Dear all, I support this document to be an official working group document.
IPv6 is being considered to be a protocol providing Internet access from vehicles. When we consider vehicular communications, location privacy becomes vital. The described mechanism "stable-privacy-addresses" would help for it. Cheers. On Fri, Apr 13, 2012 at 2:45 PM, Fernando Gont <fg...@si6networks.com>wrote: > Hi, Tim, > > Thanks so much for your feedback! Please find my comments inline... > > On 04/13/2012 12:37 PM, Tim Chown wrote: > > Extensions. If I understand it correctly, essentially what you are > > defining is randomised stable-per-prefix public interface > > identifiers, > > Exactly. > > > > On 3484bis, if stable privacy addresses are alternative public (not > > temporary) identifiers for hosts then is there anything more to say? > > Not that I can think of. > > > > Note that RFC4941 temporary addresses can also be stable, in that > > they do not change if the host stays on the same network; the > > specification only says identifiers SHOULD be regenerated at some > > defined interval. > > Two things: > > * If you do RFC 4941 but do not change the addresses over time (e.g. as > Windows does for their stable addresses), then you can be tracked > exactly in the same way as with MAC-based addresses. Such addreseses > mitigate only host-scanning attacks (i.e., they are unpredictable), but > since there's a constant identifier used across networks, tracking is > still possible. -- So at the time you implement RFC 4941 without > regenerating the addresses over time, they are not *privacy* extensions > anymore :-) > > * IMO, it is a bit of a strech to say "RFC4941 temporary addresses can > also be stable", implying that stability is allowed. That would be the > case if "identifiers MAY be generated at some defined interval". But if > it's a SHOULD, and you go against it, you're not fully-compliant with > the specification. ("SHOULD" just means that there are specific cases in > which you're allowed to not follow the recommendation). > > > > > Finally, it would be interesting to know what algorithm Windows uses > > to generate its identifiers; they are randomised, public and stable. > > I had thought they were based on the prefix, but Fernando's tests > > suggest not. > > Dave Thaler commented on this one during the 6man wg meeting at IETF 83: > They do RFC4941, without changing the addresses over time. Hence, the > identifiers are constant across networks. > > This means that they mitigate host scanning attacks, but as noted in > draft-gont-6man-stable-privacy-addresses-01 they are still subject to > host-tracking. > > Thanks! > > Best regards, > -- > Fernando Gont > SI6 Networks > e-mail: fg...@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- > -- RSM Department, TELECOM Bretagne, France Jong-Hyouk Lee, living somewhere between /dev/null and /dev/random #email: jonghyouk (at) gmail (dot) com #webpage: http://sites.google.com/site/hurryon/
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------