IETF Logo Mail Archive

Re: Disabling temporary addresses by default?

Lorenzo Colitti <lorenzo@google.com> Mon, 03 February 2020 00:11 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76AF51201E4 for <ipv6@ietfa.amsl.com>; Sun, 2 Feb 2020 16:11:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GVQPJUf30_Zx for <ipv6@ietfa.amsl.com>; Sun, 2 Feb 2020 16:11:21 -0800 (PST)
Received: from mail-io1-xd31.google.com (mail-io1-xd31.google.com [IPv6:2607:f8b0:4864:20::d31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A9FE120147 for <ipv6@ietf.org>; Sun, 2 Feb 2020 16:11:21 -0800 (PST)
Received: by mail-io1-xd31.google.com with SMTP id z8so14784343ioh.0 for <ipv6@ietf.org>; Sun, 02 Feb 2020 16:11:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DcKnTny2EgmWYTzEEljXSTIw2duXSRU5cIJwDh14Z/Q=; b=N4ePxlgh8xj0MBUu1digLvEnN2V1H+6yH4hSC7pNFinTnnvMN/EQW1aVIEFq69KBz/ 7ou4KC9M+bO7eC52HH2xbmGHFGeaGBymqOYwgVCHQq5x133CiSZQ+hyCXy3wkcLOj/zR ysdT68JZbYkuwowDNL2ghMuYAR1Xq9dtWySc9q/3KAwB8nWianZ6WmAEskwiC0fPtuSx Po52YchBZFk7KNeT4rTVMqnHSPf7E6yE4yqurvt7bBBytgn0U2WVziCJXFFu4cVh6+cX xohEoegq32jMFkSqRUz9Ezkv0vPhDShG7f4h4D0+N/aBa7zRfYcri1Ls72QWFzP2mB4M KFMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DcKnTny2EgmWYTzEEljXSTIw2duXSRU5cIJwDh14Z/Q=; b=qBTUyqTpBhRhUaauMiYvOuzumc23D9ZnfiFyAyEdInYEOC8/CEa63sOLaPVnpoIQd2 EwvKUK9J7x0NfG+G6brNH2De534horOTPzdn9ozxYzxhHrrDYyW3xEmGE43OO/bPL6aj +G99gsF7xYZV4jXybYgncWurV4NRTQJqPAXyk2cEaXeKJ6Y+yC13XcDmtrlF/1F3zRwA Dpry45vjCxIlOu7ZS/YGZ5F0G5P0O40RkTQOjvO40YFMZgSWdYgv4HFaiUu6zFOSmvwf UqlZN5d+zgjjqW0+/eShKD08VKdWvpDEI+nuw6T5AbEnSh7Oh/YG8eia84Z4cU+ZUV6P Si+A==
X-Gm-Message-State: APjAAAVx0q+9NIzHslxpVDkNqlWMT0wrOLpMuQbKGcF7iifBsovlnl2k ZcQylvbcJbZil6TKaCbCxPUxUNYEfh3otxGDavcBGg==
X-Google-Smtp-Source: APXvYqz5oz7rPlFgf1N4mmlAbYhoUXDC1A9CuqvETq9h0xfesfiX6xJi4UXOP5/LD7xftbyHftzaFtb8sDmDsT/Y5mc=
X-Received: by 2002:a6b:5905:: with SMTP id n5mr17261455iob.242.1580688680164; Sun, 02 Feb 2020 16:11:20 -0800 (PST)
MIME-Version: 1.0
References: <CAKD1Yr11_SSUkCBuQ3-h+eRg0LPZQdhe+h7f0YZy9TiyRWj6mw@mail.gmail.com> <751D59E0-F60B-4FE1-840F-3FEAB82F618F@huitema.net> <c058863d-9e29-3ddb-a020-0ebadef26ad4@si6networks.com> <CABNhwV0KsKN7LQY2D-BJkCtvB40oZCT65EmOCr0oE56c9g7-aQ@mail.gmail.com> <CAKD1Yr05GqFr1r018qHZev8SB6Gd=zm_45TtuShQH_5PVkXpKw@mail.gmail.com> <90119933-89cf-dbc3-2e7e-434229f38840@foobar.org> <CABNhwV09uiOMG7M5rtktW4S5FeF5DGdDHaaiUD_FES=bHErxMg@mail.gmail.com>
In-Reply-To: <CABNhwV09uiOMG7M5rtktW4S5FeF5DGdDHaaiUD_FES=bHErxMg@mail.gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Mon, 03 Feb 2020 09:11:08 +0900
Message-ID: <CAKD1Yr0hev_Tg1SJbW0VuZBoW0-+F4A9ab0Zrs-A+o2Zx_2-Rg@mail.gmail.com>
Subject: Re: Disabling temporary addresses by default?
To: Gyan Mishra <hayabusagsm@gmail.com>
Cc: Nick Hilliard <nick@foobar.org>, 6man WG <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000488816059da0c345"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hA74RdKkWCAwW3B4ufWuctJMlo0>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 00:11:23 -0000

On Fri, Jan 31, 2020 at 1:52 AM Gyan Mishra <hayabusagsm@gmail.com> wrote:

> Lorenzo Colitti wrote on 29/01/2020 11:13:
>> > But don't enterprises care about not leaking the habits of their
>> employees?
>>
>> This is only a problem in SLAAC environments where privacy addresses are
>> turned off.  In DHCP environments, the network operator can change
>> endpoint addresses by policy if this is what they want to do.
>>
>
>    Gyan> Enterprises fall into a totally different camp altogether as far
> as “employee” privacy as that is non existent as all traffic is monitored
> to be business related traffic to the extent of web content blocking which
> most all companies implement.   The use of temporary addresses does not
> make sense for enterprises to employ as operations stability and 99.99999%
> available and MTTR( mean time to recovery) is of utmost importance.  By
> disabling the temporary address - simplified the enterprise network
> troubleshooting tremendously as only a single “stable” random address
> exists at all times.  As far as temporary address and “long lived”
> connections for enterprise business critical applications that can all be
> solved by disabling the temporary address..
>

I'm not talking about surveillance by the company. I'm talking about
surveillance externally. Think: it's not that hard to an employee's IP
address (e.g., send them an image in an email, call them using a p2p
application like skype, etc. etc.) If that IP address lives forever then
anyone who has that IP address could see if that employee went to their
website, would know what their browsing habits are, could serve them
tailored content, could attempt to mount attacks on that IP address, etc.
etc. If I were a corp IT admin I wouldn't want to be in a situation where
someone can publish all the IP addresses permanently used by my employees,
including the CEO, the CIO, all the VPs, etc.

v2.23.0 | Report a Bug | By Email