IETF Logo Mail Archive

Re: Address privacy

Fernando Gont <fgont@si6networks.com> Tue, 28 January 2020 22:09 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4026D12013C for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 14:09:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dgttZ_kKtstc for <ipv6@ietfa.amsl.com>; Tue, 28 Jan 2020 14:09:11 -0800 (PST)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB61A12021C for <ipv6@ietf.org>; Tue, 28 Jan 2020 14:09:10 -0800 (PST)
Received: from [192.168.100.103] (unknown [186.183.48.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 4BAE186BA0; Tue, 28 Jan 2020 23:09:03 +0100 (CET)
Subject: Re: Address privacy
To: otroan@employees.org, Tom Herbert <tom@herbertland.com>
Cc: Nick Hilliard <nick@foobar.org>, 6man WG <ipv6@ietf.org>
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net> <CAO42Z2zXwVnzemRqyqy78czpHjZm0nhkCJgVrx=-fmt+C6MnSA@mail.gmail.com> <1962.1579823388@localhost> <f83ab037-9125-bb74-dbac-68850aeb1020@huitema.net> <CBB23ABE-A7A3-4208-873C-E47EE063E34B@fugue.com> <11855.1579980079@localhost> <CALx6S36V_VjaxhELYcsgDYLWsCkj20p6gtiY9T9Q=9-9Oibyjw@mail.gmail.com> <32626.1580060558@localhost> <CALx6S37prWACD0jv9c-XHD-JtPqZAcgeT2Ax0EZHkiQaDR4t=g@mail.gmail.com> <419b7c7a-e364-7951-5a44-6c39e1da65fb@joelhalpern.com> <CALx6S36802oDaEgojAPq2c6hM_s1BayidXPh1Sc6RZmZa9UHpQ@mail.gmail.com> <6c5ba72d-9289-90ba-a1c9-2307ed29a4da@foobar.org> <a98bf2ab-32e7-459b-14d2-5e0e1c65a229@si6networks.com> <CALx6S36J5TPnXJQyMW2NUbQV6KL_oqUQ01m+BEzBJ+xcHpmQWw@mail.gmail.com> <d763dc26-57bb-c67d-f727-617a6b52d813@foobar.org> <CALx6S36DsttXx-7UWL=iZkGuKG_yNKdADFB5zo87wu2coz8HcQ@mail.gmail.com> <C6E767BC-BB0F-4B47-8DEB-CD04A6EF7D8C@employees.org>
From: Fernando Gont <fgont@si6networks.com>
Message-ID: <9f474839-7e6d-59c6-1941-ebeca5825dab@si6networks.com>
Date: Tue, 28 Jan 2020 18:24:04 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <C6E767BC-BB0F-4B47-8DEB-CD04A6EF7D8C@employees.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/lsnH4VH36D_2yb9xiCBSSRAzPBw>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 22:09:17 -0000

On 28/1/20 17:09, otroan@employees.org wrote:
> Tom,
> 
>> The problem isn't in identification for apps, it's that the fact that
>> the logs created by the app correlate user identity with an IP
>> address. Given that correlation, the log could conceivably be used to
>> identify participants in completely unrelated communications. Using IP
>> addresses to identify individuals involved in communications does
>> happen, there are a number of instances noted on the web particularly
>> in law enforcement.
> 
> is your concern about correlation done by a man in the middle?
> or is it the end-points? The operators of those end-points have built an enormous marketplace to trade this information behind your back. temporary addresses will not help against surveillance capitalism.

Like everything, given enough capacity/budget, you're always toast.

The fact that a mitigation does not work for more powerful actors 
doesn't mean that it's not worth doing.

If temporary addresses limit, to some extent, correlation, they are 
doing their thing. Whether that's perfect or far from perfect is a 
different thing.



> Temporary addresses doesn't in it's default setting solve the problem of correlation either.
> Or should users ensure that they used services that shouldn't be correlated on different days? ;-)
> And ensure that they never tainted an address by using it for authentication somewhere.

Indeed. Temporary addresses are sort of a middle-ground between stable 
addresses, and one-address-per-flow.


> 7217 iids and temporary addresses have the same privacy properties, if you look in table 1 in 7721.
> separated by the address lifetime.
> 
> A natural consequence of this is that to protect against correlation at layer 3 (all the other tracking would still happen) you need a new address per connection. with a lifetime equal to the connection lifetime.

Indeed. Please see above.


> The network's response to that is likely to assign a static /64 to each host. So now, you can correlate on the prefix instead.

That depends on the scenario. For small/medium sized networks, they may 
employ a flat /64 for all, in which case temporary addresses do their thing.

In other networks, they may employ a different strategy. One size 
doesn't need to fit all.


> “Addressing can follow topology or topology can follow addressing; choose one” – Y. Rekhter

Indeed, the bits you get to play with are the ones that are *not* 
topology-dependent. When you do play with the topology-dependent bits, 
that's when things become much more complex.


-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

v2.23.0 | Report a Bug | By Email