IETF Logo Mail Archive

Re: RFC4941bis: consequences of many addresses for the network

Alexandre Petrescu <alexandre.petrescu@gmail.com> Thu, 23 January 2020 15:11 UTC

Return-Path: <alexandre.petrescu@gmail.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEBA612080B for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 07:11:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.631
X-Spam-Level:
X-Spam-Status: No, score=-2.631 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, NML_ADSP_CUSTOM_MED=0.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yycIVQR4WvKT for <ipv6@ietfa.amsl.com>; Thu, 23 Jan 2020 07:11:14 -0800 (PST)
Received: from oxalide-smtp-out.extra.cea.fr (oxalide-smtp-out.extra.cea.fr [132.168.224.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F1AA1200F1 for <ipv6@ietf.org>; Thu, 23 Jan 2020 07:11:11 -0800 (PST)
Received: from pisaure.intra.cea.fr (pisaure.intra.cea.fr [132.166.88.21]) by oxalide-sys.extra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 00NFB9Z4000434 for <ipv6@ietf.org>; Thu, 23 Jan 2020 16:11:09 +0100
Received: from pisaure.intra.cea.fr (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 5112D2052FB for <ipv6@ietf.org>; Thu, 23 Jan 2020 16:11:09 +0100 (CET)
Received: from muguet1-smtp-out.intra.cea.fr (muguet1-smtp-out.intra.cea.fr [132.166.192.12]) by pisaure.intra.cea.fr (Postfix) with ESMTP id 4B0812052FA for <ipv6@ietf.org>; Thu, 23 Jan 2020 16:11:09 +0100 (CET)
Received: from [10.8.35.150] (is154594.intra.cea.fr [10.8.35.150]) by muguet1-sys.intra.cea.fr (8.14.7/8.14.7/CEAnet-Internet-out-4.0) with ESMTP id 00NFB8j3015557 for <ipv6@ietf.org>; Thu, 23 Jan 2020 16:11:08 +0100
Subject: Re: RFC4941bis: consequences of many addresses for the network
To: ipv6@ietf.org
References: <03C832CE-7282-4320-BF1B-4CB7167FE6BE@employees.org> <MN2PR11MB3565330989D411525D30B90DD80F0@MN2PR11MB3565.namprd11.prod.outlook.com> <80207E17-AE8E-4D19-B516-D2E6AB70721E@employees.org> <8D5610EA-49D3-483E-BB7A-67D67BC89346@jisc.ac.uk> <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net>
From: Alexandre Petrescu <alexandre.petrescu@gmail.com>
Message-ID: <05b10f87-0cfd-76cf-8f6f-9703c1c7beee@gmail.com>
Date: Thu, 23 Jan 2020 16:11:09 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <DE7B0688-230F-4A5C-8E24-9EAED9FD9FEB@puck.nether.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: fr
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/wueeYNfyZjgGxf9vjN3Xf6hwkoQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jan 2020 15:11:16 -0000


Le 23/01/2020 à 14:37, Jared Mauch a écrit :
> 
> 
>> On Jan 23, 2020, at 8:32 AM, Tim Chown <Tim.Chown@jisc.ac.uk>
>> wrote:
>> 
>> The problem statement section in 4941bis is all about user privacy,
>> no mention of operational / management complexity, or other
>> “general problems” that SLAAC has.  It seems there are unstated
>> problems here :)
> 
> 
> I would +1 this here.
> 
> I would also generally question if rotating IPs is a adequate privacy
> protector considering there are other ways to identify users that are
> being (broadly) employed today.
> 
> The complexity that this introduces into networks for operational
> debugging (provider: what’s your IP address so I can debug? User:
> Well here’s the 20 on the host because I have limited lifetime
> privacy addresses, and I don’t know what outbound one it’s using for
> this connection.  Provider: What’s your IP address so I can debug?
> Actually, can you just turn off v6 so I can debug your problem?
> User: sure, I just want it fixed).


I cheer the good effects of GDPR, and now of California law on privacy, 
in that end users can decide how much data about themselves to share or 
not share.

I admit the shortcomings and the bad side effects of Privacy concepts à 
la GDPR:
- when clicking No on homepages I get much less data than if I said Yes.
   In that direction, I might get isolated because I dont tell my
   address.
- some sites dont even bother to ask, they just stop serving because
   they have out-of-band data about my IP address being under the rule of
   law related to GDPR.  That's not  good.

Something unrelated to GDPR, but witness of lack of consideration of 
full picture of Privacy, is the following: the existence of the /64 
boundary makes the attackers' job on privacy easier.

There are possibilities to address each of these issues, and some of 
them might impact what RFC4941 needs.

For example, the problem of Yes/No giving less information, is a problem 
of layers: of course I am a powerful end user, and that is a weak 
Server.  The human intelligence is with me, the AI is with it.  The 
privacy of the two cant be compared- it's not on the same layer. 
'Privacy' is something between two humans on the same layer, not between 
a Human and a Server.

As such, I use something like Diffie-Helmann between me and a peer, and 
the servers something like pre-agreed keys between two servers.

But I cant talk about me hiding from a Server.  I might talk  about me 
hiding from sniffers on the way to server, but it is still me hiding 
form others like me.

I cant get into a bank and cover my face.  I cant drive the car without 
a license plate.  I cant get data from a server without telling who I 
am.  It's the law.  It's almost as the Nature.  Opposing Nature doesnt work.

This Yes/No homepage problem could be solved by a mechanism inspired 
from Diffie-Helman, as long as I accept the results will not be 100% 
satisfying either.  I could use a protocol to replace the Yes/No 
clicking.  That protocol would work like Diffie-Helman automated 
negotiation: I try see some data by revealing just a bit of me, then the 
server replies 'maybe', then I reveal a bit more, and so on.  A gradual 
escalation-deescalation, which would allow settling somewhere in a 
middle.  And without 1000 clicks.

I am sure http designers already thought about it.  I guess http already 
has a need of IP addresses and privacy.  Is http in line with RFC4941bis?

Still, it would still be me vs a server, and not me vs a me like me.  It 
means that the questions the Server poses would be too generic (how old 
are you, etc.) such as to accommodate a large number of people like me; 
that is where I might get bored first.

Maybe then another human should be in the loop, behind the server.  Then 
the whole Privacy and IP addressing would be different again.

S/he knows my address but I also know hers (his) - so there is no 
danger.  That's how privacy is respected.

You cant try to respect Privacy if you accept from a start that it's not 
on the same layer (human vs Server).

Alex

> 
> - Jared
> 
> -------------------------------------------------------------------- 
> IETF IPv6 working group mailing list ipv6@ietf.org Administrative
> Requests: https://www.ietf.org/mailman/listinfo/ipv6 
> --------------------------------------------------------------------
>

v2.23.0 | Report a Bug | By Email