RE: [6man] Stable privacy addresses (upcoming rev)

2012-03-30 Thread Christian Huitema
> If the regime controls the local-link, then as far as address-tracking is > concerned, you're toast. -- They could sniff the >network and log the address->MAC mappings, have RAs require you to do DHCPv6 >and then have DHCPv6 assign you a > constant address, etc. The obvious solution is to ra

RA "requires" DHCPv6 ?

2012-03-30 Thread Karl Auer
In a discussion titled "Stable privacy addresses (upcoming rev)", Fernando Gont said: > They could [...] have RAs require you to do DHCPv6 and then have > DHCPv6 assign you a constant address, etc. What interests me here is the phrase "have RAs require you to do DHCPv6". When, if ever, are hosts

Re: [6man] Stable privacy addresses (upcoming rev)

2012-03-30 Thread Ray Hunter
Brian E Carpenter wrote: Ray, On 2012-03-31 02:04, Ray Hunter wrote: ... The idea being that authorized persons e.g. law enforcement and network managers SHOULD be able to correlate activity at a later date (for legal compliance, logging, fault finding etc.) whilst an attacker or unauthoriz

Re: [6man] Stable privacy addresses (upcoming rev)

2012-03-30 Thread Fernando Gont
Brian, On 03/30/2012 09:47 PM, Brian E Carpenter wrote: > On 2012-03-31 02:04, Ray Hunter wrote: > ... >> The idea being that authorized persons e.g. law enforcement and network >> managers SHOULD be able to correlate activity at a later date (for legal >> compliance, logging, fault finding etc.)

Re: [6man] Stable privacy addresses (upcoming rev)

2012-03-30 Thread Brian E Carpenter
Ray, On 2012-03-31 02:04, Ray Hunter wrote: ... > The idea being that authorized persons e.g. law enforcement and network > managers SHOULD be able to correlate activity at a later date (for legal > compliance, logging, fault finding etc.) whilst an attacker or > unauthorized person SHOULD NOT. I

Re: 3484bis and privacy addresses

2012-03-30 Thread Fernando Gont
On 03/30/2012 02:24 AM, Mark Andrews wrote: > In message <4f74f78f.1020...@dougbarton.us>, Doug Barton writes: >> >> Also, if you're on a home network, it doesn't matter what the bottom 64 >> bits are, your network prefix is enough information for the bad guys to >> use as ICBM targeting coordinate

Re: [6man] Stable privacy addresses (upcoming rev)

2012-03-30 Thread Ray Hunter
I have reviewed draft-gont-6man-stable-privacy-addresses and have already sent some nits direct to the author. I like this draft. One of my biggest criticisms of RFC4941 today is that end nodes act unilaterally, and that due consideration was not made of the needs of organizations (such as En