IETF Logo Mail Archive

Re: Last Call: <draft-ietf-6man-stable-privacy-addresses-06.txt> (A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)) to Proposed Standard

Fernando Gont <fgont@si6networks.com> Sat, 27 April 2013 23:34 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D278521F9921 for <ipv6@ietfa.amsl.com>; Sat, 27 Apr 2013 16:34:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.5
X-Spam-Level:
X-Spam-Status: No, score=-2.5 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DaDlDsTtzMto for <ipv6@ietfa.amsl.com>; Sat, 27 Apr 2013 16:34:38 -0700 (PDT)
Received: from web01.jbserver.net (web01.jbserver.net [IPv6:2a00:d10:2000:e::3]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4F921F98DA for <ipv6@ietf.org>; Sat, 27 Apr 2013 16:34:38 -0700 (PDT)
Received: from 26-174-16-190.fibertel.com.ar ([190.16.174.26] helo=[192.168.1.113]) by web01.jbserver.net with esmtpsa (TLSv1:DHE-RSA-CAMELLIA256-SHA:256) (Exim 4.80.1) (envelope-from <fgont@si6networks.com>) id 1UWEd7-0001Hr-Fe; Sun, 28 Apr 2013 01:34:09 +0200
Message-ID: <517C606A.1070204@si6networks.com>
Date: Sat, 27 Apr 2013 20:34:02 -0300
From: Fernando Gont <fgont@si6networks.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: Hosnieh Rafiee <ietf@rozanak.com>
Subject: Re: Last Call: <draft-ietf-6man-stable-privacy-addresses-06.txt> (A method for Generating Stable Privacy-Enhanced Addresses with IPv6 Stateless Address Autoconfiguration (SLAAC)) to Proposed Standard
References: <20130412153453.14361.46272.idtracker@ietfa.amsl.com> <72EABFA7-B3E7-4FEF-BABD-4296243AABDC@cdt.org> <6.2.5.6.2.20130427082657.0b4bbbb0@resistor.net> <000001ce4367$8720f6a0$9562e3e0$@rozanak.com> <6.2.5.6.2.20130427112650.0ccb2e60@resistor.net> <000601ce437c$4e5322c0$eaf96840$@rozanak.com>
In-Reply-To: <000601ce437c$4e5322c0$eaf96840$@rozanak.com>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Cc: 'Alissa Cooper' <acooper@cdt.org>, ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Apr 2013 23:34:44 -0000

Hosnieh,

On 04/27/2013 04:20 PM, Hosnieh Rafiee wrote:
> I do not think repeating what I explained before will be of much help. I
> never received any responses from my last discussions with Fernando so I am
> not going to continue that discourse.

FWIW, I responded to your messages. However, most of them did not really
have to do with this document.



> I agree with the part where he focuses on an algorithm for IID generation,
> but this will have no effect on  privacy so claiming to solve the privacy
> problem by keeping the same IID for a node in a same network is not true.

Please read:

Dupont, F., Savola, P. 2004. RFC 3041 Considered Harmful. IETF
Internet-Draft (draft-dupont-ipv6-rfc3041harmful-05.txt), work in progress.

Escudero, A. 2002. PRIVACY EXTENSIONS FOR STATELESS ADDRESS
AUTOCONFIGURATION IN IPV6 - ‘REQUIREMENTS FOR UNOBSERVABILITY.
RVK02, Stockholm. Available at:
http://web.it.kth.se/~aep/PhD/docs/paper3-rvk2002.pdf



> This means that if I do not use a mobile node, I will generate the same IP
> address until I receive another prefix from the router.

If you are a single node on a givn network, changing your address
doesn't help much.


> He claims this is
> good for printers or nodes that need a fixed IP address. 

I never claimed this. And discussion gets a little bit weird when you
argue that people claimed things they didn't.



> He believes that
> having a different IID from the same router prefix does not help with the
> privacy. 

If you read draft-ietf-6man-stable-privacy-addresses, you'll realize
that this method is not meant to be a substitution of RFC4941. We just
note that, in some scenarios, it might be good enough.


> But I strongly disagree with this. During the time that the node
> has the same IID, I as an attacker can easily track this node and, gain
> enough information about this node, for later when the node comes with a
> different router prefix, I have more chance to correlate this node with the
> previous data I obtained from it while it had the IID with previous router
> prefix.

Not sure what you mean. Please elaborate.


> About having the same IID for some nodes, I think that this is really
> related to the network policy and has nothing to do to with standards but Is
> more a deployment issue. 

We do care about deployment, don't we?



> Currently some network administrators themselves
> consider this issue so there is no need to tell them how to do this. 

huh?

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email