IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Alissa Cooper <alissa@cooperw.in> Mon, 16 May 2016 17:29 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A46612D889 for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 10:29:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cooperw.in header.b=jV4osRaG; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=ZLuAImgK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y3JLFsBr-4f5 for <ipv6@ietfa.amsl.com>; Mon, 16 May 2016 10:29:19 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4084512D887 for <ipv6@ietf.org>; Mon, 16 May 2016 10:29:19 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A117B219E0 for <ipv6@ietf.org>; Mon, 16 May 2016 13:29:18 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 16 May 2016 13:29:18 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=ZL8wR M/qXV19M7tbn+s3Be6WTEE=; b=jV4osRaGOtf5zuEmKOkJ3J6IvVr0JaRZxhlmc 6ixXTkvrf3fzWKIz3HAakOFGaimX/NSeAPdsj4w+PcumBcC9DCOti9+Fe6vGNCEv joHKzB5idl1S9vCtKPaY3Oq0VuprTvyAZwLDiyl/Xk4/eZA8f+RBHkm9V0ApaLBH KftQSQ=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=ZL8wRM/qXV19M7tbn+s3Be6WTEE=; b=ZLuAI mgKaApcFY1MlYlrqR1Z++H1Uns9Ywa21MMX1QDyaEawYB42PyVJJceXaTI7VS4cI OgRsqHq5Mba6ni522XNbxnCBpKXKIKkIpjERZ81S5ut/cmx5TvirTtkGbiKgL/3X HraIVqQVgkRQq8kgVO5+ofWZqBoToQ4f2/SXR8=
X-Sasl-enc: nL4D3U7JeL0C2HBFoOwEA2qFsaifCNaN2WsmgP05vH1E 1463419758
Received: from dhcp-171-68-20-133.cisco.com (dhcp-171-68-20-133.cisco.com [171.68.20.133]) by mail.messagingengine.com (Postfix) with ESMTPA id 0E702C00012; Mon, 16 May 2016 13:29:17 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_8310E8CF-D506-4445-B02F-9093C490F29C"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CAKD1Yr2Km2A6XO8nvNv31Ti_Rr2j4gse1KLadJPcrgFMKyzszw@mail.gmail.com>
Date: Mon, 16 May 2016 10:29:20 -0700
Message-Id: <31E1F934-FEA2-4338-8F2C-04E7302F3170@cooperw.in>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <6f2edbbc-d208-03a0-3c33-503a05c0bee8@gmail.com> <CAKD1Yr1So_tFFSr=sk8ew-UJG-dWK=U6N9mwJnwkZdNX=__SVQ@mail.gmail.com> <11cf3f90-e693-a640-a372-f419a8f7a1a0@gmail.com> <CAKD1Yr0OPuSmp-OWG-+ZjDsHucQYTG2PMZw7jdiU=4kQqK+tyQ@mail.gmail.com> <663debf7-cfba-b19b-92ef-89cc66b452d8@gmail.com> <CAKD1Yr2Km2A6XO8nvNv31Ti_Rr2j4gse1KLadJPcrgFMKyzszw@mail.gmail.com>
To: Lorenzo Colitti <lorenzo@google.com>
X-Mailer: Apple Mail (2.3124)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/oYnK14_v-3qTe-D3_xJeeg7fRL8>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 17:29:21 -0000

Hi Lorenzo,

> On May 13, 2016, at 8:29 PM, Lorenzo Colitti <lorenzo@google.com> wrote:
> 
> On Sat, May 14, 2016 at 12:00 PM, Brian E Carpenter <brian.e.carpenter@gmail.com <mailto:brian.e.carpenter@gmail.com>> wrote:
> Because if someone is trying to correlate different types of my traffic,
> let's say something sent over IPX and something sent over IPv6, the task
> will be made easier if the lower 48 bits are the same in both types of
> traffic. (Obviously, someone on-link can use ND to correlate MAC address
> and IP address, so we're talking about someone observing off-link packets.)
> 
> That seems extremely unlikely to happen in practice, given that the vast majority of hosts either don't have an IPX stack at all or have it disabled by default, and embedding a MAC address in a protocol payload is not very useful so people tend not to do it.
> 
> By contrast, here is one weakness that is pretty much mandated by this draft as written: because addresses have to be stable,

The draft does not require addresses to be stable. It changes the recommendations about how to generate an address in cases where a stable address was desired anyway.

> any remote attacker anywhere on the Internet that ever exchanges a packet with that host can track it every time the host visits the same network, *forever*, with no recourse. Section 3 point 1.
> 
> Either we fix that or we stop asserting that this draft is motivated by privacy considerations.

I would frankly be thrilled if we could get away from stable addresses altogether. But I’m skeptical about the feasibility of achieving consensus around that at present. Defining the approach in this draft in the meantime is certainly motivated by consideration for privacy improvement for me, even if that improvement is incremental.

Alissa

> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email