draft-gont-6man-stable-privacy-addresses (was: Re: Meta comment about "3484bis and privacy addresses")
Fernando Gont <fgont@si6networks.com> Tue, 27 March 2012 14:59 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE9EC21E8217 for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 07:59:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hzcU8ZUrdH3N for <ipv6@ietfa.amsl.com>; Tue, 27 Mar 2012 07:59:54 -0700 (PDT)
Received: from srv01.bbserve.nl (unknown [IPv6:2a02:27f8:1025:18::232]) by ietfa.amsl.com (Postfix) with ESMTP id 09BD821E81D1 for <ipv6@ietf.org>; Tue, 27 Mar 2012 07:59:54 -0700 (PDT)
Received: from [2001:df8:0:16:1e65:9dff:febe:7f88] by srv01.bbserve.nl with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77) (envelope-from <fgont@si6networks.com>) id 1SCXs9-00042Y-9y; Tue, 27 Mar 2012 16:59:47 +0200
Message-ID: <4F71D5DE.1050900@si6networks.com>
Date: Tue, 27 Mar 2012 16:59:42 +0200
From: Fernando Gont <fgont@si6networks.com>
Organization: SI6 Networks
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.28) Gecko/20120313 Thunderbird/3.1.20
MIME-Version: 1.0
To: Dominik Elsbroek <dominik.elsbroek@gmail.com>
Subject: draft-gont-6man-stable-privacy-addresses (was: Re: Meta comment about "3484bis and privacy addresses")
References: <4F71B938.7030300@si6networks.com> <CAAVMDnUNZ5GGc08WY+AMr2QuxksyRjw+D-GL6qcw-L-v0w+nkQ@mail.gmail.com>
In-Reply-To: <CAAVMDnUNZ5GGc08WY+AMr2QuxksyRjw+D-GL6qcw-L-v0w+nkQ@mail.gmail.com>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2012 14:59:54 -0000
On 03/27/2012 04:44 PM, Dominik Elsbroek wrote: > since I got confused on the discussion in the plenary this morning: I > think we have to consider that having a temporary address like defined > in RFC 4941 does not prevent from or even mitigates the scanning > problem mentioned this morning in discussion. Exactly. That's why we need stable privacy-enhanced addresses regardless of whether one implements RFC 4941. > Scanning MAC-address > derived addresses on hosts using privacy extension keeps possible and > feasible since the privacy address is only an additional address. The > address derived by the MAC address is still reachable and a valid > address (like a have just tested on my macbook just to be sure). Thus > it is still possible to scan an IPv6 network by iterating over the > changing 24 bits. Agreed. > So I don't agree with the sentence: "Clearly, temporary addresses can > help reduce the attack exposure window, since the lifetime of each > IPv6 address is reduced when compared to that of addresses generated > with the method specified in this document." in > draft-gont-6man-stable-privacy-addresses-00.txt. What I meant is that if the attacker knows the host adresess, then attack exposure is a bit reduced for the temporary addresses, simply because their lifetime is shorter. But yes, this "reduced exposure" is really debatable. The lifetime of temporary addresses is usually long enough that, in practice, they don't really reduce exposure. I will try to fix this in the next rev. (thanks for pointing this out!) > The only goal achieved by using a temporary address (_and_ using it) > is privacy in that way, a website, or any other third party service, > cannot track a user also in case of prefix changes. Well, draft-gont-6man-stable-privacy-addresses addresses this point, without the management burden usually implied by temporary addresses. Temporary addresses could, in some sense, prevent correlation of different activities of the same node from the same network... but unless you use an insanely short lifetime, the lifetime is long enough that these addresses do not prevent much of this possible "correlation". > In my opinion > there is no security related reason to use privacy extension. So far, there is/was, because we didn't/don't have yet standardized stable privacy addresses... Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Meta comment about "3484bis and privacy addresses" Fernando Gont
- about security level evaluation of draft-zhou-6ma… zhou.sujing
- Re: about security level evaluation of draft-zhou… Jari Arkko
- Re: Meta comment about "3484bis and privacy addre… Dominik Elsbroek
- 答复: Re: about security level evaluation of draft-… zhou.sujing
- draft-gont-6man-stable-privacy-addresses (was: Re… Fernando Gont
- Re: draft-gont-6man-stable-privacy-addresses (was… Jong-Hyouk Lee
- Re: Meta comment about "3484bis and privacy addre… Brian Haberman
- RE: about security level evaluation of draft-zhou… Christian Huitema
- Re: about security level evaluation of draft-zhou… Jari Arkko
- 答复: RE: about security level evaluation of draft-… zhou.sujing
- RE: RE: about security level evaluation of draft-… Christian Huitema
- 答复: RE: RE: about security level evaluation of dr… zhou.sujing
- RE: RE: RE: about security level evaluation of dr… Christian Huitema