Dear all,
I support this document to be an official working group document.
IPv6 is being considered to be a protocol providing Internet access from
vehicles. When we consider vehicular communications, location privacy
becomes vital. The described mechanism "stable-privacy-addresses" would
help for it.
Cheers.
On Fri, Apr 13, 2012 at 2:45 PM, Fernando Gont <fg...@si6networks.com>wrote:
> Hi, Tim,
>
> Thanks so much for your feedback! Please find my comments inline...
>
> On 04/13/2012 12:37 PM, Tim Chown wrote:
> > Extensions. If I understand it correctly, essentially what you are
> > defining is randomised stable-per-prefix public interface
> > identifiers,
>
> Exactly.
>
>
> > On 3484bis, if stable privacy addresses are alternative public (not
> > temporary) identifiers for hosts then is there anything more to say?
>
> Not that I can think of.
>
>
> > Note that RFC4941 temporary addresses can also be stable, in that
> > they do not change if the host stays on the same network; the
> > specification only says identifiers SHOULD be regenerated at some
> > defined interval.
>
> Two things:
>
> * If you do RFC 4941 but do not change the addresses over time (e.g. as
> Windows does for their stable addresses), then you can be tracked
> exactly in the same way as with MAC-based addresses. Such addreseses
> mitigate only host-scanning attacks (i.e., they are unpredictable), but
> since there's a constant identifier used across networks, tracking is
> still possible. -- So at the time you implement RFC 4941 without
> regenerating the addresses over time, they are not *privacy* extensions
> anymore :-)
>
> * IMO, it is a bit of a strech to say "RFC4941 temporary addresses can
> also be stable", implying that stability is allowed. That would be the
> case if "identifiers MAY be generated at some defined interval". But if
> it's a SHOULD, and you go against it, you're not fully-compliant with
> the specification. ("SHOULD" just means that there are specific cases in
> which you're allowed to not follow the recommendation).
>
>
>
> > Finally, it would be interesting to know what algorithm Windows uses
> > to generate its identifiers; they are randomised, public and stable.
> > I had thought they were based on the prefix, but Fernando's tests
> > suggest not.
>
> Dave Thaler commented on this one during the 6man wg meeting at IETF 83:
> They do RFC4941, without changing the addresses over time. Hence, the
> identifiers are constant across networks.
>
> This means that they mitigate host scanning attacks, but as noted in
> draft-gont-6man-stable-privacy-addresses-01 they are still subject to
> host-tracking.
>
> Thanks!
>
> Best regards,
> --
> Fernando Gont
> SI6 Networks
> e-mail: fg...@si6networks.com
> PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
>
>
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------
>
--
RSM Department, TELECOM Bretagne, France
Jong-Hyouk Lee, living somewhere between /dev/null and /dev/random
#email: jonghyouk (at) gmail (dot) com
#webpage: http://sites.google.com/site/hurryon/
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
