IETF Logo Mail Archive

Re: Address privacy

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 30 January 2020 18:00 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E50101207FC for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 10:00:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.435
X-Spam-Level: *
X-Spam-Status: No, score=1.435 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p6Cm9VRJ1TY5 for <ipv6@ietfa.amsl.com>; Thu, 30 Jan 2020 10:00:12 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [IPv6:2a01:7e00::f03c:91ff:feae:de77]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B473F120800 for <ipv6@ietf.org>; Thu, 30 Jan 2020 10:00:12 -0800 (PST)
Received: from dooku.sandelman.ca (CPE788a207f397a-CMbc4dfb96bb50.cpe.net.cable.rogers.com [174.116.121.43]) by relay.sandelman.ca (Postfix) with ESMTPS id 45C2E1F45B for <ipv6@ietf.org>; Thu, 30 Jan 2020 18:00:11 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 35A1A1A3739; Thu, 30 Jan 2020 13:00:10 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: 6man WG <ipv6@ietf.org>
Subject: Re: Address privacy
In-reply-to: <CAD6AjGTDPAM_FjMODUDAdeZthMD78vCydQNYLTFCVwyK5JnYmg@mail.gmail.com>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <32626.1580060558@localhost> <CALx6S37prWACD0jv9c-XHD-JtPqZAcgeT2Ax0EZHkiQaDR4t=g@mail.gmail.com> <419b7c7a-e364-7951-5a44-6c39e1da65fb@joelhalpern.com> <CALx6S36802oDaEgojAPq2c6hM_s1BayidXPh1Sc6RZmZa9UHpQ@mail.gmail.com> <6c5ba72d-9289-90ba-a1c9-2307ed29a4da@foobar.org> <a98bf2ab-32e7-459b-14d2-5e0e1c65a229@si6networks.com> <CALx6S36J5TPnXJQyMW2NUbQV6KL_oqUQ01m+BEzBJ+xcHpmQWw@mail.gmail.com> <bc 0d1eb8-2301-224d-dc33-19f6a60e593e@si6networks.com> <CALx6S34i67ivt8t1P3omRVzsj9NfxY2t41JLjmjT6X0vtBQHKQ@mail.gmail.com> <CAD6AjGTDPAM_FjMODUDAdeZthMD78vCydQNYLTFCVwyK5JnYmg@mail.gmail.com>
Comments: In-reply-to Ca By <cb.list6@gmail.com> message dated "Tue, 28 Jan 2020 12:13:46 -0800."
X-Mailer: MH-E 8.6; nmh 1.7.1-RC3; GNU Emacs 25.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 30 Jan 2020 13:00:10 -0500
Message-ID: <28618.1580407210@dooku>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/hz7Hfy-Hd-Gi6wwBnI4sGrc-068>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Jan 2020 18:00:14 -0000

Ca By <cb.list6@gmail.com> wrote:
    >> The rationale for temporary addresses may be obvious, but I don't believe
    >> anyone has yet quantified the effects. For instance, RFC4941 is thirteen
    >> years old, is there any evidence that it has materially improved anyone's
    >> privacy? (I'm not being cynical, but I think it's a fair question).
    >> 

    > Anecdotally, i would say unequivocally yes at a large scale eyeballs
    > network, random iid has materially improved security of the host. 
    > The
    > inability to do network scanning is huge.

This feels like an anecdotal observation.

Have you been able to quantify the difference in script-kiddie/scanning
attacks over the years?    A graph of ND traffic from the router out
would probably be one way to measure this.

The IETF NOC struggled with arp-exhaustion due to scanners, but then got
solutions in the APs/routers for IPv4, which I think worked eventually for
IPv6.   But, do we get any data on this?

Did anyone actually try to scan IPv6 subnets before privacy addresses?
My IPv4/28 is continously being probed, but I rately see any IPv6 scan
traffic.

-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email