IETF Logo Mail Archive

RE: draft-gont-6man-managing-privacy-extensions-00.txt

"Dan Wing" <dwing@cisco.com> Thu, 10 March 2011 07:32 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5E093A68C6 for <ipv6@core3.amsl.com>; Wed, 9 Mar 2011 23:32:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.567
X-Spam-Level:
X-Spam-Status: No, score=-110.567 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LAoBFM2LDfyJ for <ipv6@core3.amsl.com>; Wed, 9 Mar 2011 23:32:57 -0800 (PST)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id 1B8CB3A67EF for <ipv6@ietf.org>; Wed, 9 Mar 2011 23:32:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2744; q=dns/txt; s=iport; t=1299742454; x=1300952054; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=l05YFpQacsERsw/XF/Pg8MQi5mnx/5RnUR499r2ZMwk=; b=jb1yEPxm/f/P6h/aSmNhpLl3g4mH5q73XWV1FMG3Q+lNKVfEY0PZJ/ez 9GdoqVeE10Uy4GMiA1bVfvI68vmWdw4ulyNenRp4M9IwDzf1jmvFuO1Kt SxGhkgaVf01YEcVuchc19yabwnRbv/Lfw0zsS2crtts+kubx2dN90ZLtX 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvMAAHwNeE2rR7Hu/2dsb2JhbACYVIFkjEl3pR2cFoViBIUk
X-IronPort-AV: E=Sophos;i="4.62,295,1297036800"; d="scan'208";a="276323958"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-3.cisco.com with ESMTP; 10 Mar 2011 07:34:14 +0000
Received: from dwingWS ([10.32.240.195]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p2A7YEVL014858; Thu, 10 Mar 2011 07:34:14 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Brian E Carpenter' <brian.e.carpenter@gmail.com>, 'Mikael Abrahamsson' <swmike@swm.pp.se>
References: <7111FC5F-BC3F-4242-9C3F-037E79894749@gmail.com> <alpine.DEB.1.10.1103091212570.7942@uplift.swm.pp.se> <4D77CBB9.1080702@gmail.com>
In-Reply-To: <4D77CBB9.1080702@gmail.com>
Subject: RE: draft-gont-6man-managing-privacy-extensions-00.txt
Date: Wed, 09 Mar 2011 23:34:13 -0800
Message-ID: <233b01cbdef5$8e214550$aa63cff0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AcveitPFUMG1lOt6T3KjDCXZ7rdhMQAacyBg
Content-Language: en-us
Cc: ipv6@ietf.org, 'Ran Atkinson' <ran.atkinson@gmail.com>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2011 07:32:58 -0000

> -----Original Message-----
> From: ipv6-bounces@ietf.org [mailto:ipv6-bounces@ietf.org] On Behalf Of
> Brian E Carpenter
> Sent: Wednesday, March 09, 2011 10:49 AM
> To: Mikael Abrahamsson
> Cc: ipv6@ietf.org; Ran Atkinson
> Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt
> 
> On 2011-03-10 00:17, Mikael Abrahamsson wrote:
> > On Wed, 9 Mar 2011, Ran Atkinson wrote:
> >
> >>
> >> <http://www.ietf.org/internet-drafts/draft-gont-6man-managing-
> privacy-extensions-00.txt>
> >>
> >>
> >> I recommend that folks read the above draft.  I haven't seen the
> >> I-D announcement get cross-posted to the IPv6 WG, perhaps due to
> >> the volume of recent I-D postings, and the topic seems relevant.
> >
> > I don't think it solves what it thinks it solves, but if this REALLY
> > should be implemented, it's my initial thinking that the H flag
> should
> > be a MUST demand to only have ONE and only one MAC-based IPv6 address
> > according to EUI64. I would appreciate some reasoning in the draft
> why
> > this was chosen as a SHOULD option.
> 
> For the reason I just gave against the disable-private flag: this
> violates the host's right to use an untraceable address.
> 
> It may be that in corporate deployments, that right can be removed.

Nobody wants it removed in corporate deployments, either.  Consider
for a moment an IPv6-enabled telephone, on the desk of a Very 
Important Person at a company, who is calling the CEO of some
Itty Bitty Company.  And then the CEO calls.  Then someone on
the acquisition team calls.  It hardly matters what they're talking 
about -- just seeing that traffic with those IPv6 addresses is
sufficient to decide to buy (or sell) stock in Itty Bitty 
Company.  

We should, instead, look at how a host's privacy address can
be reported and recorded, so the network administrator has all
the necessary ability to determine which host is using which
address now or in the past.  This is easily done -- without 
changing RA.

If we don't have IPv6 privacy addresses, we will also soon
see NAPT66 (with UDP and TCP port rewriting) in order to 
achieve the same result as privacy addresses:  trying to 
obfuscate which host is communicating.

-d


> But removing it for public subscribers would be a political blunder.
> 
>     Brian
> 
> >
> > I do not like the "disable Privacy"-flag thinking at all and I really
> > oppose going with that solution.
> >
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email