IETF Logo Mail Archive

Re: [v6ops] Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: A common problem with SLAAC in "renumbering" scenarios)

Tom Herbert <tom@herbertland.com> Fri, 22 February 2019 22:58 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0813712950A for <v6ops@ietfa.amsl.com>; Fri, 22 Feb 2019 14:58:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tljD-xBFlqrO for <v6ops@ietfa.amsl.com>; Fri, 22 Feb 2019 14:58:53 -0800 (PST)
Received: from mail-qt1-x830.google.com (mail-qt1-x830.google.com [IPv6:2607:f8b0:4864:20::830]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7455E12DD85 for <v6ops@ietf.org>; Fri, 22 Feb 2019 14:58:53 -0800 (PST)
Received: by mail-qt1-x830.google.com with SMTP id s1so4439801qte.5 for <v6ops@ietf.org>; Fri, 22 Feb 2019 14:58:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=hJF/sbv6hZiOhRtpdjd26ezIG+5oF8Wu2boaGeVnB/s=; b=OeiXe3AMgejBMA8kIRUjIz4EUJ5AKLjr/fDoSCUtoZ9jSRjOsWQoL9+4amvse9OxUQ U9ZvsGb5mLg41iuoftHX7GR3g0JC7/L6zEFy96MCB37z1qMq9A67Jhyb7KANDo8mnoTT CsMDVQrr+6v/xqBO6qTR9M39upqJ6yA7cqLMOs3Fsc2By3J1fivBafFsPWaQth+iXvrw bYllEH+ePzcG2qHfqeFtWc9zM/vNDa4xnkaPCaSWV3REqDbqN1IXoqXZiBgToBymmeDl vySBdX/Ma7uxMHDgZSdeP3C9346HJSA0JsJ4sSh/zrx8jAbonsI9NQPx1Gu1fScyNOZ/ 2BXw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=hJF/sbv6hZiOhRtpdjd26ezIG+5oF8Wu2boaGeVnB/s=; b=ii9GNJCdRPRpha3Yj1dxZR2RbZmj9QG/PA0V4B7h+IKfORt1Sbrp6O31kT6LWDTm9/ POzhzJuVRIE1/Ooc+jRcIeI6c7hL7TyK7Uf4QoQNs0PXoGW6jjPom2wjd8+VCFI5BP32 XW8bP/tnEHmGUSiLEKnBAvszp+swdByvkMkyK64fM/tRLlz80lnhh/GOHOiNIcg24WqK jgnllT0zWZv4wWUsdqwiM+bEFYV54h0lr3GM14g1uYfj19ZzKzUstH0caoFLNjqxN1El iMXSuwPWmnISpqyVsNp+DyMAFooVDnCZEAZS6W3O/UcJw8RmimjT2BMShdODJ9oYqCwA sBxA==
X-Gm-Message-State: AHQUAuaU3Vv53nQXVHZH/wNj+OIrnU2mZ8OXtm0vHaas405najsnCO0B HTcxz4f+2di1S4uJkOpPMHavKstnAFyjztRXfObsfA==
X-Google-Smtp-Source: AHgI3IY7f//1ySUVFE+y/JvLNoWHV4/1pQCPsuLBPp8GCP9a0QvQG+Izc7vdOL8G37+APbD9vMadQ3aOvvxlAVGOdGc=
X-Received: by 2002:ac8:3928:: with SMTP id s37mr5177502qtb.246.1550876332335; Fri, 22 Feb 2019 14:58:52 -0800 (PST)
MIME-Version: 1.0
References: <6D78F4B2-A30D-4562-AC21-E4D3DE019D90@consulintel.es> <B6E2EC33-EEAF-40D0-AFCC-BDAFA9134ACD@consulintel.es> <20190220113603.GK71606@Space.Net> <28fbc2c305c640c9afb3704050f6e8d7@boeing.com> <20190220213107.GS71606@Space.Net> <019c552eb1624d348641d6930829fd1f@boeing.com> <CAKD1Yr0HBG+rhyFWg9zh0t3mW486Mjx9umjn+CRqAZg4z9r0dg@mail.gmail.com> <20190221073530.GT71606@Space.Net> <CAO42Z2wmB2W52b4MZ2h9sW5E9cQKm-HRjyf--q8C26jezS7LXQ@mail.gmail.com> <a73818d31db7422b99a524bc431b00ed@boeing.com> <CAO42Z2z9-48Gbb_Exf+oWUqDO=axSLpZBtqeDcxkAoFq5OziGw@mail.gmail.com> <CALx6S3624hnGauG1HaSWPMvQw0t2Q5R3gb8W4R8w3kuK7dcrWQ@mail.gmail.com> <CAO42Z2wOyTDrp5FNnBZ6KMOPT86o6n8rWRhXWdtSU_AOR9mV2A@mail.gmail.com> <CALx6S37FQVx=Hw3yLGfg-SkCwECc1JZkbcsqxrYLw6Pw5izdfw@mail.gmail.com> <CAD6AjGSsh7GvmrWpn_ZT--KRf=vMUR5awcUe=uhGdKP_w8fW9Q@mail.gmail.com> <CALx6S36i0C5vJ8YHi6KuQ6813d0STYOOyDGN5UY7ytk4X+fKdg@mail.gmail.com> <CAD6AjGSsm=Cjn8ULEs2=GwpXir1yMSbiCyQO0pPevZf_NpSUCw@mail.gmail.com>
In-Reply-To: <CAD6AjGSsm=Cjn8ULEs2=GwpXir1yMSbiCyQO0pPevZf_NpSUCw@mail.gmail.com>
From: Tom Herbert <tom@herbertland.com>
Date: Fri, 22 Feb 2019 14:58:40 -0800
Message-ID: <CALx6S35zrYoPpqbGzn5jtaOtqUPTrMGRVpvtrZFYq8c_9=ncNw@mail.gmail.com>
To: Ca By <cb.list6@gmail.com>
Cc: "6man@ietf.org" <6man@ietf.org>, IPv6 Operations <v6ops@ietf.org>, Mark Smith <markzzzsmith@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/LamEMWfrEPsmRBlMOKx1PZvnL5I>
Subject: Re: [v6ops] Is addressing privacy via NAT really achieving much compared to a privacy goal of anonymity? (Re: A common problem with SLAAC in "renumbering" scenarios)
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Feb 2019 22:58:57 -0000

