IETF Logo Mail Archive

Re: [v6ops] Google Alert - IPv6

Lee Howard <lee@asgard.org> Fri, 27 October 2017 15:00 UTC

Return-Path: <lee@asgard.org>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2BB113F45A for <v6ops@ietfa.amsl.com>; Fri, 27 Oct 2017 08:00:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.088
X-Spam-Level:
X-Spam-Status: No, score=-4.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=asgard.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KghacU-6S-1k for <v6ops@ietfa.amsl.com>; Fri, 27 Oct 2017 08:00:46 -0700 (PDT)
Received: from homiemail-a111.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4FE09137832 for <v6ops@ietf.org>; Fri, 27 Oct 2017 08:00:46 -0700 (PDT)
Received: from homiemail-a111.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a111.g.dreamhost.com (Postfix) with ESMTP id B8ED93C001C15; Fri, 27 Oct 2017 08:00:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=asgard.org; h=content-type :mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s= asgard.org; bh=xVQoHlZ5zfD9gfFPhvebyQkdNMQ=; b=U057KOzJXcyA2nNfK QXUM4CCRYPoW7xY5DxvG8IB1MGIh3yfcn0jyxksYqkC9LBNzG36DchDQHIgnyH2w 1vdFbvDHD2DOkpCDdjFwxWJItooKbdf36ECxKE9ITXY8Nqv9QJ9nDb8vtQJc2A2C Ql1qzl3IYjZXeaedErWYyO4i7g=
Received: from [10.234.169.249] (unknown [87.200.50.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: lee.howard@retevia.net) by homiemail-a111.g.dreamhost.com (Postfix) with ESMTPSA id 0C3233C001C17; Fri, 27 Oct 2017 08:00:45 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail-E51C02CD-BC34-423E-85DF-3D04A4C838A1"
Mime-Version: 1.0 (1.0)
From: Lee Howard <lee@asgard.org>
X-Mailer: iPad Mail (14G60)
In-Reply-To: <CAKC-DJgou-wPuT9Xy-8ddp_5avnUj8mqApVJ3GWChLXQsqkeBA@mail.gmail.com>
Date: Fri, 27 Oct 2017 18:59:45 +0400
Cc: Dave O'Reilly <rfc@daveor.com>, Warren Kumari <warren@kumari.net>, "v6ops@ietf.org" <v6ops@ietf.org>, Tore Anderson <tore@fud.no>
Content-Transfer-Encoding: 7bit
Message-Id: <95BDB333-F293-47C6-8EEE-CC50930F11AC@asgard.org>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <D618D79F.8AA1A%lee@asgard.org> <CAKC-DJgou-wPuT9Xy-8ddp_5avnUj8mqApVJ3GWChLXQsqkeBA@mail.gmail.com>
To: Erik Nygren <erik+ietf@nygren.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/Q723i2_7hUfDIJuH3-Qtsi--7ZI>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Oct 2017 15:00:55 -0000

Still offering solely my personal opinion.

> On Oct 27, 2017, at 6:21 PM, Erik Nygren <erik+ietf@nygren.org> wrote:
> 
>> On Fri, Oct 27, 2017 at 4:51 AM, Lee Howard <lee@asgard.org> wrote:
>> >
>> >One possible solution frequently cited to the problem of CGNAT is
>> >migration to IPv6.However, does migration to IPv6 ACTUALLY solve the
>> >problem of crime attribution due to large-scale address sharing?
>> 
>> Only if content providers deploy IPv6, including logging.
> 
> I'll note that that one of the major limitations for content providers deploying IPv6 
> (perhaps the #1 limitation?) has been making sure all systems that handle IP addresses
> can handle IPv6 addresses well.  This includes for logging, storing in databases,
> client reputation, ip-geo, bot detection, fraud management, authentication cookies, 
> parsing to partially pseudonymize (eg, stripping off bottom N bits), and the like.
> Plumbing "port" through many of these systems (even just logging and storage)
> is a non-trivial effort in many places (perhaps larger in some places than supporting
> IPv6 as now there is a {timestamp,IP,port) tuple that must be transported and stored
> rather than just an IP.

I think you're saying that logging IPv6 address is not trivial, but neither is logging IPv4 + port. Maybe not the same cost, but same order of magnitude?

> 
> It would be much better if we can get onto a path where IPv6 can be relied on
> enough of the time to avoid having to make a large push on source port logging.
> A worst case would be if content providers had internal budget/resources to chose between
> one of "log source port" and "enable IPv6 and support logging IPv6", especially since
> some might decide to pick just the former and then might say "I went through a big
> project to log IPv4 source port, why should I also go through the effort to support IPv6?"
> despite the other good reasons to do so...

Yes, that would be a worst case.
As a general rule, regulation should describe what is needed (attribution) not how to do it (log format or IPv6). So, make content providers, ISPs, mobile companies, and consumer electronics (IoT) manufacturers liable for failing to comply with a subpoena if they are unable to provide attribution information in sufficient detail. Content providers (e.g.) can look at their budgets and Vyncke's projection of IPv6 eyeballs and say, "More than half of all users will be IPv6 capable in X months." They can even look at APNIC's data and think about which countries' users generate the most traffic. Then they can do the math on how many subpoenas they'll see requiring IPv4+source+timestamp versus how many they'll see for IPv6, and rationally decide which to deploy, if not both.

That way, IPv6 becomes a sort of safe harbor, or at least safer than not. Of course, it only applies if you move toward regulation. Personally, I don't want regulators thinking they understand the Internet well enough to regulate it. 

Lee
> 
>      Erik
> 
> 
> [thoughts/opinions here are my own and do not necessarily represent my employer]
>

v2.23.0 | Report a Bug | By Email