Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-18 Thread Steven Bellovin 

On May 17, 2011, at 10:30 13PM, Joel Jaeggli wrote:

> 
> On May 17, 2011, at 6:09 PM, Scott Weeks wrote:
> 
>> --- joe...@bogus.com wrote:
>> From: Joel Jaeggli 
>> On May 17, 2011, at 4:30 PM, Scott Brim wrote:
>>> On May 17, 2011 6:26 PM,  wrote:
 On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
 
> What about privacy concerns
 
 "Privacy is dead.  Get used to it." -- Scott McNeely
>>> 
>>> Forget that attitude, Valdis. Just because privacy is blown at one level
>>> doesn't mean you give it away at every other one. We establish the framework
>>> for recovering privacy and make progress step by step, wherever we can.
>>> Someday we'll get it all back under control.
>> 
>> if you put something in the dns you do so because you want to discovered. 
>> scoping the nameservers such that they only express certain certain resource 
>> records to queriers in a particular scope is fairly straight forward.
>> 
>> 
>> 
>> The article was not about DNS.  It was about "Persistent Personal Names for 
>> Globally Connected Mobile Devices" where "Users normally create personal 
>> names by introducing devices locally, on a common WiFi network for example. 
>> Once created, these names remain persistently bound to their targets as 
>> devices move. Personal names are intended to supplement and not replace 
>> global DNS names."  
> 
> you mean like mac addresses? those have a tendency to follow you around in 
> ipv6...
> 
This is why RFC 3041 (replaced by 4941) was written, 10+ years ago.  The problem
is that it's not enabled by default on many (possibly all) platforms, so I
have to have

# cat /etc/sysctl.conf
net.inet6.ip6.use_tempaddr=1

set on my Mac.


--Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Joel Maslak 
On Tue, May 17, 2011 at 9:37 PM,  wrote:


> Unless you end up behind a fascist firewall that actually checks that the
> EUI-64 half of the SLAAC address actually matches your MAC address - but we
> all
> know that firewalls are weak at IPv6 support, so probably nobody's actually
> doing that checking. :)
>


Nevermind you can change your MAC address easily on most networks, since
most don't provide any reasonable way of verifying that L2 packets are from
where they claim to be.

FWIW, Windows Vista and 7 default to using privacy addresses with SLAAC.
Even without that, today, in the IPv4 NAT world, it's pretty much possible
to uniquely identify a user nearly almost all of the time anyhow - at least
for web access.  This is thanks to browser fingerprinting - see
https://panopticlick.eff.org/browser-uniqueness.pdf

There's a lot of FUD about IPv6.  Yes, the addresses are longer.  But which
is easier - remembering all the intermediate layers of network translation
(likely two boxes for nearly every residential and small business user) or
an IPv6 address that is the same, regardless of whether you are another
customer on the same ISP, a public internet user, or an internal corporate
user?  Nevermind what it is like to debug IPSEC/PPTP/L2TP, SIP, or P2P
protocols with just one NAT involved.  Imagine doing that with two NAT
devices (CGN + home NAT).  If you haven't had that unfortunate pleasure,
than I envy you!  There's also no reason we should have to remember our IPv6
addresses.  Seriously.  There are about 50 protocols to name things on
networks, many of which are scope aware.  Among other things, it's why we
don't typically have to remember MAC addresses - ARP works and it works
well.  Just because bad design forced us to remember IPv4 addresses doesn't
mean our IPv6 networks should carry over that brokenness.

