IETF Logo Mail Archive

Re: [v6ops] Are we competitive?

Fernando Gont <fgont@si6networks.com> Mon, 15 August 2022 23:38 UTC

Return-Path: <fgont@si6networks.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58CF8C1526FD for <v6ops@ietfa.amsl.com>; Mon, 15 Aug 2022 16:38:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KPbHKsn6Utu7 for <v6ops@ietfa.amsl.com>; Mon, 15 Aug 2022 16:38:51 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [IPv6:2001:67c:27e4::14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0C90C1526F9 for <v6ops@ietf.org>; Mon, 15 Aug 2022 16:38:48 -0700 (PDT)
Received: from [IPV6:2800:810:464:f13:8c70:c57e:fe93:7299] (unknown [IPv6:2800:810:464:f13:8c70:c57e:fe93:7299]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 3CDB128025E; Mon, 15 Aug 2022 23:38:38 +0000 (UTC)
Message-ID: <e721506d-e15b-2846-de97-7b3b10943a1c@si6networks.com>
Date: Mon, 15 Aug 2022 20:38:34 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Tom Herbert <tom@herbertland.com>, Fernando Gont <fgont@si6networks.com>
Cc: IPv6 Operations <v6ops@ietf.org>, David Farmer <farmer=40umn.edu@dmarc.ietf.org>, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>
References: <CAM5+tA9tOGuy8scXStxOTzWOwG_zvDHx4Hi5CwkGiYmzNLOvqw@mail.gmail.com> <9687af1f59a6492f8353ade4d920fa95@huawei.com> <CAM5+tA8UF-3ZHkE0npZ0r5sDQ+FudTSPhpWns1BsPCk=NecX+Q@mail.gmail.com> <7e4606c4534c49a593863bda870b6e63@huawei.com> <3f138b03-940a-e83a-6c6e-6039506b6e4b@gont.com.ar> <10f89b7cbe784881bd22b4af81577aa6@huawei.com> <CAN-Dau0nz0TouDnz5pei0MCmTzSbP8q+gHLx1m0sxX0hsuPX3w@mail.gmail.com> <b9f33aa499b043bb90ff926731db9739@huawei.com> <b885bdd4-d837-1eda-9614-36c76190d920@gont.com.ar> <a6975472445f49018abab153fa61b399@huawei.com> <YvoaJ+IJdl/VXYLj@Space.Net> <CADzU5g5gGOOPD8MRtwhOFF_je9p+J0sGhetcAnMoFsWVeB4KBA@mail.gmail.com> <33249103-b373-03f8-655a-71cb9751e36f@si6networks.com> <CALx6S35S+ZxsuSsC2EhwRXNR0Huis=QcZXhgOWvEcJWYTXSs3A@mail.gmail.com>
From: Fernando Gont <fgont@si6networks.com>
In-Reply-To: <CALx6S35S+ZxsuSsC2EhwRXNR0Huis=QcZXhgOWvEcJWYTXSs3A@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/DApOag85iNclJFGz3JY2tw9Ltb0>
Subject: Re: [v6ops] Are we competitive?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 23:38:53 -0000

Tom,

On 15/8/22 12:27, Tom Herbert wrote:
[...]
> 
> The moment someone connects to an external host on the Internet such a
> number is leaked. For instance, if an attacker has access to an
> Internet server with a user login, they would have the mapping from
> address to user PII.

Of course, if/when you authenticate, all bets are of. But for other 
cases, masquerading the the address does help.



> For real, quantifiable privacy in Internet addressing, we need to give
> each connection its own unique pseudo random address.

Two things:

1) You say "quantifiable"... -- what are the metrics/units you are 
considering? How would you measure this quantity?

2) Other than masquerading, the only part that you can improve in terms 
of privacy is the IID. Because the rest of the address (the prefix) does 
need to leak information about the topology -- that's why the identifier 
is called an address in the first place.

Thanks,
-- 
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494

v2.23.0 | Report a Bug | By Email