On Fri, Feb 22, 2019 at 2:36 PM Ca By <cb.list6@gmail.com> wrote:
>
>
>
> On Fri, Feb 22, 2019 at 11:56 AM Tom Herbert <tom@herbertland.com> wrote:
>>
>> On Fri, Feb 22, 2019 at 10:06 AM Ca By <cb.list6@gmail.com> wrote:
>> >
>> >
>> >
>> > On Fri, Feb 22, 2019 at 10:12 AM Tom Herbert <tom@herbertland.com> wrote:
>> >>
>> >> On Thu, Feb 21, 2019 at 11:35 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> >> >
>> >> > Hi Tom,
>> >> >
>> >> > On Fri, 22 Feb 2019 at 10:04, Tom Herbert <tom@herbertland.com> wrote:
>> >> > >
>> >> > > On Thu, Feb 21, 2019 at 2:46 PM Mark Smith <markzzzsmith@gmail.com> wrote:
>> >> > > >
>> >> > > > On Fri, 22 Feb 2019 at 08:53, Manfredi (US), Albert E
>> >> > > > <albert.e.manfredi@boeing.com> wrote:
>> >> > > > >
>> >> >
>> >> > <snip>
>> >> >
>> >> > > >
>> >> > > > So I think there's commonly a big different between works and works
>> >> > > > well. NAT may work, however compared to stateless IPv6 (and IPv4)
>> >> > > > forwarding, it doesn't work anywhere as near as well.
>> >> > > >
>> >> > > Mark,
>> >> > >
>> >> > > I agreee with that with one exception. I believe that NAT/IPv4 can
>> >> > > offer better privacy in addressing than IPv6 given current addess
>> >> > > allocation methods.
>> >> > >
>> >> >
>> >> > So I don't think addressing privacy via NAT is really all that
>> >> > valuable if there are many other ways, some quite easy, to uniquely
>> >> > identify an anonymity desiring end-point/end-user, whose effectiveness
>> >> > aren't impacted at all by NAT.
>> >> >
>> >> > For example, this website is coming over IPv4 for me, and I'm using
>> >> > IPv4+NAPT. If IPv4+NAPT was that effective at anonymity, I shouldn't
>> >> > be able to tracked.
>> >> >
>> >> > https://amiunique.org/
>> >> >
>> >> > Yet it is saying I can be with both Chrome and Firefox on Fedora 29 in
>> >> > Incognito/Private windows mode on this host. It says the same about my
>> >> > Android 9 phone with Chrome in Incognito mode.
>> >> >
>> >> > Going into the detail of how, they don't seem to be using IP address
>> >> > at all for any identification, it is all browser attributes.
>> >> >
>> >> > We have IPv6 temporary addresses, which makes using addresses harder
>> >> > to use to identify a node. I think that is a lot better than nothing.
>> >>
>> >> Mark,
>> >>
>> >> Yes, but by that same rationale a simple substitution cipher is better
>> >> than nothing in cryptography!
>> >>
>> >> What pretty much any conversation about privacy in addressing seems to
>> >> lacking is a quantitative description of privacy and any empiracal
>> >> data on the impact that privacy mechanisms, like those defined in
>> >> RFC4941, have had. You might say it "makes using addresses harder to
>> >> use to identify a node". But then the obvious question is _how_ much
>> >> harder? Is this really protecting anyone's privacy, or it is just a
>> >> minor inconvenience to attackers and only giving users a false sense
>> >> of security?
>> >>
>> >> The irony is that CGN seems to have the best supporting evidence for
>> >> being a mechanism that impacts privacy, but it was never even intended
>> >> to be a privacy mechanism. The evidence is in the form of concerns
>> >> form law enforcement that the privacy side effect is too strong and
>> >> impedes their investigations
>> >> (https://www.theregister.co.uk/2017/10/18/europol_cgnat/).
>> >>
>> >> So I don't think "Is addressing privacy via NAT really achieving much
>> >> compared to a privacy goal of anonymity?" is the right question. The
>> >> right question to ask is "Is addressing privacy via any IETF defined
>> >> mechanism achieving much compared to a privacy goal of anonymity?"
>> >>
>> >> Tom
>> >
>> >
>> >
>> >
>> > 1.  Network service providers cannot provide address anonymity.  LEA requirements in the USA and many jurisdictions simply do not allow it, so who is the customer of such a standard?  Who would make and deploy it?
>>
>> The customer of this is political dissident that is speaking out
>> against injustice of a corrupt government. There is nothing that
>> prevents a solution that provides the privacy for the dissident, but
>> still allows their network provider to maintain records that correlate
>> address to identity is available to LEA for the local jurisdiction
>> under lawful order. This really isn't different than other areas of
>> privacy on the Internet (like the logs that Facebook or Google keep).
>> The point is that anonimity is needed to prevent unauthorized third
>> parties from breaking someones privacy.
>>
>> >
>> > 2. Network address annonimity today is generally provided via Tor.  How could the ietf provide something better than existiting tor solutions, knowing that it will not be baked into the network — meaning it must be over the top.
>> >
>>
>> I'm not sure what "provided via Tor" means.
>
>
> Tor is this
> https://www.torproject.org/about/overview.html.en
>
> Tor is what people use today for address anonimity today

