Re: [v6ops] Are we competitive?
Tom Herbert <tom@herbertland.com> Mon, 15 August 2022 15:28 UTC
Return-Path: <tom@herbertland.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFFB0C1524BF for <v6ops@ietfa.amsl.com>; Mon, 15 Aug 2022 08:28:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYXw8ULauVIn for <v6ops@ietfa.amsl.com>; Mon, 15 Aug 2022 08:28:09 -0700 (PDT)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32EE6C1522A6 for <v6ops@ietf.org>; Mon, 15 Aug 2022 08:28:08 -0700 (PDT)
Received: by mail-lj1-x22d.google.com with SMTP id x25so7950779ljm.5 for <v6ops@ietf.org>; Mon, 15 Aug 2022 08:28:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=YFPdvgXPgyYu/0XR2Icq4B0I2SsvTs77oeN3D3D5x+g=; b=vX0pZ2/WwqiV3Yj2qNtIDBC1P35VtkWUUogqmh8J3WyGnRSpx+eWyG6Zs/Mb5v847B cXLGIrmZlNvBvSqTl0SHoq+/KiX/iEqKAzbayFM5gAXeEb8eFityVTg5v/Vxlk0AG1CM rVPgmR9FI2vV3xbXcxoqnBxyw6BVi6VM4iyKBvJJBN5cUi3mnDlzFj7X2iWKbfIUTje/ lHvvqsE74ceXpqhMf7cUZzycLrO6Z926R8fk6TX2BLTW19wBlnHiu0aqmaYFRTWTvykT 8T29cX+7rt2ZL4NE3IYSBasnLB5M4xGJmrC5UzOdPyBs/zb2LERD5WTCLfgVc4YEul1q Ujbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=YFPdvgXPgyYu/0XR2Icq4B0I2SsvTs77oeN3D3D5x+g=; b=EDpZ+P8t3noaB0k0jw29hitT2w8MPC1SLiW6jeqw2ZJ+ZzTwVy5zvZgO6kksg82AQz RQBf2KjHodvlYxW+8dASbI0E6bKDiGAVXBgO5K/m+kYCjPzLKrTWwxsOc4OURdTXt2ha 17/yuQ44nSViSaoxLB3j7/lERr7MtUaTF2LYjnDsvO1e7zYk14FijiRkhipN3ytEyjUE I1PfyIurYq0pyd1STVagA0VumN4Q6Rdpgn8o6F2p4xs3fZ7kbDSSWinRENXp+WHbfNNu w/W2OqAL3KmBrkdqh/XeTts5HdV2+a/lS4juhml4hr04Mv0HhOjfrVNuVhk8riEBhQKw xhBA==
X-Gm-Message-State: ACgBeo0gnff2YMyfJnixYrBo5KoOOAhRscIYUAj+8OY4FQ7AlScYKLjl 6Emcz3u2hvKOhq6SW7uE3SBN0Dc9F7wpl2CEs4DSFQ==
X-Google-Smtp-Source: AA6agR59cvy/AtoJ7JiKdne7pDpd6LpDsiuuctDkKoSzYjWL5GM7iMeSElFF9/GgPKhR0rbbc9N7FG4RtPaxEEHO5Gc=
X-Received: by 2002:a05:651c:1601:b0:25d:744b:cdb5 with SMTP id f1-20020a05651c160100b0025d744bcdb5mr5314697ljq.351.1660577286904; Mon, 15 Aug 2022 08:28:06 -0700 (PDT)
MIME-Version: 1.0
References: <CAM5+tA9tOGuy8scXStxOTzWOwG_zvDHx4Hi5CwkGiYmzNLOvqw@mail.gmail.com> <9687af1f59a6492f8353ade4d920fa95@huawei.com> <CAM5+tA8UF-3ZHkE0npZ0r5sDQ+FudTSPhpWns1BsPCk=NecX+Q@mail.gmail.com> <7e4606c4534c49a593863bda870b6e63@huawei.com> <3f138b03-940a-e83a-6c6e-6039506b6e4b@gont.com.ar> <10f89b7cbe784881bd22b4af81577aa6@huawei.com> <CAN-Dau0nz0TouDnz5pei0MCmTzSbP8q+gHLx1m0sxX0hsuPX3w@mail.gmail.com> <b9f33aa499b043bb90ff926731db9739@huawei.com> <b885bdd4-d837-1eda-9614-36c76190d920@gont.com.ar> <a6975472445f49018abab153fa61b399@huawei.com> <YvoaJ+IJdl/VXYLj@Space.Net> <CADzU5g5gGOOPD8MRtwhOFF_je9p+J0sGhetcAnMoFsWVeB4KBA@mail.gmail.com> <33249103-b373-03f8-655a-71cb9751e36f@si6networks.com>
In-Reply-To: <33249103-b373-03f8-655a-71cb9751e36f@si6networks.com>
From: Tom Herbert <tom@herbertland.com>
Date: Mon, 15 Aug 2022 08:27:55 -0700
Message-ID: <CALx6S35S+ZxsuSsC2EhwRXNR0Huis=QcZXhgOWvEcJWYTXSs3A@mail.gmail.com>
To: Fernando Gont <fgont@si6networks.com>
Cc: Clark Gaylord <cgaylord@vt.edu>, Gert Doering <gert@space.net>, Vasilenko Eduard <vasilenko.eduard=40huawei.com@dmarc.ietf.org>, David Farmer <farmer=40umn.edu@dmarc.ietf.org>, IPv6 Operations <v6ops@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/xH9A-uaVKldn_EIIuFV7El4lUrc>
Subject: Re: [v6ops] Are we competitive?
