Le 7 juil. 09 à 21:56, Dave Thaler a écrit :
-Original Message-
From: Rémi Després [mailto:remi.desp...@free.fr]
Sent: Tuesday, July 07, 2009 3:03 AM
To: Christian Huitema
Cc: Brian E Carpenter; Xing Li; 6man; Behave WG; Dave Thaler
Subject: Re: Perils of structured host identifiers
> -Original Message-
> From: Rémi Després [mailto:remi.desp...@free.fr]
> Sent: Tuesday, July 07, 2009 3:03 AM
> To: Christian Huitema
> Cc: Brian E Carpenter; Xing Li; 6man; Behave WG; Dave Thaler
> Subject: Re: Perils of structured host identifiers (was: Modifie
Christian Huitema wrote:
[...]
> Structured identifiers are not compatible with privacy address
> extensions. Moreover, embedding addresses in identifiers discloses
> information that would otherwise have remained hidden behind the NAT
> and the firewall. The IPv4 address encoded in the host identi
On 7 jul 2009, at 20:27, Christian Huitema wrote:
I'm not seeing this.
vXuser - routers -- vXserver
v6user - NAT64 -- v4server
In the first case, the addresses are visible everywhere. In the
second
case, the destination address (in one form or another) is visible
everywhe
> I'm not seeing this.
>
> vXuser - routers -- vXserver
>
> v6user - NAT64 -- v4server
>
> In the first case, the addresses are visible everywhere. In the second
> case, the destination address (in one form or another) is visible
> everywhere. How is this suddenly a privacy issue?
CGA are not only used in SEND, but also in SHIM6, and they have a clear
potential in other applications. You can take the narrow view that CGA are only
useful to secure neighbor discovery, but doing that limits any future
application.
Iljitsch makes another point, that CGA are inherently not us
Le 7 juil. 09 à 15:40, Christian Huitema a écrit :
CGA are not only used in SEND, but also in SHIM6, and they have a
clear potential in other applications.
I agree that other useful uses of CGAs are possible.
For those where CGAs never appear in link-layer addresses, compliance
with the u-
On 7 jul 2009, at 15:40, Christian Huitema wrote:
I think Iljitsch missed the point about privacy. Consider an IPv4
enterprise network manager that wants to gain IPv6 access. Embedding
the internal IPv4 addresses in the IPv6 address makes these
addresses public, while previously they were p
Christian,
Thanks for this analysis.
Caution is indeed a must before any amendment of a basic document.
As my proposal is, its relationship with cryptographically generated
addresses (and with secure neighbor discovery which uses it) should
however not be a problem.
The proposal is, in sho