Thanks for the reference. It's interesting but then there's
https://www.esecurityplanet.com/open-source-security/the-trouble-with-tor.html.
In any case, I believe it's in IETF's best interest to continually
evaluate security and privacy in IP protocols. Privacy in IP
addressing seems to be an area of weakness in that regard.

Tom

>
>>
>>
>>
>> > 3. CGN is not private. It throw off per session logs of every transaction, so this is a full click stream archived ... with varing levels of intentional monetization and security from hackers.
>> >
>> Yes, it is expected that the local provider has full view of all
>> associations of address to some device, that's pretty much a given and
>> we have to trust the local provider to some extent. What we're trying
>> to prevent is untrusted external parties from deducing identity or
>> location of users.
>>
>> >
>> >>
>> >> > However, I don't see how IPv6 NAT would improve it much, and it
>> >> > introduces the other drawbacks of NAT.
>> >> >
>> >> > Regards,
>> >> > Mark.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > > Tom
>> >> > >
>> >> > > > Regards,
>> >> > > > Mark.
>> >> > > >
>> >> > > >
>> >> > > >
>> >> > > > > Bert
>> >> > > >
>> >> > > > _______________________________________________
>> >> > > > v6ops mailing list
>> >> > > > v6ops@ietf.org
>> >> > > > https://www.ietf.org/mailman/listinfo/v6ops
>> >>
>> >> --------------------------------------------------------------------
>> >> IETF IPv6 working group mailing list
>> >> ipv6@ietf.org
>> >> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
>> >> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email