A quick HMIPv6 comment below.
Alexandru Petrescu wrote:
Brian E Carpenter wrote:
If IPv6 has a better anonymity solution, can someone point me to it? Or do I have to start working on NATv6? (See, this is why I don't always want to identify myself! :-)
See RFC 3041 - It does exactly what you want without the drawbacks of NAT.
Actually not, if you have a domestic /48 or /64 prefix. But the MobileIP solution looks OK.
Looks but doesn't act like really providing location privacy, IMHO.
In my understanding, the essence of the hmipv6 location privacy mechanism lies in the MAP replacing a RCoA for a LCoA (when decapsulating). However, it is very much likely that the two addresses will only differ in the /64 prefix.
There is no problem with the RCoA and LCoA differing only in prefix if the LCoA and RCoA are based on RFC3041 addresses.
In this case, there is no identity information in the care-of-addresses, and no specific location information available in packets which are sent from the RCoA.
For communications completed while the RCoA is unchanged, the MN can use a 3041 based RCoA, and not use the MIPv6 Home Address options (or use the RCoA as a home address), in which case there is no identity information in the packets sent or received from the MN to correspondent nodes, and no location information more accurate than which MAP the MN is using.
Please try to track a user in this situation!
Suffices it for an attacker that wants to find the correlation LCoA-RCoA to visit the MAP domain once and learn that domain's prefixes that are part of all of that domain's LCoA's.
Location privacy within the MAP domain is still achieved for the MN, since this is not divulged to anyone other than the MAP. Of course you could easily determine what the advertised MAP coverage was, but anyone could still use a MAP when they are not in the base coverage domain, so long as there is connectivity between the MAP and MN, and the MAP policy allows this.
What one really obtains with HMIP is that one gets assigned two addresses and is free to inform its CN about one of those addresses. Nothing about a location being assigned to an address, let alone the question of hiding that location.
Locations are implied by IPv6 subnet information in the LCoA. IP access subnets which span greater areas than a city are a bad idea IMHO.
Of course the MN is responsible for which addresses it uses in conversation. If it's aware of a need for privacy and still advertises the IP subnet it is located at then privacy isn't going to work.
Another location privacy drawback in hmipv6 is that it is the network that decides whether an MN can use that location privacy or not. That should supposedly be entirely an MN choice.
I think that there may be location indirection services which accept fees from MNs to provide location privacy with HMIPv6, without being in the Access Service provider. This would be an opt-in service, on the MN's behalf.
Also, we're looking at the possibility that certain countries will ensure that ISPs in their jurisdiction provide location privacy. If HMIPv6 is the only candidate (and works), I'm sure that it will be adopted.
If you're more interested in the technical details, then we can take this to Mobile-IP WG.
Greg
-------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
