Re: [v6ops] Are we competitive?
Nick Buraglio <buraglio@es.net> Mon, 22 August 2022 14:23 UTC
Return-Path: <buraglio@es.net>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94D7DC14CE24 for <v6ops@ietfa.amsl.com>; Mon, 22 Aug 2022 07:23:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=es.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7L6tgVI67eTh for <v6ops@ietfa.amsl.com>; Mon, 22 Aug 2022 07:23:01 -0700 (PDT)
Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F11BAC14F72F for <v6ops@ietf.org>; Mon, 22 Aug 2022 07:23:01 -0700 (PDT)
Received: by mail-pf1-x435.google.com with SMTP id x15so9592071pfp.4 for <v6ops@ietf.org>; Mon, 22 Aug 2022 07:23:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=es.net; s=esnet-google; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc; bh=FBw67D+FEsh0zfTwj6HgHgqYlNJi+qS/8xuTuk/vSxU=; b=lhmrfFp4gs3D1OJeHZOFP6PgSve7zwTJL/ZECZJm4GL3rToolQWPALja9t2Fkav5/D h7H5o7MDVtHAG2itV/4Unlr7/VoFae2ua3EfENx1FQPuQdlUxWBbA2mp4iuHCj0YsisZ k1WmBY+xw+iP6as7q6W2WRjz+fCr++HwBqM27NVs0COYeyb/BUGrazN1Vo9uOeJPgIjm La86zkTbrUMjN0zlIj6WybWymd/dK+yN9MDEi/IhXwEB9WhJ8ahr/KXzb7iByq72xRKp lsGMt6dtnXOeTuVvW+001MLZx8DUHJXyW7L1OzAAfHN9SH9u63OKOmM3IdDKwlLRb9Gy ayAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=FBw67D+FEsh0zfTwj6HgHgqYlNJi+qS/8xuTuk/vSxU=; b=ea7l8yTZj1Xn/x6FpWPRuu8Mo9hKAsSqqUGY0hHiGmbZZS+WoNW0FMP+G2kg66SHmg PUcusYtpKDpWy4DEJLdSkWXoWsLn4XfjqViVjSUKdWNuGBgLn/4AqMPupLxtKrylpPev j5Mrdp5SXUeEMcqEQtqoxgJc4hdh57b8sqpnG2MPCvuTqbYrnwvZkro3M8jASilsQQSP ULwxv4msLmXlAKsuRi8cKsyqsk9ChMk2EO2X+w6/nBWoP+iz5gWmKlhvrQDUUtH2iaos zo+rl7Iu0QPVwoHHT7SyOqDAMPJJXDCAZd9ibjkItr+FEbeFxSOzyl+Mdck20Q9QQ85J 9R/w==
X-Gm-Message-State: ACgBeo212tk8tAYZ2sO6H/8vAdBY18Vtuv5fjwGi2KRyFrmQVXZqR/l5 U3BTHq7GW7q+oNJtYTwLjQyzdjBgnZoIgtaqb/Sl2QvL4j9KYJRczU+efzTm8xgzwJycSe7lUf0 ZOkJBWqRcgTwyvl/BQcEQ2mdKs1fLgk/fH11i5KKWc8i75tPdungyUZILsPIwExX9eIisRpLafS Hxh6M7
X-Google-Smtp-Source: AA6agR7KNdxzVb1UWQlXOsyMLDynZCNi3JeLd8Yk1AttiSHaUkp9/Ul93fcygWn0LLP4O7n9v85IcwvKfqnEcGAdyZk=
X-Received: by 2002:a65:6d97:0:b0:41c:1e06:3ba4 with SMTP id bc23-20020a656d97000000b0041c1e063ba4mr17110460pgb.282.1661178180828; Mon, 22 Aug 2022 07:23:00 -0700 (PDT)
MIME-Version: 1.0
References: <3f138b03-940a-e83a-6c6e-6039506b6e4b@gont.com.ar> <10f89b7cbe784881bd22b4af81577aa6@huawei.com> <CAN-Dau0nz0TouDnz5pei0MCmTzSbP8q+gHLx1m0sxX0hsuPX3w@mail.gmail.com> <b9f33aa499b043bb90ff926731db9739@huawei.com> <b885bdd4-d837-1eda-9614-36c76190d920@gont.com.ar> <a6975472445f49018abab153fa61b399@huawei.com> <YvoaJ+IJdl/VXYLj@Space.Net> <1cdf7569a11d43e2b4fdd8675b657e42@huawei.com> <YvoilaQfj40uYI5X@Space.Net> <2e465d49-7636-1a09-0b0a-1616c3840bb8@gmail.com> <YvolSM4c05Hu2YAn@Space.Net> <3ea43ae8-a88e-8d44-1b21-7b66f3924980@gmail.com> <9B8691E8-AD21-4A87-8735-DEBE4E0CDCED@gmail.com> <bc72f01f-5c24-b738-5bab-5c48282e0523@gont.com.ar> <CALx6S37Xc-QAARizWgcN9LXr8xDGmO0mqVCe2Dc5PV9K=1pRww@mail.gmail.com>
In-Reply-To: <CALx6S37Xc-QAARizWgcN9LXr8xDGmO0mqVCe2Dc5PV9K=1pRww@mail.gmail.com>
Reply-To: buraglio@es.net
From: Nick Buraglio <buraglio@es.net>
Date: Mon, 22 Aug 2022 09:22:49 -0500
Message-ID: <CAM5+tA-rbQzshgs75ZXXFu_Z9NOe9aGs0pu82GzG3S-fnkr90A@mail.gmail.com>
To: Tom Herbert <tom@herbertland.com>
Cc: Fernando Gont <fernando@gont.com.ar>, IPv6 Operations <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/SB7zzq4Wv5Qu0oGAs4PfEFfVQ0g>
Subject: Re: [v6ops] Are we competitive?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Aug 2022 14:23:05 -0000
