Re: [v6ops] Google Alert - IPv6
Dave O'Reilly <rfc@daveor.com> Sun, 29 October 2017 16:44 UTC
Return-Path: <rfc@daveor.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6625013F562 for <v6ops@ietfa.amsl.com>; Sun, 29 Oct 2017 09:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=daveor.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pvC7bmyquHym for <v6ops@ietfa.amsl.com>; Sun, 29 Oct 2017 09:44:02 -0700 (PDT)
Received: from vps.ftrsolutions.com (vps.ftrsolutions.com [5.77.39.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCBC913EF48 for <v6ops@ietf.org>; Sun, 29 Oct 2017 09:44:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=daveor.com; s=default; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date: In-Reply-To:From:Subject:Mime-Version:Content-Type:Sender:Reply-To:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=nL7lA21GzPGC4+HL9bV3UUmvzThWGkK+IXbp+F1r/4A=; b=HZpUp2wtvmHRBizCe6KgiGV6RK l3quchM9AVBPH8ex65Wm24ugQRtrE7PpxS0o9FuhRFqxSOIeUwXq/HIGyC8y4IOo/kHirLv5R8dvh vRpp6L+7dEeaLYDqhhnMUR/3iMYvySZWKpeehHSbcG6uXVFMOuUhKHgnOBA7nC/NhDNk=;
Received: from 86-44-56-31-dynamic.agg7.bsn.cld-dbn.eircom.net ([86.44.56.31]:55131 helo=[192.168.1.25]) by vps.ftrsolutions.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from <rfc@daveor.com>) id 1e8qgq-0002OP-BF; Sun, 29 Oct 2017 16:44:00 +0000
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Dave O'Reilly <rfc@daveor.com>
In-Reply-To: <95BDB333-F293-47C6-8EEE-CC50930F11AC@asgard.org>
Date: Sun, 29 Oct 2017 16:43:59 +0000
Cc: Erik Nygren <erik+ietf@nygren.org>, Warren Kumari <warren@kumari.net>, "v6ops@ietf.org" <v6ops@ietf.org>, Tore Anderson <tore@fud.no>
Content-Transfer-Encoding: quoted-printable
Message-Id: <B7315D76-D9C8-42C7-A583-9CD0A22AE6D0@daveor.com>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com> <D618D79F.8AA1A%lee@asgard.org> <CAKC-DJgou-wPuT9Xy-8ddp_5avnUj8mqApVJ3GWChLXQsqkeBA@mail.gmail.com> <95BDB333-F293-47C6-8EEE-CC50930F11AC@asgard.org>
To: Lee Howard <lee@asgard.org>
X-Mailer: Apple Mail (2.3124)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vps.ftrsolutions.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - daveor.com
X-Get-Message-Sender-Via: vps.ftrsolutions.com: authenticated_id: dave@daveor.com
X-Authenticated-Sender: vps.ftrsolutions.com: dave@daveor.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/ZFR1uW0KTl4g51iiifQRLIJyAb8>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2017 16:44:04 -0000
More comments inline below: > On 27 Oct 2017, at 15:59, Lee Howard <lee@asgard.org> wrote: > > Still offering solely my personal opinion. > > On Oct 27, 2017, at 6:21 PM, Erik Nygren <erik+ietf@nygren.org> wrote: > >> On Fri, Oct 27, 2017 at 4:51 AM, Lee Howard <lee@asgard.org> wrote: >> > >> >One possible solution frequently cited to the problem of CGNAT is >> >migration to IPv6.However, does migration to IPv6 ACTUALLY solve the >> >problem of crime attribution due to large-scale address sharing? >> >> Only if content providers deploy IPv6, including logging. >> >> I'll note that that one of the major limitations for content providers deploying IPv6 >> (perhaps the #1 limitation?) has been making sure all systems that handle IP addresses >> can handle IPv6 addresses well. This includes for logging, storing in databases, >> client reputation, ip-geo, bot detection, fraud management, authentication cookies, >> parsing to partially pseudonymize (eg, stripping off bottom N bits), and the like. >> Plumbing "port" through many of these systems (even just logging and storage) >> is a non-trivial effort in many places (perhaps larger in some places than supporting >> IPv6 as now there is a {timestamp,IP,port) tuple that must be transported and stored >> rather than just an IP. > > I think you're saying that logging IPv6 address is not trivial, but neither is logging IPv4 + port. Maybe not the same cost, but same order of magnitude? > I think the short answer to this is that nobody knows. As I mentioned in an email response I just wrote, I have recommended that further research is required in this area to assess the downstream consequences of logging source port, and these should be considered in the context of a comparably sized project to migrate to IPv6. >> >> It would be much better if we can get onto a path where IPv6 can be relied on >> enough of the time to avoid having to make a large push on source port logging. >> A worst case would be if content providers had internal budget/resources to chose between >> one of "log source port" and "enable IPv6 and support logging IPv6", especially since >> some might decide to pick just the former and then might say "I went through a big >> project to log IPv4 source port, why should I also go through the effort to support IPv6?" >> despite the other good reasons to do so... > > Yes, that would be a worst case. > As a general rule, regulation should describe what is needed (attribution) not how to do it (log format or IPv6). So, make content providers, ISPs, mobile companies, and consumer electronics (IoT) manufacturers liable for failing to comply with a subpoena if they are unable to provide attribution information in sufficient detail. Content providers (e.g.) can look at their budgets and Vyncke's projection of IPv6 eyeballs and say, "More than half of all users will be IPv6 capable in X months." They can even look at APNIC's data and think about which countries' users generate the most traffic. Then they can do the math on how many subpoenas they'll see requiring IPv4+source+timestamp versus how many they'll see for IPv6, and rationally decide which to deploy, if not both. > I can imagine the conversation, however, where an ISP using CGNAT says that I COULD identify the suspect with my logs but it is YOUR problem (law enforcement/content provider/victim) that there is insufficient information available. The point is that there is an information gap, as I have mentioned in several responses, and we need to consider how we’re going to fill it. > That way, IPv6 becomes a sort of safe harbor, or at least safer than not. Of course, it only applies if you move toward regulation. Personally, I don't want regulators thinking they understand the Internet well enough to regulate it. > Also don’t forget that regulatory regimes (and indeed competence levels) vary across the world so a regulatory solution is unlikely to be a general solution. daveor
- Re: [v6ops] Google Alert - IPv6 Paul Marks
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Brian E Carpenter
- Re: [v6ops] Google Alert - IPv6 Rajiv Asati (rajiva)
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Erik Kline
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 Tore Anderson
- Re: [v6ops] Google Alert - IPv6 Mikael Abrahamsson
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Lorenzo Colitti
- Re: [v6ops] Google Alert - IPv6 Alexandre Petrescu
- Re: [v6ops] Google Alert - IPv6 Warren Kumari
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ca By
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 mohamed.boucadair
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] RE: Google Alert - I… mohamed.boucadair
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Erik Nygren
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Fernando Gont
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Gert Doering
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Fred Baker
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] Google Alert - IPv6 Mark Smith
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Fred Baker
- Re: [v6ops] Google Alert - IPv6 DY Kim
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Mark Andrews
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Lee Howard
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 JORDI PALET MARTINEZ
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 t.petch
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Dave O'Reilly
- Re: [v6ops] Google Alert - IPv6 Tom Herbert
- Re: [v6ops] Google Alert - IPv6 Ole Troan
- Re: [v6ops] [SUSPECTED SPAM] Google Alert - IPv6 Mark Smith