IPv6 is also already in widespread use (I would guess all 500 of the Fortune
500 have it somewhere on their network, albeit quite likely not
intentionally).  I use it almost daily for my Apple MobileMe account (albeit
typically tunneled over IPv4, all behind-the-scenes).  I also use it when I
stream music around my house (Bonjour will utilize IPv6, AirTunes typically
uses it).  Windows admins might be using it too (DirectAccess; MS Remote
Assistance if firewalls block connectivity then Windows will set up a direct
IPv6 link, tunneling through your firewalls and NAT...).  And Grandma very
well may be using it today (Windows "Home Groups" use IPv6).  I would guess
half of the family members of NANOG list subscribers are using IPv6 on a
daily basis - TODAY.  The danger is in ignoring what is already on your
networks.  Sure, you can't get to most websites via IPv6.  But it's being
used for plenty of useful work today, although mostly as a way around
firewalls and as isolated islands (not connected to the global IPv6
network).

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Valdis . Kletnieks 
On Tue, 17 May 2011 20:22:23 PDT, Joel Jaeggli said:
> On May 17, 2011, at 7:51 PM, Scott Weeks wrote:
> > Only if you design your network that way.  EUI-64 isn't required.
> don't much matter, if you move around you're going get them a lot.

Of course, if you're moving around and getting EUI-64 addresses via SLAAC, you
can almost certainly use RFC4941 privacy addresses (instead of/in addition to)
your MAC-address based address.

Unless you end up behind a fascist firewall that actually checks that the
EUI-64 half of the SLAAC address actually matches your MAC address - but we all
know that firewalls are weak at IPv6 support, so probably nobody's actually
doing that checking. :)



pgpTvb98PTcxj.pgp
Description: PGP signature

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Joel Jaeggli 

On May 17, 2011, at 7:51 PM, Scott Weeks wrote:

> 
> 
> --- joe...@bogus.com wrote:
> From: Joel Jaeggli 
> 
>> if you put something in the dns you do so because you want to discovered. 
>> scoping the nameservers such that they only express certain certain resource 
>> records to queriers in a particular scope is fairly straight forward.
>> 
>> 
>> 
>> The article was not about DNS.  It was about "Persistent Personal Names for 
>> Globally Connected Mobile Devices" where "Users normally create personal 
>> names by introducing devices locally, on a common WiFi network for example. 
>> Once created, these names remain persistently bound to their targets as 
>> devices move. Personal names are intended to supplement and not replace 
>> global DNS names."  
> 
> you mean like mac addresses? those have a tendency to follow you around in 
> ipv6...
> -
> 
> 
> 
>  
>   Still an IPv6 wussie...  :-) 
>   
> 
> 
> Only if you design your network that way.  EUI-64 isn't required.

don't much matter, if you move around you're going get them a lot.

> scott
>

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Weeks 


--- joe...@bogus.com wrote:
From: Joel Jaeggli 

> if you put something in the dns you do so because you want to discovered. 
> scoping the nameservers such that they only express certain certain resource 
> records to queriers in a particular scope is fairly straight forward.
> 
> 
> 
> The article was not about DNS.  It was about "Persistent Personal Names for 
> Globally Connected Mobile Devices" where "Users normally create personal 
> names by introducing devices locally, on a common WiFi network for example. 
> Once created, these names remain persistently bound to their targets as 
> devices move. Personal names are intended to supplement and not replace 
> global DNS names."  

you mean like mac addresses? those have a tendency to follow you around in 
ipv6...
-



 
   Still an IPv6 wussie...  :-) 
  


Only if you design your network that way.  EUI-64 isn't required.


scott

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Weeks 


--- scott.b...@gmail.com wrote:
From: Scott Brim 

Yes indeed.  
-


Hm, that's a funny correlation to what I have been thinking and talking about 
lately.  I'll have to read the draft-brim-mobility-and-privacy-00 paper as the 
pdf-bullet-point-syndrome has overtaken my info absorption abilities.  I looked 
at the pdf, but bullet points make me have the deer-in-the-headlights look.  ;-)

scott

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Joel Jaeggli 

On May 17, 2011, at 6:09 PM, Scott Weeks wrote:

