> There are essentially three privacy issues: > > * main one: IIDs that are constant across networks (this is the one that is > very harmful)
I think outlining that issue is perhaps the most important aspect of Fernando's draft. The logic of automatic address configuration is that a host gets an IID, and use the same IID for all network prefixes, or even when roaming. That's true if the IID is derived from the MAC address, and also true with RFC 4941. This is indeed a major privacy concern, and solving it is quite important. > * second one: correlation of node activities within the same network. In many > cases, no matter whether you change your addresses, it won't be solved. That's largely true, because hosts leak tons of information on the network they connect to. The MAC address of course, but also things like host names in DHCP requests, or even the DNS names queried by the host. Solving that will require a significant effort. > * third one: leaking information about the IID, which could allow attackers > to guess the addresses of other alive nodes. That one is solved by RFC 4941, by this draft, or even by DHCP. I read Fernando's draft as engineering privacy with an exception. The addresses are randomized and have many privacy features, but they remain the same in a local context, and are thus very observable in that local context. That's obviously a tradeoff. I see why IT departments would like that feature -- but then, they could get the same effect by just deploying a DHCP server. However, in the case of roaming the feature is highly debatable. If a host visits the same network multiple times, should it always reuse the same ID, or should it get a new identifier each time? It is very easy to argue that "different each time" has better privacy properties. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
