IETF Logo Mail Archive

Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>

Lorenzo Colitti <lorenzo@google.com> Sat, 14 May 2016 03:29 UTC

Return-Path: <lorenzo@google.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1F7A12B053 for <ipv6@ietfa.amsl.com>; Fri, 13 May 2016 20:29:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3HBXJkFXLehQ for <ipv6@ietfa.amsl.com>; Fri, 13 May 2016 20:29:32 -0700 (PDT)
Received: from mail-yw0-x22f.google.com (mail-yw0-x22f.google.com [IPv6:2607:f8b0:4002:c05::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1980212B02B for <ipv6@ietf.org>; Fri, 13 May 2016 20:29:32 -0700 (PDT)
Received: by mail-yw0-x22f.google.com with SMTP id o66so135199048ywc.3 for <ipv6@ietf.org>; Fri, 13 May 2016 20:29:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UvW6xsARcJGCC/ABTIppTgghv6Lpe8ubdQ5GVgdWoLg=; b=M+QsO5LzKUtxiHq3b0Uj8hmKi8nUJKow9qImLOUzEDIugmb4rxnOG0a9Z/bzq3aata 37+gapGsqOEm3z+ek5hm7R+IwVXnnOd3TJQVjPiOhPUI/g7p1f+dfJESp3ddQAzFp+p7 tGx23dX+QZIX9B09517Y3mfUsB36PdjwWGq2JBkt7dPodihiCDmbwTy5UfiCxk/Klzja 86idqQM7t4tLUg4weN2ibrPTdyXpOnp8ZSdunjO3Kw1Y5dUDWp8+ykAujjj0fFeovBSM U48WV3lOua3TohzrWDa4PXL+mkvo2WYKwpmuB2T5UDgxJ0GLXuhyR4u7s3FBH3cuISXJ 61JQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UvW6xsARcJGCC/ABTIppTgghv6Lpe8ubdQ5GVgdWoLg=; b=W6suxgFVOZ67sGyppJyDSN9ZIMry9erbbClJw5q0Mr1GZTtIcbcEBdAEG16Ar7/biD lZ6AUuBP49PtMGywKfLTq619XZB9lGh1rpgDMkHvuXb6Gndnq9GuXjvJjYmZ9pU0FRNU Q5ugsOyqJo7zw0dNGTmFI8ER0ZgS/cFXyRK7pS88TBEGo99M6DLLlvCJz/J+9UhKxOKp yXsEqouWRlRCJgR0jXeO920Q6eHrtsvR4qEAhzi0xmzmO/CIEHK8IPHIikowYTmkUezi BzHP6qC00tBZJVbIRxL0g+cWLLzomisJa2bfR+FN9LyqFKz0MbAlUHdCt8U70SNLzWGw 05Xg==
X-Gm-Message-State: AOPr4FVzfJCFOz12cb2W0CdLT3chsh2uudpUNJ0lZJrz7nXWSUNC7UZGCt9N9HGN9PpP5cQPX4ybZOOd4PEEUK7C
X-Received: by 10.13.220.69 with SMTP id f66mr10317991ywe.132.1463196571174; Fri, 13 May 2016 20:29:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.198.68 with HTTP; Fri, 13 May 2016 20:29:11 -0700 (PDT)
In-Reply-To: <663debf7-cfba-b19b-92ef-89cc66b452d8@gmail.com>
References: <20160428004904.25189.43047.idtracker@ietfa.amsl.com> <89CA2C18-AE61-4D40-8997-221201835944@gmail.com> <6f2edbbc-d208-03a0-3c33-503a05c0bee8@gmail.com> <CAKD1Yr1So_tFFSr=sk8ew-UJG-dWK=U6N9mwJnwkZdNX=__SVQ@mail.gmail.com> <11cf3f90-e693-a640-a372-f419a8f7a1a0@gmail.com> <CAKD1Yr0OPuSmp-OWG-+ZjDsHucQYTG2PMZw7jdiU=4kQqK+tyQ@mail.gmail.com> <663debf7-cfba-b19b-92ef-89cc66b452d8@gmail.com>
From: Lorenzo Colitti <lorenzo@google.com>
Date: Sat, 14 May 2016 12:29:11 +0900
Message-ID: <CAKD1Yr2Km2A6XO8nvNv31Ti_Rr2j4gse1KLadJPcrgFMKyzszw@mail.gmail.com>
Subject: Re: 6man w.g. last call for <draft-ietf-6man-default-iids-11.txt>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c0815c8dd1ea00532c4ffe5"
Archived-At: <http://mailarchive.ietf.org/arch/msg/ipv6/zSSo32AobSD9gQsNVJOwChDutpk>
Cc: IETF IPv6 Mailing List <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2016 03:29:34 -0000

On Sat, May 14, 2016 at 12:00 PM, Brian E Carpenter <
brian.e.carpenter@gmail.com> wrote:

> Because if someone is trying to correlate different types of my traffic,
> let's say something sent over IPX and something sent over IPv6, the task
> will be made easier if the lower 48 bits are the same in both types of
> traffic. (Obviously, someone on-link can use ND to correlate MAC address
> and IP address, so we're talking about someone observing off-link packets.)
>

That seems extremely unlikely to happen in practice, given that the vast
majority of hosts either don't have an IPX stack at all or have it disabled
by default, and embedding a MAC address in a protocol payload is not very
useful so people tend not to do it.

By contrast, here is one weakness that is pretty much mandated by this
draft as written: because addresses have to be stable, any remote attacker
anywhere on the Internet that ever exchanges a packet with that host can
track it every time the host visits the same network, *forever*, with no
recourse. Section 3 point 1.

Either we fix that or we stop asserting that this draft is motivated by
privacy considerations.

v2.23.0 | Report a Bug | By Email