IETF Logo Mail Archive

Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios

Tom Herbert <tom@herbertland.com> Fri, 22 February 2019 01:13 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D83712D4EF for <v6ops@ietfa.amsl.com>; Thu, 21 Feb 2019 17:13:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjNxEkmYuUyq for <v6ops@ietfa.amsl.com>; Thu, 21 Feb 2019 17:13:27 -0800 (PST)
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com [IPv6:2607:f8b0:4864:20::729]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79BE8130E2F for <v6ops@ietf.org>; Thu, 21 Feb 2019 17:13:25 -0800 (PST)
Received: by mail-qk1-x729.google.com with SMTP id a15so267451qkc.1 for <v6ops@ietf.org>; Thu, 21 Feb 2019 17:13:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=oyanN724oBkuyAULkKpri2Cd2PUKsuam/ZwQAr7+HmA=; b=Pkua0gt+YcmZjcs6lkKWtIZgMKCS29Gs5WNfK6qEHKVtnwH/xn8zZnglsVJrQmYkis 6REQkc7XArup/Yete/81h9GgGNSFbS1Aj9yXQ1nSr4EfytPPU4Utu3JG1Ll8hOUScctf 5UMMKporw7EbP2E//f7D2lHqFy7edC1KIDreRkcg+uly+e145pKaP+loVzUmsiwi6LUR Nhox0cd9lfU18irR701yWdkjz9VKG1QO4DHdS8VdaaC0DPaSQAkLtsp1Q1Fw0Du01UAc 1TwuvDM8USsRmcluRx8zwOAxEVDjHpmQ2BK8Gu65jQfRQzJO4ACMZehaO1wHKGerxfh9 Ob1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=oyanN724oBkuyAULkKpri2Cd2PUKsuam/ZwQAr7+HmA=; b=b9UHQ2Mvuf6gZiRpTWECNcG7bzMCq3iE3LawoyNE71dXKNYySSsDc6ZBIDzqvSlNLO DpUrYTNvu67BxElR+5FIyrAc4IhyIO+Bqo9u+9B8W2Aho5vFEldj38BaFqAbqaDkNc1i odGntXAmKKnNRCxTtspzjn2jta8elWqYkxsxF7/kLZHw4q0B+y/zRGeBNINKdn5ghh8i rtl68/8kHAdzhmyhMnfZGy4Gtqy5FrM9Jg9zyQ8sSI8ENcFHkjXSLdVVlL8lAHKHzVLg 2KQXw3VQYBF0rxy8wfPIVr2Tr5+dnocXpYusGXp0QmS3IuRUJILPgA72D72uD6EvNfl9 QfsA==
X-Gm-Message-State: AHQUAuaUGI4+l2iGxsLw/sbk78NF7EHzXmzN1fo9182DHRJC/i6xEEL7 ZzsQCflnVjMvDnvdtiQtxZwAMPmmmDNtb+RKNVfAdA==
X-Google-Smtp-Source: AHgI3IZb3+sPAgmTIolQ6KUy4o6T3AEpOVcLOhvKnYVfgMda1fHX0YbWe3Glg+gIhboM0bpwgmaRXk46lr9V6G/sRN0=
X-Received: by 2002:a37:a147:: with SMTP id k68mr1135619qke.190.1550798004432; Thu, 21 Feb 2019 17:13:24 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <D1BACB13-1C00-4E23-A8BC-A669BFE73559@delong.com> <CALx6S37Ya0cRmh-KgOsc+CVJrvV8tbS8pMmzavcYcFTy3UYo6A@mail.gmail.com> <A3A4AF6B-9CFE-4099-8DE5-612E9D3D974D@delong.com>
In-Reply-To: <A3A4AF6B-9CFE-4099-8DE5-612E9D3D974D@delong.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 21 Feb 2019 17:13:13 -0800
Message-ID: <CALx6S36BZ=UhDW-BeG=PxrrgDY3OFz5aPSdzFKj56CPXna87Qg@mail.gmail.com>
To: Owen DeLong <owen@delong.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, "Manfredi (US), Albert E" <albert.e.manfredi@boeing.com>, IPv6 Operations <v6ops@ietf.org>, "6man@ietf.org" <6man@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/9tt8NP5ZdrpxB0db-NJ1xuC_BTo>
Subject: Re: [v6ops] A common problem with SLAAC in "renumbering" scenarios
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 01:13:28 -0000

On Thu, Feb 21, 2019 at 5:04 PM Owen DeLong <owen@delong.com> wrote:
>
>
>
> > On Feb 21, 2019, at 16:18 , Tom Herbert <tom@herbertland.com> wrote:
> >
> > On Thu, Feb 21, 2019 at 3:49 PM Owen DeLong <owen@delong.com> wrote:
> >>
> >>
> >> Mark,
> >>
> >> I agreee with that with one exception. I believe that NAT/IPv4 can
> >> offer better privacy in addressing than IPv6 given current addess
> >> allocation methods.
> >>
> >>
> >> Huh? Random 64 bit numbers are less private than semi-opaque translation of 32 bit numbers?
> >>
> >> In today’s world (where CGN is fortunately still mostly the exception rather than the rule), the
> >> 32 bit public number (mostly) identifies the household on a transient basis.
> >>
> > Owen,
> >
> > Privacy in CGN effectively if the device lives behind a NAT with
> > thousands of user. So if the an external external third party observes
> > two different flows that share the same NAT address, then the observer
> > can not infer that the two flows are sourced form the same device or
> > user.
> >
>
> Sure, but today, CGN is the exception, not the rule… Hopefully it will remain that way for the
> foreseeable future as CGN is really an awful awful thing for the end user.
>
> Also, due to CALEA constraints, most CGN implementations are going to quasi-static port
> reservations per household, so it’s not as private as you think it is. It will raise the bar
> slightly, forcing the third party to track an extra 32 bits per flow (2xport number), but that’s
> about it.
>
Owen,

To be clear, I was not advocating NAT. I was only pointing out that it
has some privacy properties to the extent that even law enforcement
has even expressed concerns about it. For those users for which
privacy is vital, I don't believe it's an adequate solution. If
privacy is essential then I believe we really want single use
untrackable addresses  (see
draft-herbert-ipv6-prefix-address-privacy-00).

Tom

>
> Owen
>

v2.23.0 | Report a Bug | By Email