Christian Huitema wrote: [...] > Structured identifiers are not compatible with privacy address > extensions. Moreover, embedding addresses in identifiers discloses > information that would otherwise have remained hidden behind the NAT > and the firewall. The IPv4 address encoded in the host identifier is > passed to third parties, stored in server logs. The third parties now > have access to the local addresses used inside the corporation. They > can analyze subnet structure. At a minimum, this should be a privacy > concern. [...]
Agree, this is captured in the recently posted draft-thaler-behave-translator-addressing-00.txt section 3.1 point 6: When the IPv4 network is a private network for which the topology is considered sensitive information, the algorithm SHOULD provide a way to hide the details of the internal IPv4 subnetting scheme. Note that there may be other mechanisms of discovering the topology beyond merely inspecting addresses, so while this is not sufficient in itself, it is a necessary component of any larger solution. Also note that providing this capability conflicts with requirement 3. Aside: I just discovered the end is a typo (it shouldn't be "3"), it's referring to the use of dotted-decimal in the textual representation of IPv6 addresses with embedded IPv4 addresses, which makes management and troubleshooting easier (which is also listed as a SHOULD and hence the note that you can't meet both SHOULDs). -Dave -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
