RE: 3484bis and privacy addresses

Dave Thaler <dthaler@microsoft.com> Tue, 10 April 2012 00:08 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 277D321F8758 for <ipv6@ietfa.amsl.com>; Mon, 9 Apr 2012 17:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.659
X-Spam-Level:
X-Spam-Status: No, score=-103.659 tagged_above=-999 required=5 tests=[AWL=-0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5rgzwRmROwY for <ipv6@ietfa.amsl.com>; Mon, 9 Apr 2012 17:08:50 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 79E2121F8757 for <ipv6@ietf.org>; Mon, 9 Apr 2012 17:08:50 -0700 (PDT)
Received: from mail105-va3-R.bigfish.com (10.7.14.246) by VA3EHSOBE008.bigfish.com (10.7.40.28) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Apr 2012 00:08:49 +0000
Received: from mail105-va3 (localhost [127.0.0.1]) by mail105-va3-R.bigfish.com (Postfix) with ESMTP id 2F1D5A04AD; Tue, 10 Apr 2012 00:08:49 +0000 (UTC)
X-SpamScore: -12
X-BigFish: VS-12(zz936eK1432N98dKzz1202hzzz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail105-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dthaler@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail105-va3 (localhost.localdomain [127.0.0.1]) by mail105-va3 (MessageSwitch) id 1334016526628864_22868; Tue, 10 Apr 2012 00:08:46 +0000 (UTC)
Received: from VA3EHSMHS017.bigfish.com (unknown [10.7.14.250]) by mail105-va3.bigfish.com (Postfix) with ESMTP id 94118260071; Tue, 10 Apr 2012 00:08:46 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS017.bigfish.com (10.7.99.27) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Apr 2012 00:08:46 +0000
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC106.redmond.corp.microsoft.com (157.54.80.61) with Microsoft SMTP Server (TLS) id 14.2.283.4; Tue, 10 Apr 2012 00:08:45 +0000
Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) with Microsoft SMTP Server (TLS) id 14.2.283.4; Mon, 9 Apr 2012 17:08:45 -0700
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.253]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi id 14.02.0283.004; Mon, 9 Apr 2012 17:08:45 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: RE: 3484bis and privacy addresses
Thread-Topic: 3484bis and privacy addresses
Thread-Index: AQHNC+wBSVlewb1jE0uYOWOUBxq41JZ/ZbAAgBPdqEA=
Date: Tue, 10 Apr 2012 00:08:45 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B5054C1@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
References: <4F716D5C.40402@innovationslab.net> <4F726C9E.50107@gmail.com>
In-Reply-To: <4F726C9E.50107@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.90]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 00:08:51 -0000

Brian Carpenter writes:
> On 2012-03-27 20:33, Brian Haberman wrote:
> ...
> > 
> > A. Prefer public addresses over privacy addresses
> > 
> > B. Prefer privacy addresses over public addresses
>
> In terms of a general default in shipped IPv6 stacks, I prefer B, but it has to be qualified:
>
> There MUST be a user option to change this preference.

That wording would be confusing, as there's a distinction between an
(unprivileged) user and a (privileged) admin.   It would be a security
vulnerability if an unprivileged user could change a system-wide setting.

> There SHOULD be a network manager option to change this preference.

Similarly, the term "network manager" is also confusing.  It would be a security vulnerability
if an untrusted user on the network could change a system-wide setting locally.

> The rationale for this is that we need privacy by default in shipped products, with the
> ability for the person deploying the product to override this.

I (and I gather from the +1's that many others) agree with having a config knob to
reverse the preference.   The doc already has text about that on a *per-app* basis,
but not system-wide.   The wording I propose to add is:

    "There SHOULD be an administrative option to change this preference, if the 
    implementation supports privacy addresses.  If there is no such option, there 
    MUST be an administrative option to disable privacy addresses."

-Dave