IETF Logo Mail Archive

Re: [v6ops] "The Internet is for End Users" (Re: I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt)

Tom Herbert <tom@herbertland.com> Thu, 17 August 2017 17:58 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5690313243A for <v6ops@ietfa.amsl.com>; Thu, 17 Aug 2017 10:58:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUX8RTlJvkY7 for <v6ops@ietfa.amsl.com>; Thu, 17 Aug 2017 10:58:04 -0700 (PDT)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0999413241D for <v6ops@ietf.org>; Thu, 17 Aug 2017 10:58:04 -0700 (PDT)
Received: by mail-qk0-x229.google.com with SMTP id o124so32459673qke.3 for <v6ops@ietf.org>; Thu, 17 Aug 2017 10:58:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1eX4YQvEBeX8QBekP41l2Dd9GnBR4L+aqj6TgGa3tTo=; b=woMmswWezNkSlVwSLfH97RWlfs+DzyM432jNPW86JHQGPOMZiGZ2Yuf8zietWH7bw+ LCg1iCNKZ2e1ffhRFya+qaLYy0whl8MJM491cRbS0JpqUG4Fj4rB3NGp8WvrjuEyOXbO HIFeEUYrblQAuTHL7VD4YCjCYuRdvfmaZDJFjBOIfOffeqA6n/GiKt+D+Rv+Z2cdU4Wg 3CFWGbX6iYwjFEL+CLiX6uGoY8TA1HZQVrm2VIm1/4BK2TmhES/zagSPxpYl2vq9dlkI fGsDE2wb7F/dT/KwMW41sNM68Grvivo6va1jqlFUyRfBHdqLfRfjaZl94qPA6d3TeM7Y VzxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1eX4YQvEBeX8QBekP41l2Dd9GnBR4L+aqj6TgGa3tTo=; b=E3mObUtSdiGoh30+1wBPIEspvZk6MVbIdHGsFRRhsOmHA74YjUFIPiFTMjGGGEqGPr CSAVfgHGXOnW7T3LCtfUKTjQW15Hco6FypbrrlHlEoxMIJ/LfPr5NeqFQT0gEbJ3bm+Y vEhzlsi2LZk0DJclVOX1WTA6keIiVLyESApxA7cYvU99vfpvHzISSmXwPlJ0iMJ0iRWq 8MD8PZpSbjAkadI/2SU06Itvpz0AtLN7HC/obZ1HQC/PS7EzN5gbfMm4D4paWVUPhbnT Jved7G+zhfAz97Us2ld4esl/tHQIqcZRD1IyEga1PZfxNPmeWIw6/+whtUKCux29sMbp rO0w==
X-Gm-Message-State: AHYfb5iQtI0tbIxDvF2towu6RY2PLX74Kf1YXPLYXmsflqnXmO1Pl+xp IUlLAIU/PqdvJvwFbpNVi3MDcFz51NeJ
X-Received: by 10.55.161.139 with SMTP id k133mr1949060qke.345.1502992683101; Thu, 17 Aug 2017 10:58:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.200.42.165 with HTTP; Thu, 17 Aug 2017 10:58:02 -0700 (PDT)
In-Reply-To: <ABBF9B87-C383-4801-B169-5EBFF968DA01@fugue.com>
References: <CAO42Z2xwLdWo1TXeQbtLAYkE4X8QNU-V15EeEKaB3rFCPCm5kg@mail.gmail.com> <CALx6S34jOU1Lq8Pb_9e2Wktc1d_gkvxhKsfHAP7Z9_Kpkz8Ldg@mail.gmail.com> <ABBF9B87-C383-4801-B169-5EBFF968DA01@fugue.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 17 Aug 2017 10:58:02 -0700
Message-ID: <CALx6S36AsRfERrApFGyok-nXy=tv22y8U06PDEZqcgMLUs_rvA@mail.gmail.com>
To: Ted Lemon <mellon@fugue.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, Simon Hobson <linux@thehobsons.co.uk>, v6ops list <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/-nNIi8wzXoX4jH8J6Tkoh1WCA8g>
Subject: Re: [v6ops] "The Internet is for End Users" (Re: I-D Action: draft-ietf-v6ops-unique-ipv6-prefix-per-host-07.txt)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 17:58:05 -0000

On Thu, Aug 17, 2017 at 10:38 AM, Ted Lemon <mellon@fugue.com> wrote:
> El 17 ag 2017, a les 13:19, Tom Herbert <tom@herbertland.com> va escriure:
>
> If you want security and
> privacy it should be implemented end to end.
>
>
> Even that's not good enough, since your metadata can be tracked.
>
Ted,

That's a good argument that everything in a packet should be encrypted
except for the IP header and options that are necessary for delivery.
This becomes essential to prevent tracking. For instance, one of the
problems posed in IDEAS list is that long lived connections are easily
tracked in time. A proposed solution is to allow dynamically changing
addresses of an existing connection. This obfuscates the addresses
nicely, but if there's still connection acks #s, seq #s, and ports in
plaintext it's little bother to be able track the connection across an
address change. So to prevent such tracking, anything in the packet
that could be used for tracking identity needs to hidden or
obfuscated. Simply using random addresses is not nearly enough.

Tom

v2.23.0 | Report a Bug | By Email