Re: draft-gont-6man-stable-privacy-addresses (was: Re: Meta comment about "3484bis and privacy addresses")

Jong-Hyouk Lee <jonghyouk@gmail.com> Tue, 27 March 2012 15:25 UTC

Return-Path: <jonghyouk@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14F8221E801F for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 08:25:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yBDX9fd-MdpC for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 08:25:12 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 19DD221F8618 for <ipv6@ietf.org>; Tue, 27 Mar 2012 08:25:11 -0700 (PDT)
Received: by yenm5 with SMTP id m5so8826yen.31 for <ipv6@ietf.org>; Tue, 27 Mar 2012 08:25:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=oqSnkNzS+ji+TddTOZPGHh0zoLAVRpVZkal1ITnUC50=; b=l0Xt+Y8gfHa1mdYRovMVCZEotMRkXt6QB46RczQlewH3QMJU7pu9C74aLeim92fOLd FKHMaogf/6tYTl+T4HYpcdrYOFQ3jOcRoOyoe2exqPUWTqXJXkiWX45xnRpBVOIT1TIT OClmpsHAG9whaekiI3utjj7J0OmV0sKzq62j+gMpO7fUmvLjIi/6ofWeuGCGrYiPGPat Ihfw71KQ9Ja9Nt8N8gBoTtNBVrmzo56vVCEHKEshPdlZN4LHbSbijBbzr9NXYtMrGxrP Krdzjsbs2lLXWWthCSl/t6DXnwN9avLKqTwwKIbG2l20Vdau1A0f9m/1Jkjk54x6j7xt oPtw==
MIME-Version: 1.0
Received: by 10.50.45.202 with SMTP id p10mr8873409igm.52.1332861910365; Tue, 27 Mar 2012 08:25:10 -0700 (PDT)
Received: by 10.64.30.200 with HTTP; Tue, 27 Mar 2012 08:25:10 -0700 (PDT)
In-Reply-To: <4F71D5DE.1050900@si6networks.com>
References: <4F71B938.7030300@si6networks.com> <CAAVMDnUNZ5GGc08WY+AMr2QuxksyRjw+D-GL6qcw-L-v0w+nkQ@mail.gmail.com> <4F71D5DE.1050900@si6networks.com>
Date: Tue, 27 Mar 2012 17:25:10 +0200
Message-ID: <CAB2CD_Xoo_WuuJqLKBJPqJ9CJMk2GPFsMkP7obg2o7A35SiC3w@mail.gmail.com>
Subject: Re: draft-gont-6man-stable-privacy-addresses (was: Re: Meta comment about "3484bis and privacy addresses")
From: Jong-Hyouk Lee <jonghyouk@gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Content-Type: multipart/alternative; boundary=14dae9340605b3b8bf04bc3b18fb
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 15:25:14 -0000

Dear all

I'm working on ETSI and ISO standardization for ITS (vehicular
communication) where location privacy at the IPv6 layer is one of big
concerns. From the viewpoint of IPv6 ITS communication, we definitely need
to preserve location privacy. Accordingly, I strongly support the method
described in this document even if the document should be improved.

Cheers.

On Tue, Mar 27, 2012 at 4:59 PM, Fernando Gont <fgont@si6networks.com>wrote;wrote:

> On 03/27/2012 04:44 PM, Dominik Elsbroek wrote:
> > since I got confused on the discussion in the plenary this morning: I
> > think we have to consider that having a temporary address like defined
> > in RFC 4941 does not prevent from or even mitigates the scanning
> > problem mentioned this morning in discussion.
>
> Exactly. That's why we need stable privacy-enhanced addresses regardless
> of whether one implements RFC 4941.
>
>
> > Scanning MAC-address
> > derived addresses on hosts using privacy extension keeps possible and
> > feasible since the privacy address is only an additional address. The
> > address derived by the MAC address is still reachable and a valid
> > address (like a have just tested on my macbook just to be sure). Thus
> > it is still possible to scan an IPv6 network by iterating over the
> > changing 24 bits.
>
> Agreed.
>
>
> > So I don't agree with the sentence: "Clearly, temporary addresses can
> > help reduce the attack exposure   window, since the lifetime of each
> > IPv6 address is reduced when compared to that of addresses generated
> > with the method specified in this document." in
> > draft-gont-6man-stable-privacy-addresses-00.txt.
>
> What I meant is that if the attacker knows the host adresess, then
> attack exposure is a bit reduced for the temporary addresses, simply
> because their lifetime is shorter. But yes, this "reduced exposure" is
> really debatable. The lifetime of temporary addresses is usually long
> enough that, in practice, they don't really reduce exposure.
>
> I will try to fix this in the next rev. (thanks for pointing this out!)
>
>
>
>
> > The only goal achieved by using a temporary address (_and_ using it)
> > is privacy in that way, a website, or any other third party service,
> > cannot track a user also in case of prefix changes.
>
> Well, draft-gont-6man-stable-privacy-addresses addresses this point,
> without the management burden usually implied by temporary addresses.
>
> Temporary addresses could, in some sense, prevent correlation of
> different activities of the same node from the same network... but
> unless you use an insanely short lifetime, the lifetime is long enough
> that these addresses do not prevent much of this possible "correlation".
>
>
> > In my opinion
> > there is no security related reason to use privacy extension.
>
> So far, there is/was, because we didn't/don't have yet standardized
> stable privacy addresses...
>
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fgont@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>



-- 
RSM Department, TELECOM Bretagne, France
Jong-Hyouk Lee, living somewhere between /dev/null and /dev/random

#email: jonghyouk (at) gmail (dot) com
#webpage: http://sites.google.com/site/hurryon/