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Aug 2022 15:28:13 -0000
On Mon, Aug 15, 2022 at 7:30 AM Fernando Gont <fgont@si6networks.com> wrote: > > On 15/8/22 07:35, Clark Gaylord wrote: > > Hiding a random 64 bit number?? > > Please note: > > 1) The traditional SLAAC IID wasn't random, bur rather the underlying > MAC address. > > 2) Windows picks a randomied but otherwwise *constant* IID -- so, for > most practical purposes, it doesn't matter much whether it's random > or not -- because it's constant. > > 3) With RFC7217, the IIDs are random (but stable) -- by design. RFC8981 > makes IIDs that vary over time -- but a) they may be stable for "long > enough", and b) enterprises generally disable temporary addresses > > 4) With DHCPv6, whether the number is random or not depends on the > DHCPv6 server implementation. And there is no formal requirement > (IIRC) for the IIDs to be randomized.. and even less for the address > pool to be a /64. > > 5) It doesn't matter how the number was selected. If the attacker can > learn the number, and use it for the necessary period of time (which, > with automated tools can be a really short period of time), you're > probably better off not leaking this number. > Fernando, The moment someone connects to an external host on the Internet such a number is leaked. For instance, if an attacker has access to an Internet server with a user login, they would have the mapping from address to user PII. With that information, they could cross correlate unrelated intercepted traffic with the same address as being attributed to the same user. If the address times out, then it's likely that the application would login again to the server, so the user's address is still compromised. For real, quantifiable privacy in Internet addressing, we need to give each connection its own unique pseudo random address. If there are enough users behind a CGNAT this is effectively achieved. To get this without NAT, I have proposed draft-herbert-ipv6-prefix-address-privacy. Tom > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: fgont@si6networks.com > PGP Fingerprint: F242 FF0E A804 AF81 EB10 2F07 7CA1 321D 663B B494 > > _______________________________________________ > v6ops mailing list > v6ops@ietf.org > https://www.ietf.org/mailman/listinfo/v6ops
- [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? shogunx
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Ed Horley
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? nalini.elkins@insidethestack.com
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Ackermann, Michael
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Brian E Carpenter
- Re: [v6ops] Are we competitive? Philipp S. Tiesel
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Gábor LENCSE
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Chongfeng Xie
- Re: [v6ops] Are we competitive? Xipengxiao
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Ted Lemon
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- [v6ops] book6 [was: Are we competitive?] Brian E Carpenter
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gábor LENCSE
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? David Farmer
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Mark Smith
- Re: [v6ops] Are we competitive? Clark Gaylord
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Ted Lemon
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Tom Herbert
- Re: [v6ops] Are we competitive? Ted Lemon
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Mark Smith
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Gert Doering
- Re: [v6ops] Are we competitive? Vasilenko Eduard
- Re: [v6ops] Are we competitive? Tom Herbert
- Re: [v6ops] Are we competitive? Fred Baker
- Re: [v6ops] Are we competitive? Fernando Gont
- Re: [v6ops] Are we competitive? Tom Herbert
- Re: [v6ops] Are we competitive? Nick Buraglio
- Re: [v6ops] Are we competitive? Greg Skinner
- Re: [v6ops] Are we competitive? Soni "They/Them" L.
- Re: [v6ops] Are we competitive? Gmail