Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address

[Alexandre Petrescu <alexandre.petrescu@gmail.com>]

Le 10/07/2017 à 16:58, mohamed.boucadair@orange.com a écrit :
> Re-,
> 
> Please see inline.
> 
> Cheers,
> Med
> 
>> -----Message d'origine-----
>> De : Alexandre Petrescu [mailto:alexandre.petrescu@gmail.com]
>> Envoyé : lundi 10 juillet 2017 16:46
>> À : BOUCADAIR Mohamed IMT/OLN; v6ops@ietf.org
>> Objet : Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address
>>
>>
>>
>> Le 10/07/2017 à 16:16, mohamed.boucadair@orange.com a écrit :
>>> Alex,
>>>
>>> I'm focusing on this part of your answer.
>>>
>>> Please see inline.
>>>
>>> Cheers, Med
>>>
>>>> -----Message d'origine----- De : Alexandre Petrescu
>>>> [mailto:alexandre.petrescu@gmail.com] Envoyé : lundi 10 juillet
>>>> 2017 15:51 À : BOUCADAIR Mohamed IMT/OLN; v6ops@ietf.org Objet :
>>>> Re: [v6ops] RFC6459 "IPv6 in 3GPP" - the IID in the LL address
>>>>
>>>> Med,
>>>>
>>>>
>>>>>> This has consequences on privacy, and may impact
>>>>>> interoperability when DHCPv6-PD is used later in the process.
>>>>>
>>>>> [Med] I don't follow you here. There is no privacy concern out
>>>>> there. The IID used when forming a global IPv6 address will be
>>>>> selected by the terminal; no assumption is made about those
>>>>> bits.
>>>>
>>>> There is a privacy concern: if the operator enforces the UE to
>>>> always use the network-assigned IID then that UE is trackable.
>>>>
>>>
>>> [Med] I'm not sure what you mean by "trackable" in this context. If
>>> you mean that "a UE can be identified by the network", then an UE is
>>> always identified by the network it connects to!
>>
>> YEs, and I thought that is a device-specific identifier like the IMEI,
>> not the link-local address.
>>
>>> At the IP level, an UE is identified by the bits of the IPv6 prefix,
>>>   not IID bits.
>>
>> Well - by the IP address.
> 
> [Med] No. I reiterate my answer: it is identified by the prefix not the full IPv6 address.  Policies at the network are enforced based on the prefix, not the full IPv6 address.
> 
>>
>>> Further, a network does not need IP-related information to identify
>>> an UE.
>>
>> I agree, so why does it want to impose an IID to the UE?
> 
> [Med] This is an optimization to avoid DAD.

Ok about LL, but how about the GUA?  If the network uses a GUA same as 
the UE then there should be DAD for that GUA.

I dont think there is any spec that tells that the network MUST NOT 
assign a GUA on its interface towards the UE.



>>> I still don't see any privacy concern in supplying an IID to an UE
>>> to be used for forming its link-local address.
>>
>> Err...
>>
>> It's because the supplied IID is very much like an IEEE MAC 48bit
>> address.
> 
> [Med] This is a link-local address not a GUA. So, not sure to understand your point.

I can understand your point about GUA privacy vs LL privacy.

But.

Some packets with LLs as src have been witnessed in the Internet at large.

Some times some UE apps may put a link-local address in 
application-layer payloads.  Some protocols do it too (e.g. OSPF puts 
LLs in LSAs, DHCP puts interface IDs and LLs in payloads, etc).

>   It is guaranteed unique, so it can also be used to track.
> 
> [Med] to be tracked by whom?

By the operator, and by other parties outside the operator network.

Also at the same time do not get me wrong: I do agree that in some cases 
some devices must be tracked by things like law enforcement; it's just 
that it should not be by the IP address.  There is operator-specific 
identifiers like IMEI, SIM card and other IDs for that.

Alex

> 
>>
>> Why do you think it can not be used to track?
>>
>> Alex
>>
>>>
>>>
>>>