However, in the case of
roaming the feature is highly debatable. If a host visits the same
network multiple times, should it always reuse the same ID, or should
it get a new identifier each time? It is very easy to argue that
different each time has better privacy properties.
Agreed. For
Hi, Sujing,
On 05/02/2013 05:14 AM, Sujing Zhou wrote:
Have you ever considered add a date/time (optional ) parameter in
generation of the new RID,
for example:
RID = F(Prefix, Interface_Index, Network_ID, DAD_Counter,Date/Time,
secret_key),
thus will result in different IID each
Privacy is handled in the same way as security. Perfect privacy (as with
perfect security) doesn't exist... and you usually must decide when putting
even more effort on it doesn't make any more sense.
My point is that this is not true. Let's use a real life example. Suppose
that someone knows the
Philipp,
I didn't really want to continue this debate as I have repeatedly stated my
views in my past responses, but if you like, I will once again explain it
from my point of view.
you seem to argue that privacy can only be mentioned if the protection is
absolute.
No, absolute is too a big
On 04/30/2013 12:38 PM, Hosnieh Rafiee wrote:
No, absolute is too a big word to use but the definition of the
relative is also much different than when using it in reference to
security. Unlike security where you can provide relative security
through the protection of one protocol and then
On 04/29/2013 01:47 AM, Mark Smith wrote:
What I keep saying is this rfc draft does not have any effect on
privacy and everything related to the router prefix.
So privacy and security are relative, not absolute. I think this
provides better privacy compared to the use of MAC addresses for
Dear Mark
So privacy and security are relative, not absolute. I think this provides
better privacy compared to the use of MAC addresses for IIDs
Unfortunately that answer is not exactly true. As I explained in my last
messages, it is really related to the lifetime of the router prefix. In
Hosnieh,
Quite a few times I have responded to your comments, and have even
provided pointers to publicly-available papers that you seem to have
ignored.
I disagree with your comments below... but cannot really invest more
time in writing responses you'll ignore.
This I-D improves at least two
Fernando,
I guess that we are at an impasse again. I just want to make it clear to
everyone that this proposed draft of yours doesn't really do anything
substantial for privacy issues and I find it misleading to mention privacy
in the title. I too am extremely busy and cannot afford to devote any
Hosnieh,
am Mon, Apr 29, 2013 at 11:17:43PM +0200 hast du folgendes geschrieben:
I guess that we are at an impasse again. I just want to make it clear to
everyone that this proposed draft of yours doesn't really do anything
substantial for privacy issues and I find it misleading to mention
On 29/04/2013 03:28, Hosnieh Rafiee wrote:
... Whether or not an IID in a network
is fixed or not is a network policy issue and not a standards issue.
You keep saying that, but it's a *host* IID and therefore primarily
a host issue. In some cases, hosts are subject to a local policy,
but in
Dear Brian,
You keep saying that, but it's a *host* IID and therefore primarily a host
issue. In some cases, hosts are subject to a local policy, but in other cases
they are completely autonomous. It's reasonable to have several optional
standards for how hosts autonomously create their IID.
- Original Message -
From: Hosnieh Rafiee i...@rozanak.com
To: 'Brian E Carpenter' brian.e.carpen...@gmail.com
Cc: 'Fernando Gont' fg...@si6networks.com; 'Alissa Cooper'
acoo...@cdt.org; ipv6@ietf.org; 'Christian Huitema' huit...@microsoft.com
Sent: Monday, 29 April 2013 6:13 AM
At 14:32 25-04-2013, Alissa Cooper wrote:
One comment and one nit below.
[snip]
This implication seems misguided. Providing the ability to track and
correlate the communications of a device that never leaves a single
network is a significant concern. It is one concern among several
that
Hi Fernando,
At 12:13 26-04-2013, Fernando Gont wrote:
In some scenarios, that's impossible. Trivial example: If you have a
network with a single host attached to it, no matter whether you change
your address periodically (*), it will be possible to correlate the
hosts' activities.
(*) That of
At 14:32 25-04-2013, Alissa Cooper wrote:
One comment and one nit below.
[snip]
This implication seems misguided. Providing the ability to track and
correlate the communications of a device that never leaves a single
network is a significant concern. It is one concern among several that
the
Hi Hosnieh,
At 09:51 27-04-2013, Hosnieh Rafiee wrote:
I mentioned this comment in the first versions of this draft, but nobody
seemed to agree with me at that time so I stopped with the dialogue.
I gather that would be in the message at
I do not think repeating what I explained before will be of much help. I
never received any responses from my last discussions with Fernando so I am
not going to continue that discourse. But here is a brief summary of I
tried to explain.
I agree with the part where he focuses on an algorithm
Hosnieh,
On 04/27/2013 04:20 PM, Hosnieh Rafiee wrote:
I do not think repeating what I explained before will be of much help. I
never received any responses from my last discussions with Fernando so I am
not going to continue that discourse.
FWIW, I responded to your messages. However, most
On 04/27/2013 01:51 PM, SM wrote:
Hi Fernando,
At 12:13 26-04-2013, Fernando Gont wrote:
In some scenarios, that's impossible. Trivial example: If you have a
network with a single host attached to it, no matter whether you change
your address periodically (*), it will be possible to correlate
Hi Fernando,
I owe you an apology as one of the comments I made on this thread may
be misinterpreted. You responded to all the comments I read.
Regards,
-sm
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative
There are essentially three privacy issues:
* main one: IIDs that are constant across networks (this is the one that is
very harmful)
I think outlining that issue is perhaps the most important aspect of Fernando's
draft. The logic of automatic address configuration is that a host gets an
On 04/27/2013 09:47 PM, Christian Huitema wrote:
* second one: correlation of node activities within the same
network. In many cases, no matter whether you change your
addresses, it won't be solved.
That's largely true, because hosts leak tons of information on the
network they connect to.
The IESG has received a request from the IPv6 Maintenance WG (6man) to
consider the following document:
- 'A method for Generating Stable Privacy-Enhanced Addresses with IPv6
Stateless Address Autoconfiguration (SLAAC)'
draft-ietf-6man-stable-privacy-addresses-06.txt as Proposed Standard
The IESG has received a request from the IPv6 Maintenance WG (6man) to
consider the following document:
- 'A method for Generating Stable Privacy-Enhanced Addresses with IPv6
Stateless Address Autoconfiguration (SLAAC)'
draft-ietf-6man-stable-privacy-addresses-06.txt as Proposed Standard
25 matches
Mail list logo