> --- joe...@bogus.com wrote:
> From: Joel Jaeggli 
> On May 17, 2011, at 4:30 PM, Scott Brim wrote:
>> On May 17, 2011 6:26 PM,  wrote:
>>> On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
>>> 
 What about privacy concerns
>>> 
>>> "Privacy is dead.  Get used to it." -- Scott McNeely
>> 
>> Forget that attitude, Valdis. Just because privacy is blown at one level
>> doesn't mean you give it away at every other one. We establish the framework
>> for recovering privacy and make progress step by step, wherever we can.
>> Someday we'll get it all back under control.
> 
> if you put something in the dns you do so because you want to discovered. 
> scoping the nameservers such that they only express certain certain resource 
> records to queriers in a particular scope is fairly straight forward.
> 
> 
> 
> The article was not about DNS.  It was about "Persistent Personal Names for 
> Globally Connected Mobile Devices" where "Users normally create personal 
> names by introducing devices locally, on a common WiFi network for example. 
> Once created, these names remain persistently bound to their targets as 
> devices move. Personal names are intended to supplement and not replace 
> global DNS names."  

you mean like mac addresses? those have a tendency to follow you around in 
ipv6...

> I see a lot of folks on lists designing future networks where an identifier 
> follows you everywhere and we as operators will have to deal with a public 
> hostile to the idea of being followed.  It's happening now.  Just read all 
> the articles on privacy lost.  It's not going to go away.  People like their 
> privacy whether they're doing bad things or not.
> 
> scott
>

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Brim 
Yes indeed.  

-- sent from a tiny screen

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Weeks 

--- valdis.kletni...@vt.edu wrote:
From: valdis.kletni...@vt.edu

> Why give the corpment (corporate/government contraction) an easy time at it?
> Just like the early days, security and privacy do not seem to be in folk's 
> mind
> when things are being designed.

But more importantly, who has more/better lobbyists, you or the people who
want things like COICA and ACTA?

You're going to have to fix *that* problem before trying to address it at the
protocol level will do any real, lasting good.  Either that or we need a *lot* 
more TOR
relays (while those are still legal).
---

It's a multi-layered problem and designers at all layers need to keep privacy 
in mind.  You can't solve the multi-layered privacy problem with a design at 
one layer.




Oh, and an article that coincidentally popped up since I hit 'send' on the
previous mail:

http://radar.oreilly.com/2011/05/anonymize-data-limits.html

Designing things to evade good data mining is a *lot* harder than it looks.


This article doesn't really address what we're discussing.  It looks at the 
'upper' layer only.  I'm just saying that we don't need an ID that follows us 
everywhere like, I believe, LOC/ID split and "Unmanaged Internet Architecture" 
(from the "Persistent Personal Names for Globally Connected Mobile Devices" 
paper) apparently does (I haven't read their paper thoroughly enough to comment 
in an authoritative manner, though).  There has got to be another way.  RINA 
(http://www.cs.bu.edu/fac/matta/Papers/rina-security.pdf) addresses 
privacy/security, but the nanog show-me-the-code folks were unimpressed with 
the existing code when I asked the list about it in the past.

scott

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Weeks 
--- joe...@bogus.com wrote:
From: Joel Jaeggli 
On May 17, 2011, at 4:30 PM, Scott Brim wrote:
> On May 17, 2011 6:26 PM,  wrote:
>> On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
>> 
>>> What about privacy concerns
>> 
>> "Privacy is dead.  Get used to it." -- Scott McNeely
> 
> Forget that attitude, Valdis. Just because privacy is blown at one level
> doesn't mean you give it away at every other one. We establish the framework
> for recovering privacy and make progress step by step, wherever we can.
> Someday we'll get it all back under control.

if you put something in the dns you do so because you want to discovered. 
scoping the nameservers such that they only express certain certain resource 
records to queriers in a particular scope is fairly straight forward.



The article was not about DNS.  It was about "Persistent Personal Names for 
Globally Connected Mobile Devices" where "Users normally create personal names 
by introducing devices locally, on a common WiFi network for example. Once 
created, these names remain persistently bound to their targets as devices 
move. Personal names are intended to supplement and not replace global DNS 
names."  

