Personally I support this draft. But would like to see stable privacy enhanced addresses as a replacement for IEEE-based addresses since they allow an attacker to infer to the vendor of a NIC. On OUIs of Apple Inc. they also allow conclusion to the operating system.
Thus an attacker gets more information by an IPv6 address than they should in my opinion. Cheers, Dominik On Thu, Apr 19, 2012 at 22:17, Fernando Gont <fg...@si6networks.com> wrote: > On 04/19/2012 10:34 AM, Eliot Lear wrote: >>> It's not an argument against RFc4941, but rather an argument that even >>> with RFC4941, you still need to do something about the IEEE-based IIDs. >>> At the Paris IETF, some folks argued that if you have RFC 4941 in place, >>> you don't need draft-gont-6man-stable-privacy-addresses. Section 7 of >>> draft-gont-6man-stable-privacy-addresses (which should be an Appendix, >>> rather than a section in the main body of the document) illustrates that >>> that's not the case: even if you're employing RFC4941, you're still >>> subject to host-scanning attacks and host tracking. >> >> Well, host scanning at least. Host tracking depends on the implementation. > > Not sure what you mean. If you don't do > draft-gont-6man-stable-privacy-addresses, you do either IEEE-derived > IIDs, or the randomized-but-stable-across-networks Windows IIDs. -- And > as long as you have stable-across-networks IIDs, you can be tracked. > > >>> How do you arrive to the conclusion that people might want to use this >>> instead of CGAs?? >>> >>> As noted in the I-D tihs mechanism is meant to be a replacement for IIDs >>> based on IEEE identifiers. This is orthogonal to RFC4941 and orthogonal >>> to CGAs. >> >> I know what you mean. That matters less than how other people make use >> of the work. > > We can't produce specs for people that cannot read and understand specs. > draft-gont-6man-stable-privacy-addresses solves a real and existing problem. > > To me, "people using draft-gont-6man-stable-privacy-addresses instead of > CGAs" makes as much sense as "people using > draft-gont-6man-stable-privacy-addresses instead of TCP" -- I don't even > know how that might happen, and I've not heard your reasoning of why > that might happen. > > Cheers, > -- > Fernando Gont > SI6 Networks > e-mail: fg...@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
