Hi Pekka,
I am proposing the following changes to resolve the issues that you
raised.
* I have made all the changes we both agreed on.
* I have added the following problem statement
"Addresses generated using Stateless address autoconfiguration
[ADDRCONF]contain an embedded 64-bit interface identifier, which
remains constant over time. Anytime a fixed identifier is used in
multiple contexts, it becomes possible to correlate seemingly
unrelated activity using this identifier.
The correlation can be performed by
o An attacker who is in the path between the node in question and
the peer(s) it is communicating to, and can view the IPv6
addresses present in the datagrams.
o An attacker who can access the communication logs of the peers
with which the node has communicated.
Since the identifier is embedded within the IPv6 address, which is a
fundamental requirement of communication, it cannot be easily hidden.
This document proposes a solution to this issue by generating
interface identifiers which vary over time."
* I have added the following text to the background section 2.1
"Although it might appear
that changing an address regularly in such environments would be
desirable to lessen privacy concerns, it should be noted that the
network prefix portion of an address also serves as a constant
identifier. All nodes at (say) a home, would have the same network
prefix, which identifies the topological location of those nodes.
This has implications for privacy, though not at the same granularity
as the concern that this document addresses. Specifically, all nodes
within a home could be grouped together for the purposes of
collecting information. If the network contains a very small number
of nodes, say just one, changing just the interface identifier will
not enhance privacy at all, since the prefix serves as a constant
identifier."
* Added an informative reference to the dnsop issues draft.
* I hope the problem statement above justifies the use of privacy
addresses for ULAs
* Added the following text specifying the conditions for DHCPv6 to be used
for privacy
"One way to avoid some of the problems discussed above is to use
DHCPv6 [DHCPV6] for obtaining addresses. The DHCPv6 server could be
configured to hand out addresses that change over time. But DHCPv6
will solve the privacy issue only if it frequently handed out
constantly changing addresses to the nodes. Since this does not
happen automatically, and is difficult to configure manually, DHCPv6
is not really suited for solving the privacy issues addressed by this
document."
* Removed the text about processing router advertisements and added a
normative reference to rfc2462bis
* Removed the v6 specific text in "Address Usage in IPv4 today"
Let me know if these changes address your concerns.
Thanks
Suresh
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
