On 05/22/2013 03:34 AM, Dave Thaler wrote: >> I attend an IETF meeting, and learn the IID of your laptop. Then I can >> actively >> probe your node regarding "Is David at the office?" "Is David at home?", >> etc.... simply because your IID is known and constant. > > Since you're making this personal... please explain how you can probe whether > I'm at the office or at home, both of which are behind firewalls (so won't > respond > to arbitrary probes) and have address prefixes you don't know to begin with.
As noted, this wasn't meant to be personal -- it was just meant to be an example. Now, given the example under discussion: I could learn your IID when we both attend the IETF meeting. And I could learn your prefixes when you post to mailing-lists from such places. Then I could use Prefix|IID to track you. The fact that you use a firewall is mostly irrelevant. I'd bet your firewall still reponds to some packets (e.g., packets with unsupported options?). And, if that were not the case, I could rely on the ICMPv6 "address resolution failed" error messages sent by your local router (i.e., if I receive one of such messages, you're not there. If I don't, you are). I've seen similar discussions for different kinds of IDs in the past, and every time someone pushed a flawed/sub-optimal approach, they got bitten. Moral of the story: don't leak more than necessary to achieve your desired goal, or you'll be bitten. P.S.: This was discussed off-list already... but I posted this on-list so that wg participants are aware of my response. Cheers, -- Fernando Gont SI6 Networks e-mail: fg...@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------