Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address

[Alexandre Petrescu <alexandre.petrescu@gmail.com>]

Le 10/07/2017 à 16:16, mohamed.boucadair@orange.com a écrit :
> Alex,
> 
> I'm focusing on this part of your answer.
> 
> Please see inline.
> 
> Cheers, Med
> 
>> -----Message d'origine----- De : Alexandre Petrescu 
>> [mailto:alexandre.petrescu@gmail.com] Envoyé : lundi 10 juillet 
>> 2017 15:51 À : BOUCADAIR Mohamed IMT/OLN; v6ops@ietf.org Objet : 
>> Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address
>> 
>> Med,
>> 
>> 
>>>> This has consequences on privacy, and may impact 
>>>> interoperability when DHCPv6-PD is used later in the process.
>>> 
>>> [Med] I don't follow you here. There is no privacy concern out 
>>> there. The IID used when forming a global IPv6 address will be 
>>> selected by the terminal; no assumption is made about those 
>>> bits.
>> 
>> There is a privacy concern: if the operator enforces the UE to 
>> always use the network-assigned IID then that UE is trackable.
>> 
> 
> [Med] I'm not sure what you mean by "trackable" in this context. If 
> you mean that "a UE can be identified by the network", then an UE is 
> always identified by the network it connects to!

YEs, and I thought that is a device-specific identifier like the IMEI,
not the link-local address.

> At the IP level, an UE is identified by the bits of the IPv6 prefix,
>  not IID bits.

Well - by the IP address.

> Further, a network does not need IP-related information to identify 
> an UE.

I agree, so why does it want to impose an IID to the UE?

> I still don't see any privacy concern in supplying an IID to an UE
> to be used for forming its link-local address.

Err...

It's because the supplied IID is very much like an IEEE MAC 48bit
address.  It is guaranteed unique, so it can also be used to track.

Why do you think it can not be used to track?

Alex

> 
> 
>