Earlier, Tony Li wrote: % 2/ also creates a significant security issue. % If a MAC address is visible outside of the local subnet, % then it implies that someone can track a host % as it migrates across the Internet.
If a flat Node Identifier isn't visible to correspondents outside the local subnet, then it isn't terribly useful to have a flat Node Identifier. One of the objectives of an Identifier is for it to be widely visible to (potential) correspondents. That way, if either party moves, the session that has been bound to the Identifiers can remain up, even though one or both locations have changed. This is crucial to both multi-homing and mobility deployments. % That's been widely discussed during % the first iteration of GSE and pretty generally viewed % as a Bad Idea. At the very least, there needs to be a % mechanism to escape from the MAC address and jump % to a separately assigned space. This concern is misplaced, and there is nothing magic here about a MAC as the Identifier. Any Identifier will have the same essential properties. Traffic analysis techniques have been employed commercially since at least the middle 1990s to track users -- even users that change IP addresses often. I understand that such methods continue to be used (and continue to be effective) by a number of firms on the network. Note that these methods can track "users", and are not limited to just tracking "nodes". While I don't have a URL to hand just this minute, I understand that recent work at U. Cambridge of late has put additional network traffic analysis methods into the published literature. I don't object per se to an "escape mechanism", but I do NOT believe that there is any real privacy benefit to such a mechanism. I feel similarly about the IPv6 Privacy Extensions (sic), which have similar levels of (in)effectiveness. Yours, Ran [EMAIL PROTECTED] -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
