Hi Fernando,

since I got confused on the discussion in the plenary this morning: I
think we have to consider that having a temporary address like defined
in RFC 4941 does not prevent from or even mitigates the scanning
problem mentioned this morning in discussion. Scanning MAC-address
derived addresses on hosts using privacy extension keeps possible and
feasible since the privacy address is only an additional address. The
address derived by the MAC address is still reachable and a valid
address (like a have just tested on my macbook just to be sure). Thus
it is still possible to scan an IPv6 network by iterating over the
changing 24 bits.

So I don't agree with the sentence: "Clearly, temporary addresses can
help reduce the attack exposure   window, since the lifetime of each
IPv6 address is reduced when compared to that of addresses generated
with the method specified in this document." in
draft-gont-6man-stable-privacy-addresses-00.txt.

The only goal achieved by using a temporary address (_and_ using it)
is privacy in that way, a website, or any other third party service,
cannot track a user also in case of prefix changes. In my opinion
there is no security related reason to use privacy extension.

Cheers,
Dominik



On Tue, Mar 27, 2012 at 14:57, Fernando Gont <fg...@si6networks.com> wrote:
> Folks,
>
> I think that one error in which we have incurred at least in the couple
> of years (myself included) is that we focus our discussion on
> "mac-derived addresses vs privacy addresses" when the question should
> really be about "stable addresses vs. temporary addresses".
>
> Clearly, we don't want any privacy issues (whether temporary or not),
> and we should do something such that all addresses do not have any
> privacy issues. (FWIW, this
> <http://tools.ietf.org/html/draft-gont-6man-stable-privacy-addresses> is
> my proposal to tackle the problem of the privacy issues arising from our
> current "stable" mac-derived addresses).
>
> It is also clear that some folks may be arguing in favor of temporary
> addresses (RFC 4941) for the wrong reasons (albeit understandable):
> because we lack of stable addresses that do not have privacy issues.
>
> So I tend to think that our debate should probably be about "stable vs.
> temporary addresses", but our discussion is kind of blinded by the fact
> that we currently only have "stable but privacy-harmful addresses" on
> one hand, and "temporary and privacy-improved addresses" on the other.
>
> *This* fact is what has turned our discussion into being about "public
> versus privacy address", when it shouldn't: privacy should never be
> compromised.
>
> Thanks,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fg...@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to