Re: [v6ops] Alissa Cooper's Discuss on draft-ietf-v6ops-unique-ipv6-prefix-per-host-12: (with DISCUSS)

[Alexandre Petrescu <alexandre.petrescu@gmail.com>]

Le 12/10/2017 à 19:16, Tom Herbert a écrit :
> 
> 
> On Thu, Oct 12, 2017 at 9:50 AM, JORDI PALET MARTINEZ 
> <jordi.palet@consulintel.es <mailto:jordi.palet@consulintel.es>> wrote:
> 
>     If the prefix to a residential customer is NON-persistent (the ISP
>     changes it every “x” minutes or hours or whatever), then I think
>     there is no need to further extend the privacy measures to how each
>     /64 is used during that time.
> 
> Jordi,
> 
> How are you going to explain to a user that is exercising their right of 
> free speech to criticize their government that they need to carefully 
> schedule their private communications around some arbitrary time 
> schedule established by their provider (which is likely demanded by the 
> very government they are criticizing?).

Maybe the user exercising these rights can have an ability to impose her 
own schedule to the network, and not vice-versa.

Alex

> 
> IMO, if anonymity and privacy are rights on the Internet, which I'm 
> assuming they are, then those rights should be not be limited by some 
> window in time or other arbitrary constraints.
> 
> Tom
> 
>     Otherwise we end-up demanding the same for every single /128 address …
> 
>     According to my IPv6 survey, which has answers from 1512 ISPs
>     worldwide, 63% provide “persistent” prefixes to residential users.
> 
>     So, I believe is sufficient for an ISP to offer the choice for the
>     user to “don’t have” a persistent prefix, or may depending on
>     country laws, on the other way around.
> 
>     Pushing to deploy IPv6 with NON-persistent prefixes is shooting our
>     own foot, unless, as Fred mention, at the same time we provide a
>     dynamic/secure DNS protocol that is widely implemented.
> 
>     Regards,
>     Jordi
> 
> 
>     -----Mensaje original-----
>     De: v6ops <v6ops-bounces@ietf.org <mailto:v6ops-bounces@ietf.org>>
>     en nombre de Tom Herbert <tom@herbertland.com
>     <mailto:tom@herbertland.com>>
>     Responder a: <tom@herbertland.com <mailto:tom@herbertland.com>>
>     Fecha: jueves, 12 de octubre de 2017, 18:39
>     Para: Lorenzo Colitti <lorenzo@google.com <mailto:lorenzo@google.com>>
>     CC: "v6ops@ietf.org <mailto:v6ops@ietf.org> WG" <v6ops@ietf.org
>     <mailto:v6ops@ietf.org>>, Alissa Cooper <alissa@cooperw.in
>     <mailto:alissa@cooperw.in>>,
>     <draft-ietf-v6ops-unique-ipv6-prefix-per-host@ietf.org
>     <mailto:draft-ietf-v6ops-unique-ipv6-prefix-per-host@ietf.org>>,
>     <draft-ietf-v6ops-unique-ipv6-prefix-per-host.all@ietf.org
>     <mailto:draft-ietf-v6ops-unique-ipv6-prefix-per-host.all@ietf.org>>,
>     <v6ops-chairs@ietf.org <mailto:v6ops-chairs@ietf.org>>, The IESG
>     <iesg@ietf.org <mailto:iesg@ietf.org>>
>     Asunto: Re: [v6ops] Alissa Cooper's Discuss on
>     draft-ietf-v6ops-unique-ipv6-prefix-per-host-12: (with DISCUSS)
> 
> 
> 
>          On Thu, Oct 12, 2017 at 9:08 AM, Lorenzo Colitti
>     <lorenzo@google.com <mailto:lorenzo@google.com>> wrote:
> 
>          On Thu, Oct 12, 2017 at 10:53 PM, Alissa Cooper
>     <alissa@cooperw.in <mailto:alissa@cooperw.in>> wrote:
> 
>          If an operator assigns the same unique prefix to the same host
>     every time the
>          host connects to the network, the unlinkability benefits of
>     using IPv6 privacy
>          extensions are completely negated.
> 
> 
>          They are only negated if the remote party knows that the prefix
>     assignment policy is static. Otherwise, at best the remote party can
>     know that a particular subnet is sparsely (and perhaps infrequently)
>     populated.
> 
> 
>          It seems reasonable to me for this document to normatively
>     RECOMMEND that operators assign a different unique prefix to a
>     returning host
> 
> 
>          It seems to me that the privacy implications are the same as
>     for a residential network, where the prefix also identifies the user
>     (or the home). Do we currently normatively recommend that ISPs
>     assign different prefixes every time a home network reconnects? The
>     downside of such a recommendation is that it makes it harder for
>     residential users to run servers, access their network remotely, and
>     survive brief network outages. I'm not sure that's something we
>     want, is it?
> 
> 
> 
> 
> 
> 
>          Lorenzo,
> 
>          There are multiple use cases to consider. Persistence is needed
>     for servers and remote access, but the opposite may be true if you
>     want anonymity and privacy. If one wishes to be anonymous on the
>     Internet then likely would want every connection to use a different
>     source address. The source address should be untraceable back the
>     user, and given two such addresses it should be impossible for a
>     third party to draw any correlation between them other than they
>     belong to the same service provider. Basically, what you'd want are
>     addresses that only share a short provider prefix but all the rest
>     of the bits are seemingly random and not topological. This is one of
>     the things that identifier-locator can provide.
> 
>          Tom
> 
> 
>          _______________________________________________
>          v6ops mailing list
>     v6ops@ietf.org <mailto:v6ops@ietf.org>
>     https://www.ietf.org/mailman/listinfo/v6ops
>     <https://www.ietf.org/mailman/listinfo/v6ops>
> 
> 
> 
> 
> 
> 
> 
>          _______________________________________________
>          v6ops mailing list
>     v6ops@ietf.org <mailto:v6ops@ietf.org>
>     https://www.ietf.org/mailman/listinfo/v6ops
>     <https://www.ietf.org/mailman/listinfo/v6ops>
> 
> 
> 
> 
>     **********************************************
>     IPv4 is over
>     Are you ready for the new Internet ?
>     http://www.consulintel.es
>     The IPv6 Company
> 
>     This electronic message contains information which may be privileged
>     or confidential. The information is intended to be for the exclusive
>     use of the individual(s) named above and further non-explicilty
>     authorized disclosure, copying, distribution or use of the contents
>     of this information, even if partially, including attached files, is
>     strictly prohibited and will be considered a criminal offense. If
>     you are not the intended recipient be aware that any disclosure,
>     copying, distribution or use of the contents of this information,
>     even if partially, including attached files, is strictly prohibited,
>     will be considered a criminal offense, so you must reply to the
>     original sender to inform about this communication and delete it.
> 
> 
> 
> 
> 
> 
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
>