> -----Original Message----- > From: behave-boun...@ietf.org [mailto:behave-boun...@ietf.org] On > Behalf Of Iljitsch van Beijnum > Sent: Tuesday, July 07, 2009 12:36 AM > To: marcelo bagnulo braun > Cc: Christian Huitema; 6man; Dave Thaler; Xing Li; Behave WG > Subject: Re: [BEHAVE] Perils of structured host identifiers > > On 6 jul 2009, at 21:26, marcelo bagnulo braun wrote: > > > Maybe this can be addressed by having the Pref64 i.e. the prefix > > used to make representations of IPv4 addresses in the IPv4 address > > space to be shorter than 32 bits. > > This would allow to have the Pref64+ IPv4 address shorter than 64 > > bits and we can still embed crypto info in the last 64 bits as done > > with CGAs > > Why would the NAT64 need CGA IIDs in the bottom 64 bits of IPv6 > addresses that represent IPv4 addresses? > > CGAs are only useful when they're assigned to a host, not in the > address space of protocol A that represents the address space of > protocol B.
Disagree. I'm not sure it's a big deal, but I disagree it has 0 worth. CGAs are useful to prevent spoofing. If a translator chooses to use a CGA to represent an IPv4 host, then spoofing it is _extremely_ difficult. I say I don't consider it a big deal myself because the IPv4 address was already spoofable within the IPv4 network. > > The concerns about privacy can be mitigated by using algorithms that > > scramble the bits of the IPv4 address around. > > Sorry, but the idea that privacy should apply to NAT64 is stupid. Disagree. People already (whether we like it or not) associate a certain degree of privacy with NATs. I also notice you didn't provide any technical rationale for privacy not applying to NAT64. Here we're talking about privacy of details of the IPv4 topology on the IPv6 side of the NAT64. > If you want privacy, set up an IPsec tunnel to the NAT64. Or get an > ISP that you trust enough to let them see the destination addresses in > your packets. > _______________________________________________ > Behave mailing list > beh...@ietf.org > https://www.ietf.org/mailman/listinfo/behave -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
