IETF Logo Mail Archive

Re: [v6ops] Security: Unique IPv6 Prefix per Host

Ted Lemon <mellon@fugue.com> Tue, 14 November 2017 02:29 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C60D912711E for <v6ops@ietfa.amsl.com>; Mon, 13 Nov 2017 18:29:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWkZUjgOyKUU for <v6ops@ietfa.amsl.com>; Mon, 13 Nov 2017 18:29:55 -0800 (PST)
Received: from mail-pf0-x22e.google.com (mail-pf0-x22e.google.com [IPv6:2607:f8b0:400e:c00::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E157512711A for <v6ops@ietf.org>; Mon, 13 Nov 2017 18:29:54 -0800 (PST)
Received: by mail-pf0-x22e.google.com with SMTP id n89so13291271pfk.11 for <v6ops@ietf.org>; Mon, 13 Nov 2017 18:29:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=UjbUMOSp4x0ARf9PZ5ConUEOmB/kX2HJw0R71d38oyc=; b=zkAf3rwZTf9aG8VKaSNxNlJTmxuTeBevsNHckS/eSCIY+GwXLNN91dap3wZlSr0WTs vMvPjTCTNbf1c0Cx1b1US0o3289sU9n7YWIyE8DzRDRXXpEjW5RARGCP4aUTwahoPtoo hLePFa6fK6FzjdMC5iGyfcvV9fvDQY00JLPAtCd9ZjUjxo0W31gLgiAd6hs41bTbauqb uIWG63jgOW6t+C7QJ+jHDDdXdghXPX5Xa2pA6LRIauYNnPHC64WFbgD3ejfj8ILAZfH1 ff/4GPnjO0y7Tw/Exwj1RL8otC+QjDqbbUdkdnhqQBpQ3B06f5gBja2HTS2TBrPKUQg6 retw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=UjbUMOSp4x0ARf9PZ5ConUEOmB/kX2HJw0R71d38oyc=; b=WDUAI2mofbqbgw+Hy+2DNc9LVfO1LtoF8gWnWGqcqTGZCNv4HGCEIQo3aJPjbB2IYh BnYhLEs7bQAHx7wLysLFXHUNCXDZen9/4gAmbSyR/Ej80heoee7wqRF9Pofuc8Kf/5QV UnSBsGyfLxNRklJLGxz5uoxVKTQYIFrvsKQ4a8FwUdRefy2wWTDRvpgJ7fx/VCBy8hr9 qfGxioONgfjX/6IppMDQa31ZbUwJ4MyV10nrvcQQe/92kXFX3vHuNJc/9Duh0mv4X9xB 0PBtVOMx6OU4TVVivou8SKtuqCKuEZg/mxMZImDga7uku6twlWAiKoIM4m0rbBVUKatn XQuQ==
X-Gm-Message-State: AJaThX7UUxTV7IVf4yuFc0LxUERxXl+a+Ss9szZ6BLN3oVlmgH1MfBig KP7EZInlHtuZuGpEw9C3ZDV1Vw==
X-Google-Smtp-Source: AGs4zMbVVTs99XCYyURZzknVvpdXVTuKbQxsxA+u6zFjHIL3pCFlD0Tk7exAWjw92HFyPHQmU43LvA==
X-Received: by 10.101.97.130 with SMTP id c2mr10906444pgv.101.1510626594359; Mon, 13 Nov 2017 18:29:54 -0800 (PST)
Received: from ?IPv6:2001:67c:1232:144:2552:171a:b18:8a8c? ([2001:67c:1232:144:2552:171a:b18:8a8c]) by smtp.gmail.com with ESMTPSA id h185sm27773833pgc.55.2017.11.13.18.29.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 13 Nov 2017 18:29:53 -0800 (PST)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <544F646A-2A40-435B-A9E0-646B85D96EC0@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_55D18960-AE9B-4C08-837F-24EF5E29E507"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Tue, 14 Nov 2017 10:29:51 +0800
In-Reply-To: <CALx6S34O3S4_0BE3YeLBzEteKY9=yHx4fFnKFrVVUQ=NCY1CFg@mail.gmail.com>
Cc: Mark Smith <markzzzsmith@gmail.com>, v6ops list <v6ops@ietf.org>
To: Tom Herbert <tom@herbertland.com>
References: <87738DE8-328D-4829-9E13-6EAC641A91E2@gmail.com> <D9F02FFC-F19E-4D88-A980-AF6AA329DA48@gmail.com> <C8EC2963-C49E-4203-AADE-F226D98A90DD@gmail.com> <acd41a27-2e0e-e82c-e4d2-582686933f87@si6networks.com> <CAKD1Yr32xTpNBA7j6ZNqaRxWk5LSznVNdQaMNkQUZdW_6XiVtw@mail.gmail.com> <89d4d29f-30ab-756d-b02c-cf460ef833ce@si6networks.com> <CAKD1Yr0hTaNqvTQSD=jmdQ49cSjKiCPDnRcGX5RkQ59My7dGCQ@mail.gmail.com> <6ed75c9e-5f15-6207-4723-85d055a9768f@si6networks.com> <CAKD1Yr3J1oncy2R8Ydnw5KhWUizQcu2_sWy9tnCDvfBGnPQvkw@mail.gmail.com> <dae4dcab-6a97-74e0-1f7f-8e21fc742b31@si6networks.com> <CAKD1Yr2zXNTV3yZUrAG9=45R3zNAoOnc7qvuPXkqOqzKBjR1aw@mail.gmail.com> <a614e8eb-2f7f-d7c2-d3b5-d411b67b48db@si6networks.com> <CAKD1Yr0iKeuwy5423otVVvJwbevL4m_SACMn+wUE3Koed5BTQg@mail.gmail.com> <ca4c3db8-358a-48ca-64ee-ba1eadcb0980@si6networks.com> <CAKD1Yr1nynArQj5-DrMeLdY-ReEJ-S3uBeou5Wbrt-jkk_epQw@mail.gmail.com> <b0ac25b4-7a0b-b04e-6ecd-88c18a5777c5@si6networks.com> <CAKD1Yr2M2jd+Ck7=yjfgm=pDMX7sXa2tYri_rW5C1jUgE9e+=A@mail.gmail.com> <9766EB28-9160-48CA-B062-BF244821E834@gmail.com> <CAKD1Yr25ZSLG13FVxM5FXbtq=F5yHvffJ6zAB=ojDmruoaUxUw@mail.gmail.com> <D0EFD705-0D6E-4E6B-9CB9-6734AC2137FB@gmail.com> <CAKD1Yr0Z5OPB9TDsD_=EFphRrkXCuRDDFDAawNDa1w9LmjDVng@mail.gmail.com> <7F9BA983-C3EC-442D-B0B7-655D314B766C@gmail.com> <CAKD1Yr3RZTMu98tCRAjMxAbYsjBqVoyRrZhXXiw3f_Mr3RfCjg@mail.gmail.com> <CAG6TeAutRHKWRkGG6CFoMp5AnbTPP+eGZyKU_C7=r=5y_H8qYA@mail.gmail.com> <406D79DC-F93E-4111-80AC-D7C22E42EC01@gmail.com> <CAO42Z2w0JMrstYu2nvjyuwh9qgJ5LFSZszFMSyXxE6SOoro-Zw@mail.gmail.com> <CALx6S34O3S4_0BE3YeLBzEteKY9=yHx4fFnKFrVVUQ=NCY1CFg@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/sDUR7ojNI5WdrVKGk4N7cP0kSXY>
Subject: Re: [v6ops] Security: Unique IPv6 Prefix per Host
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Nov 2017 02:29:57 -0000

