IETF Logo Mail Archive

Re: 3484bis and privacy addresses

Ray Hunter <Ray.Hunter@globis.net> Tue, 27 March 2012 17:00 UTC

Return-Path: <Ray.Hunter@globis.net>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83AC621E8048 for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 10:00:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mTI6D73tSBSa for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 10:00:15 -0700 (PDT)
Received: from globis01.globis.net (RayH-1-pt.tunnel.tserv11.ams1.ipv6.he.net [IPv6:2001:470:1f14:62e::2]) by ietfa.amsl.com (Postfix) with ESMTP id 2DB2B21E8222 for <ipv6@ietf.org>; Tue, 27 Mar 2012 10:00:15 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by globis01.globis.net (Postfix) with ESMTP id D57BA8700DB; Tue, 27 Mar 2012 19:00:12 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at globis01.globis.net
Received: from globis01.globis.net ([127.0.0.1]) by localhost (mail.globis.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6yzMArS6PMZf; Tue, 27 Mar 2012 19:00:07 +0200 (CEST)
Received: from Rays-iMac.local (unknown [192.168.0.3]) (Authenticated sender: Ray.Hunter@globis.net) by globis01.globis.net (Postfix) with ESMTPA id 1971A8700B7; Tue, 27 Mar 2012 19:00:07 +0200 (CEST)
Message-ID: <4F71F217.7000209@globis.net>
Date: Tue, 27 Mar 2012 19:00:07 +0200
From: Ray Hunter <Ray.Hunter@globis.net>
User-Agent: Postbox Express 1.0.1 (Macintosh/20100705)
MIME-Version: 1.0
To: Brian Haberman <brian@innovationslab.net>
Subject: Re: 3484bis and privacy addresses
References: <4F716D5C.40402@innovationslab.net>
In-Reply-To: <4F716D5C.40402@innovationslab.net>
Content-Type: multipart/mixed; boundary="------------040303040402070009020405"
X-Mailman-Approved-At: Tue, 27 Mar 2012 10:23:53 -0700
Cc: ipv6@ietf.org
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 17:00:16 -0000

 From the corporate World: option A as default, with local user 
controlled option to override.

RFC3484 (which references RFC3041) "Temporary addresses" are a menace to 
fault finding, audit, logging, firewall rules, filtering, QoS matching, 
conformance: anywhere where an ACL or stable address is used today. Sure 
we shouldn't use fixed/stable IP literals, but we do. And in many cases 
there aren't any practical alternatives in today's products, so the IP 
address is the lowest common denominator used to identify a machine (and 
dare I say even "a user" in some circumstances).

Also not sure if any DHCPv6 server implementations actually provide 
DHCPv6 assigned temporary addresses in practice.

My take on this is that a set of a few hundred individual persons who 
are worried about privacy are more likely to be able to control their 
own particular machines to correctly override the "default off" setting 
than a single corporate network manager is to be able to guarantee 
overriding a "default on" setting on 100% of 10000 machines attached to 
their network.

regards,
RayH

Brian Haberman wrote:
> <div class="moz-text-flowed">All,
>      The chairs would like to get a sense of the working group on 
> changing the current (defined 3484) model of preferring public 
> addresses over privacy addresses during the address selection 
> process.  RFC 3484 prefers public addresses with the ability (MAY) of 
> an implementation to reverse the preference.  The suggestion has been 
> made to reverse that preference in 3484bis (prefer privacy addresses 
> over public ones). Regardless, the document will allow 
> implementers/users to reverse the default preference.
>
>      Please state your preference for one of the following default 
> options :
>
> A. Prefer public addresses over privacy addresses
>
> B. Prefer privacy addresses over public addresses
>
> Regards,
> Brian, Bob, & Ole
>
> </div> 

-- 
Ray Hunter
Ray.Hunter@globis.net
Globis Consulting BV, Fazantlaan 23, 5613CB Eindhoven NL,
Registered at the KvK, Eindhoven, under number BV 17098279
mobile: +31 620 363864

v2.23.0 | Report a Bug | By Email