I see a lot of folks on lists designing future networks where an identifier 
follows you everywhere and we as operators will have to deal with a public 
hostile to the idea of being followed.  It's happening now.  Just read all the 
articles on privacy lost.  It's not going to go away.  People like their 
privacy whether they're doing bad things or not.

scott

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Valdis . Kletnieks 
(And I get flamed by multiple people because I put in the quote and managed to
hit send before adding the commentary. Maybe one of these days I'll learn not
to try to mix replying to e-mail and dealing with vendor engineers doing a tape
library expansion at the same time. :)  Oh well, equivalent text follows as a
reply to Scott...)

On Tue, 17 May 2011 16:05:11 PDT, Scott Weeks said:
> It doesn't have to be that way.  We can design these things any way we want.

True.  The question is whether we get to *deploy* said designs.

> Why give the corpment (corporate/government contraction) an easy time at it?
> Just like the early days, security and privacy do not seem to be in folk's 
> mind
> when things are being designed.

But more importantly, who has more/better lobbyists, you or the people who
want things like COICA and ACTA?

You're going to have to fix *that* problem before trying to address it at the
protocol level will do any real, lasting good.  Either that or we need a *lot* 
more TOR
relays (while those are still legal).

Oh, and an article that coincidentally popped up since I hit 'send' on the
previous mail:

http://radar.oreilly.com/2011/05/anonymize-data-limits.html

Designing things to evade good data mining is a *lot* harder than it looks.




pgpREhdu7wqDC.pgp
Description: PGP signature

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Joel Jaeggli 

On May 17, 2011, at 4:30 PM, Scott Brim wrote:

> On May 17, 2011 6:26 PM,  wrote:
>> 
>> On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
>> 
>>> What about privacy concerns
>> 
>> "Privacy is dead.  Get used to it." -- Scott McNeely
> 
> Forget that attitude, Valdis. Just because privacy is blown at one level
> doesn't mean you give it away at every other one. We establish the framework
> for recovering privacy and make progress step by step, wherever we can.
> Someday we'll get it all back under control.

if you put something in the dns you do so because you want to discovered. 
scoping the nameservers such that they only express certain certain resource 
records to queriers in a particular scope is fairly straight forward.

> Scott
>

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Brim 
On May 17, 2011 6:26 PM,  wrote:
>
> On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
>
> > What about privacy concerns
>
> "Privacy is dead.  Get used to it." -- Scott McNeely

Forget that attitude, Valdis. Just because privacy is blown at one level
doesn't mean you give it away at every other one. We establish the framework
for recovering privacy and make progress step by step, wherever we can.
Someday we'll get it all back under control.

Scott

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Weeks 


--- valdis.kletni...@vt.edu wrote: -
From: 
On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
 
> What about privacy concerns

"Privacy is dead.  Get used to it." -- Scott McNeely
--


It doesn't have to be that way.  We can design these things any way we want.  
Why give the corpment (corporate/government contraction) an easy time at it?  
Just like the early days, security and privacy do not seem to be in folk's mind 
when things are being designed.

scott

Re: user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Valdis . Kletnieks 
On Tue, 17 May 2011 15:04:19 PDT, Scott Weeks said:
 
> What about privacy concerns

"Privacy is dead.  Get used to it." -- Scott McNeely




pgpsQx7TWOx0s.pgp
Description: PGP signature

user-relative names - was:[Re: Yahoo and IPv6]

2011-05-17 Thread Scott Weeks 


--- d...@dotat.at wrote:
Or perhaps user-relative names.
http://www.brynosaurus.com/pub/net/uia-osdi.pdf
--


What about privacy concerns; stopping your every move being tracked through the 
personal name attached to all of your devices?  Did I miss something in the 
paper?

scott