2dfZkUVSFyqc4yISj0ikfu8qKvRcBg94YSD4dzDErbdJEU7d1V f0HQ==
X-Gm-Message-State: APjAAAXUjLq7+bGrOkQMD+HdkovBZsGtPgz7W9FgIY59FfsJww9Hn2gW xBgAF4VxCcL6uaie646iQScCbtYa5mCLT0QJexU=
X-Google-Smtp-Source: APXvYqylsUVBK/3FaEL71MTbw6AsuIreJJ4RZyUny8vcjZHj2SZPLtLWtAtlMfykJtFfDwQG/YuZoIsVw9s/mKBudJk=
X-Received: by 2002:a05:6830:151a:: with SMTP id k26mr267528otp.74.1579813571798; Thu, 23 Jan 2020 13:06:11 -0800 (PST)
MIME-Version: 1.0
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net>
In-Reply-To: <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net>
From: Mark Smith <markzzzsmith@gmail.com>
Date: Fri, 24 Jan 2020 08:05:59 +1100
Message-ID: <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com>
Subject: Re: RFC4941bis: consequences of many addresses for the network
To: Jared Mauch <jared@puck.nether.net>
Cc: Tim Chown <Tim.Chown@jisc.ac.uk>, 6man WG <ipv6@ietf.org>, "Pascal Thubert (pthubert)" <pthubert@cisco.com>
Content-Type: multipart/alternative; boundary="000000000000c22a5e059cd502fc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/fb9DQom28mHlmCbsQPRfOQyUToM>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 21:06:14 -0000

On Fri, 24 Jan 2020, 00:37 Jared Mauch, <jared@puck.nether.net> wrote:

>
>
> > On Jan 23, 2020, at 8:32 AM, Tim Chown <Tim.Chown@jisc.ac.uk> wrote:
> >
> > The problem statement section in 4941bis is all about user privacy, no
> mention of operational / management complexity, or other “general problems”
> that SLAAC has.  It seems there are unstated problems here :)
>
>
> I would +1 this here.
>
> I would also generally question if rotating IPs is a adequate privacy
> protector considering there are other ways to identify users that are being
> (broadly) employed today.
>

This is the common "it's not perfect, so let's do nothing." Nothing ever
improves if perfect is the only threshold of acceptance. (Nothing is ever
perfect, there are always trade-offs. If you don't think there are
trade-offs, it just means you haven't identified them.)

At the IPv6 layer, we can't do anything about privacy issues at other
layers.

What we can do is improve privacy at the IPv6 layer. That helps reduce the
privacy attack surface. It adds to other measures, and prevents them being
defeated by the IPv6 layer.

Not providing IPv6 address privacy through temporary addresses will mean
people resort to the other address privacy measure they're familiar with,
and the one that makes IPv6 entirely pointless - NAT. Of course, it too
doesn't provide privacy at upper layers.


> The complexity that this introduces into networks for operational
> debugging (provider: what’s your IP address so I can debug? User: Well
> here’s the 20 on the host because I have limited lifetime privacy
> addresses, and I don’t know what outbound one it’s using for this
> connection.  Provider: What’s your IP address so I can debug?  Actually,
> can you just turn off v6 so I can debug your problem?  User: sure, I just
> want it fixed).
>

Anonymity/privacy and unique identity are naturally and will always be in
conflict.

Do we compromise a desire for end-user privacy 100% of the time things are
working correctly for the 0.00...% of the time the end-user is impacted by
a fault?

We have to accept that sometimes an operators' work may be harder than it
could be, and that an end user might suffer for longer in a failure
situation, when under the common case of non-failure situations there are
valuable end-user benefits.

Regards,
Mark.


> - Jared
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email