On Mar 4, 2011, at 2:37 PM, Fred Baker wrote: > On Mar 4, 2011, at 10:39 AM, Keith Moore wrote: > >> I've always assumed that privacy addresses were meant to be ephemeral. >> Otherwise, there's no point to them. > > Ephemeral, yes. On what timeframe - Christian, my understanding is that > Windows changes them daily. Correct? > > There are a couple of other timing alternatives. One is to create a new > address for every TCP session. If you think that's a good idea - and it does > have its merits - I'll encourage you to think through the implications of > Duplicate Address Detection. I think you'll find hosts need to have a pool of > vetted addresses in their pockets in order to do things like web access. > > A better alternative might be to change the address once a minute or once an > hour. The value of doing so would be to side-step an attack without betraying > to the attacker that you know you're under attack. > > Another alternative would be to change addresses at some nominal rate (such > as daily) but feel free to change addresses if you perceive yourself to be > under attack.
I agree that hosts that use privacy addresses need to keep a pool of vetted addresses. I think that a privacy address should last at least as long as any TCP session that uses it, though they need to be deprecated after awhile so that new sessions don't use them. I like the idea of deprecating privacy addresses at regular intervals. Having a mechanism to deprecate them more frequently if under attack might also be useful. The question that comes to my mind is "how to securely signal hosts that they're under such attack, and need to do this?" Keith _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
