IETF Logo Mail Archive

Re: [v6ops] Google Alert - IPv6

Tom Herbert <tom@herbertland.com> Thu, 26 October 2017 20:42 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1A0413F5FC for <v6ops@ietfa.amsl.com>; Thu, 26 Oct 2017 13:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pt6q0AzezNSE for <v6ops@ietfa.amsl.com>; Thu, 26 Oct 2017 13:42:31 -0700 (PDT)
Received: from mail-qk0-x236.google.com (mail-qk0-x236.google.com [IPv6:2607:f8b0:400d:c09::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA0CF139F5C for <v6ops@ietf.org>; Thu, 26 Oct 2017 13:42:30 -0700 (PDT)
Received: by mail-qk0-x236.google.com with SMTP id x82so5935440qkb.12 for <v6ops@ietf.org>; Thu, 26 Oct 2017 13:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=vYdtLp+Qas116LFmIZjdQPopa9Fk8wwQF0eA75WJtJI=; b=edwgY8Hv2QErVkVPNm28tUucmErwWwdglF6vpPd9JGwSIgEnSSwClIDpA7b8xfZyuG ipiynhiqdbonMrYoBsSuAxjuFxXBTdoUk2XROee1iH9ZRT4mSOc4gFYYJkZYYLsMSJ1v dnv+qKOs71VZKqCEk5LjHQJ9lBGjRA5RAL/juOX6a6VaU9Qj/kS7Em30aVzNHqw9Unht sO4GFr7csQF2sEJ+9j8HH6PVqNr+UcP68I4E5FgKJyVHIQTrPcZm85IdhViywBjsrj3t 0PMdGcCwCGZ2BWmIT4+5ZxUAKXtpEGEzZmNTlhT+/NF+Nw9J+mZikVCtWlFfPlnXSIHe D9pQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=vYdtLp+Qas116LFmIZjdQPopa9Fk8wwQF0eA75WJtJI=; b=JoY62CB2bBGj3bcSzqkBuNWTs0tWdR9K1oRdrU32SqQanq6Vw7kTq31gQq7pR4zoIx ji2PKMtQ+8dzMs02pNdrrf2z9s0PFBSwNg2bO5pP0UVBJhBCJzLShYcONt/fOm6Md0r/ i8PdrOMjewAPuLFhZn4lN6diS8akR+Ju4wQlUqkoJy/kmwPxjiia7WgucvaD4iLMlReX Ej2sLp6OLBX77PYeUWnhe/nK7zxqaiB4oUQkk8Z/p37vU78Ve5/PVwbuO1Mo8JRhhy/a lPAfXMxSYHkicIiXvKqrM48BkBJu62JmgncvxGgOSPTkzSDv01nT+do2T0cJHmokBcNh tFWg==
X-Gm-Message-State: AMCzsaXv0zFl6l4UEI0c5aIPRXVI0lqfk5Jpsmh2c9NAgf380NWCbJha atZqFVZBoJDlhKS7TfvoXpluPzvS0jiJusYw6zS6Lw==
X-Google-Smtp-Source: ABhQp+Q0cD/yJY41LkZblA3jwKWxkL0ZqwU6FFDOVoXNaBX8PMrsjj3IoLVYB+qgob0+Pd2GeT3//wG15dKMT8B19K8=
X-Received: by 10.55.89.65 with SMTP id n62mr9479202qkb.51.1509050550064; Thu, 26 Oct 2017 13:42:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.54.4 with HTTP; Thu, 26 Oct 2017 13:42:29 -0700 (PDT)
In-Reply-To: <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com>
References: <f403045ef57ac52962055bd88b84@google.com> <20395E98-DA55-447F-BEFE-CB581A88BB78@gmail.com> <alpine.DEB.2.20.1710190655260.31961@uplift.swm.pp.se> <20171019083506.6627a166@echo.ms.redpill-linpro.com> <alpine.DEB.2.20.1710190856530.31961@uplift.swm.pp.se> <787AE7BB302AE849A7480A190F8B93300A056EB5@OPEXCLILMA3.corporate.adroot.infra.ftgroup> <CAHw9_iLWAMexrfXwsdB8duGa5ueJMofqVRqNck6DeOzA=KChqA@mail.gmail.com> <C4E37677-A2FB-49F8-B362-C29B28DFD570@daveor.com>
From: Tom Herbert <tom@herbertland.com>
Date: Thu, 26 Oct 2017 13:42:29 -0700
Message-ID: <CALx6S36XKOptW9h_d9HdRX6mKdZAiWgtNxS0b35BOAEb-Q+j6w@mail.gmail.com>
To: Dave O'Reilly <rfc@daveor.com>
Cc: Warren Kumari <warren@kumari.net>, "v6ops@ietf.org" <v6ops@ietf.org>, Tore Anderson <tore@fud.no>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/qoOAi6KW-uqJ6oQiIuo7Yp5IreI>
Subject: Re: [v6ops] Google Alert - IPv6
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Oct 2017 20:42:35 -0000

On Thu, Oct 26, 2017 at 1:15 PM, Dave O'Reilly <rfc@daveor.com> wrote:
> Hello everybody,
>
> I’m the author of https://tools.ietf.org/html/draft-daveor-cgn-logging-01. Warren brought this thread to my attention so I would like to throw in a few thoughts for people to consider, if I may. I have attempted to address as many as possible of the points raised by others in the thread in one big response below.
>
> Thanks for taking the time to read this and I look forward to any feedback you might have,
> daveor
>
>
> On the topic of “CGNAT is a bad idea”
> ——————————————————————————————
>
> I am not too sure how much mileage there is getting caught up in this point. CGNAT is out there in the world, along with a suite of other large-scale address sharing technologies, and although the transition to IPv6 is ongoing, it is painfully slow and transitionary arrangements will be required for the foreseeable future.
>
> It would be, in my opinion, remiss of the criminal justice system not to consider this issue. The argument that the CGNAT problem will go away if we were all to just move to IPv6 doesn’t help solve the murder that happened today or catch the person distributing child pornography on the Internet.
>
Dave,

The flip side to this coin is that if good guys are able to track IPv6
addresses more easily, then that means the bad guys will be able to
also. Today it may be the case that CGNAT inadvertently offers better
privacy for users that IPv6 would (without any consideration why users
want privacy). So there should be a concern about the privacy of IPv6.
The likely solution is to allow hosts to use untrackable IP addresses,
maybe they would want to use a different IP address for each
connection. There are proposals for this.

If hosts use untrackable addresses, then privacy properties of IPv6
and CGNAT should be nearly equivalent. So the solution to assist law
enforcement ends up being the the same as that for CGNAT. A provider
maintains a log of mappings from the IP addresses to users and
releases information to authorities under warrant. It seems like this
is a logical extension to your draft.

Tom

v2.23.0 | Report a Bug | By Email