On Nov 14, 2017, at 3:42 AM, Tom Herbert <tom@herbertland.com> wrote:
> The idea of single use addresses is that a host can be assigned many
> identifiers from which it can create a unique source address for each
> connection. It is up to the infrastructure to direct packets for each
> addresses to the right end host. It's true this is potentially a lot
> of state for the infrastructure to manage, but the total number of
> state entries would be no more than the number of NAT entries if that
> were in use today so I don't believe it is impractical.

The problem is that the goal for doing this would be to obscure, as much as possible, the identify associated with a particular flow.   In order to do this, it has to be the case that the locater used to route that flow reveals as little as possible to the remote endpoint of the flow: that is, that if I connect to you, in principle the return address you see is as unspecific as possible.

In order for that to work, the mapping has to be as high in the network hierarchy as possible.   If the point in the network hierarchy where the mapping occurs is, say, in my home gateway, then not much obscuration of identity is being accomplished.   Perhaps the remote endpoint does not know who in my home connected, but it knows someone in my home did.

If you do the mapping one level up, at the ISP's local data center, then now all the remote endpoint knows is that someone in, say, Brattleboro (the town where I live), who is a Comcast customer, connected.   If you do the mapping another level up, then all the remote endpoint knows is that someone in, say, New England, who is a Comcast customer, connected.   And so on.

Of course, the higher up in the hierarchy that you do the mapping, the easier it is to monitor below the mapping point, since our adversary may not be on the remote endpoint.   In the case of government surveillance or ISP monetization of search traffic, if the mapping occurs at the top of the ISP, and the monitoring occurs within the ISP's network, then a fairly specific identity is available to the adversary.

This is why Tor does multiple layers of mapping, on multiple routers.   In order to get a similar degree of obfuscation, a similar mapping process would be required.   This requires substantial infrastructure, and is in no way analogous to the cost of network address translation, even CGN.   These translators ideally need to be under the control of a variety of entities, such that no one entity can reveal the identity of the protected endpoint.

This is why I made the original comment, "who pays for this?"   There's no reason in principle why something like this couldn't be set up, but to be available to every end user, a rather massive cost would have to be absorbed by someone.   Who would that be?

v2.23.0 | Report a Bug | By Email