Perhaps not totally unrelated, but there are some zero trust conceptual architectures kicking around that incorporate single use IPv6 addressing as Tom has described. nb On Fri, Aug 19, 2022 at 6:58 PM Tom Herbert <tom@herbertland.com> wrote: > > On Fri, Aug 19, 2022 at 3:58 PM Fernando Gont <fernando@gont.com.ar> wrote: > > > > Hi, Fred, > > > > On 19/8/22 16:09, Fred Baker wrote: > > > > > > > > >> On Aug 15, 2022, at 9:07 AM, Soni They/Them L. > > >> <fakedme+ipv6@gmail.com> wrote: > > >> > > >> We do not like it when IPv6 enables cross-website tracking in spite > > >> of browser-based protections, including the ability to separately > > >> identify household/community participants, which would be entirely > > >> avoidable if the IPv6 stack had full built-in support for ephemeral > > >> addresses and browsers used them per-tab or so. > > > > > > > > > I'm going to ask the obvious question. What is the difference between > > > an "ephemeral" address and a "temporary" address? I think you're > > > asking for a temporary address that is used for a specific purpose (a > > > tab, a tcp session, whatever) and then forgotten. > > > > Answer is in Section 4.4 of > > draft-gont-v6ops-ipv6-addressing-considerations-02: > > https://www.ietf.org/archive/id/draft-gont-v6ops-ipv6-addressing-considerations-02.html#name-address-stability-considera > > ;-) > > > > TL;DR; They are addresses that are used by a single application (e.g., a > > web broswer) or even a single site or application inside the browser. > > Otherwise, temporary addresses would still allow correlation while the > > same address is in use (while the address is preferred). > > > > Strictly speaking, temporary addresses *are* ephemeral (i.e., they are > > certainly not constant or stable). But there are cases where you'd > > probably want an application to be able to request a > > single/exclusive-use address. > > Fernando, > > Assigning a unique pseudo randomized IP address as the local end point > of each TCP connection would provide the strongest privacy guarantees > in terms of preventing cross correlations between different flows from > the same source. In this model, the addresses are more aptly described > as ephemeral and not temporary. The address would be used for the > lifetime of only a single flow which could be an arbitrarily long > period of time. Only when the connection is terminated is the address > released back into the pool. This does mean that at a given point of > time a host may have thousands of such addresses in use, but I believe > that's mostly a problem of managing bulk address assignments and > network forwarding via identifier to locator mappings. > > Tom > > > > > Thanks, > > -- > > Fernando Gont > > e-mail: fernando@gont.com.ar > > PGP Fingerprint: 7F7F 686D 8AC9 3319 EEAD C1C8 D1D5 4B94 E301 6F01 > > > > _______________________________________________ > > v6ops mailing list > > v6ops@ietf.org > > https://www.ietf.org/mailman/listinfo/v6ops > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? shogunx
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Ed Horley
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? nalini.elkins@insidethestack.com
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Ackermann, Michael
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? Philipp S. Tiesel
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Gábor LENCSE
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Chongfeng Xie
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Ted Lemon
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- [v6ops] book6 [was: Are we competitive?] Brian E Carpenter
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gábor LENCSE
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? David Farmer
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Mark Smith
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Ted Lemon
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Tom Herbert
- Re: [v6ops] Are we competitive? Ted Lemon
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Mark Smith
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Tom Herbert
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Tom Herbert
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Greg Skinner
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Gmail