IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Tom Herbert <tom@herbertland.com> Fri, 22 February 2019 00:19 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80A7F130E0A for <ipv6@ietfa.amsl.com>; Thu, 21 Feb 2019 16:19:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ymn9nMWbxslQ for <ipv6@ietfa.amsl.com>; Thu, 21 Feb 2019 16:19:08 -0800 (PST)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAF51130EB0 for <6man@ietf.org>; Thu, 21 Feb 2019 16:19:07 -0800 (PST)
Received: by mail-qk1-x734.google.com with SMTP id r21so158507qkl.11 for <6man@ietf.org>; Thu, 21 Feb 2019 16:19:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0FDTlPVQy2wACCRouuF2wP6EhpFKaceVd+hCL5frmQM=; b=v2/BNW8K3AZ/zPc67MUwYQKJQATIroSKTd6zn5rDy0gqYZyNqtfkI5FD/h9ThjD0Yu Ks5tTcOqByjXIwBLz6RYsEwZ/F0tMSj+08AxyfxI+xxswDqAqoVxYUqFEW9sVIQn9Vez UPhFnPf+5EAFPGLbHNVEJ5c8/5YRxQYQ4vMyWgb0XgLtYp6+SPIzRUjrAGHUT+Ma5XB2 lS1LVGBBuU+EqOPFMsKImwmwjTUColxQKA177HJFad9HxiTsiJZGHkxUMX0XNErGgi58 o9FZqWuMnBafxdJfp8n6xgBcZaL/NCRkWpyufv+b5y5ZpJMyHjiSUpHwT2WIT3PWIGra Tjpg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0FDTlPVQy2wACCRouuF2wP6EhpFKaceVd+hCL5frmQM=; b=pO5uONa74QY5TvRZotPjGz9tpudIljVeID8C93KShOVMAGkM++XdGUtyYXX7ypLMqz I17bmzPPPGwtoDHnPX49S4OPCLIPXEKEfKs1+SRzuy9tuHs5UJEn1DpoaRER2psXzscO 3i0unYNRNR3fF8lHa6dvZyUji3unu4fR3eGuai5gyOEQ1srqHnWdsmckDIxFk/vzqA3X ayHbVWi4RbOVNZZMuxlQRj4DX1FGGNgp/aAHk39ejhiBz44m7xR1qXpZNyCPhg363a1u f48E/VacWMr82qgO+IqE1MdB4RMKtuiTwZ8vndCdyTvzdcuijnmomydn2zqt25BEk97U B9uQ==
X-Gm-Message-State: AHQUAuazlhHsr36/YsojQ+6JzRuchGQCwcPwiW6O0hWhY0sFIWPupFYX L/r0eWAPK6jN5/LBI/7/KB0cQbknB6KHJ6AFwilLpQ==
X-Google-Smtp-Source: AHgI3IZJuvdMCjiKyrFcW/xGhh36q8MxL0PIQAHiL6FAEDoCPfwhQaIkYI2ws4vVMiI7Kfy50BxRUjIoZ3AT9fkHCCU=
X-Received: by 2002:a37:a147:: with SMTP id k68mr997982qke.190.1550794746616; Thu, 21 Feb 2019 16:19:06 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <D1BACB13-1C00-4E23-A8BC-A669BFE73559@delong.com>
In-Reply-To: <D1BACB13-1C00-4E23-A8BC-A669BFE73559@delong.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 21 Feb 2019 16:18:55 -0800
Message-ID: <CALx6S37Ya0cRmh-KgOsc+CVJrvV8tbS8pMmzavcYcFTy3UYo6A@mail.gmail.com>
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
To: Owen DeLong <owen@delong.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/qri-TePKVvZzTwip0MOCa8DO91A>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 00:19:10 -0000

On Thu, Feb 21, 2019 at 3:49 PM Owen DeLong <owen@delong.com> wrote:
>
>
> Mark,
>
> I agreee with that with one exception. I believe that NAT/IPv4 can
> offer better privacy in addressing than IPv6 given current addess
> allocation methods.
>
>
> Huh? Random 64 bit numbers are less private than semi-opaque translation of 32 bit numbers?
>
> In today’s world (where CGN is fortunately still mostly the exception rather than the rule), the
> 32 bit public number (mostly) identifies the household on a transient basis.
>
Owen,

Privacy in CGN effectively if the device lives behind a NAT with
thousands of user. So if the an external external third party observes
two different flows that share the same NAT address, then the observer
can not infer that the two flows are sourced form the same device or
user.

Tom

> In IPv6, the 64 bit prefix (or 60 or 56 or ideally 48) similarly identifies the household, though it
> might be somewhat less transient than the IPv4 32 bit number. I’ve been using the same cable
> company for transport of my GRE tunnels that provide my real connectivity for about 10 years
> now. In that time, I’ve had roughly 4 address changes.
>
> Now, the rate of change there isn’t particularly relevant to my privacy (mostly it’s just a rare
> nuisance), but I think it probably isn’t an uncommon indicator of IPv4 address stability for
> people remaining on the same network.
>
> I’d say there’s not much privacy in a 32 bit space that remains persistent for more than a year.
> I’d argue that even if it takes 10 years to cycle an IPv6 prefix on a subscriber, you’ve still got
> roughly the same privacy model there at the household prefix level.
>
> On the host level, assuming that the hosts are using RFC4941, RFC7217, or RFC7943
> (which most hosts use by default these days), then I think that the host portion in IPv6
> is significantly more private than anything one gains from IPv4 NAT even though one does
> not need to sacrifice the peer-to-peer nature of the internet in order to use them (as is the
> case with IPv4 NAT).
>
> Owen
>

v2.23.0 | Report a Bug | By Email