Hi all,
I do agree with Fernando that we need to be more clear on the trust
models that we apply ( I don't think this is an issue only on 6man,
it's a general thing ).
If we distrust some network element, then we distrust it for *any*
purpose, not just for this or that bit. In this particular
[mailto:ipv6-boun...@ietf.org] On Behalf Of Carlos
Martinez-Cagnazzo
Sent: Friday, April 01, 2011 12:58 AM
To: Fernando Gont
Cc: ipv6@ietf.org
Subject: Re: draft-gont-6man-managing-privacy-extensions
Hi all,
I do agree with Fernando that we need to be more clear on the trust models that
we apply
Folks,
At the 6man wg meeting, the aforementioned I-D was deemed as a very bad
idea, because of its privacy implications.
My question is: what's the trust model that leads to that conclusion?
I mean, a host doing SLAAC trusts the router about the prefix to be
configured, default route, various
Humble apologies that I meant to send this email to 6man but instead
sent it to v6ops.
Hemant
From: Hemant Singh (shemant)
Sent: Monday, March 28, 2011 10:02 AM
To: IPv6 Ops WG
Subject: comment on draft-gont-6man-managing-privacy-extensions-01
In some certain large-scale broadband
On 28/03/2011 05:06 a.m., Hemant Singh (shemant) wrote:
In some certain large-scale broadband networks, an RA does not even
include any PIO, so how will this document signal new bits?
I guess that those networks employ something else for host
configuration? (e.g., DHCP) -- If that's the case,
-generation/draft-gont-6man-managing-privacy-extensions-02b.txt
* PDF format:
http://www.gont.com.ar/drafts/address-generation/draft-gont-6man-managing-privacy-extensions-02b.pdf
For your convenience, the diff between this upcoming rev and the last
posted version (-01) is available here:
http
On Fri, 25 Mar 2011 01:30:48 -0300
Fernando Gont ferna...@gont.com.ar wrote:
On 16/03/2011 01:51 p.m., Brian Haley wrote:
I have an almost off-topic comment, but since I've seen no mention of it
in any of these privacy threads...
You have to assume in a large data center that almost
On 16/03/2011 01:51 p.m., Brian Haley wrote:
I have an almost off-topic comment, but since I've seen no mention of it
in any of these privacy threads...
You have to assume in a large data center that almost every MAC address you
encounter is going to be randomly generated.
Are they
On 16/03/2011 09:48 a.m., Mohacsi Janos wrote:
As RFC 4941 says:
Changed the default setting for usage of temporary addresses to be
disabled.
and also:
Additionally, sites might wish to selectively enable or disable the
use of temporary addresses for some prefixes. For example, a
On 16/03/2011 11:14 a.m., Yu Hua bing wrote:
Our draft is not meant to propose not to use privacy addresses -- as
noted a few times, already, the proposed mechanism could be used to turn
privacy addresses on for some systems that have decided not to enable
them by default (e.g., FreeBSD).
Then what's all this controversy with
draft-gont-6man-managing-privacy-extensions? :-) -- That aside, there have
been quite a few publications asessing the real privacy provided with the
so-called privacy-extensions
Using randomized host identifiers is way more private than sticking
Why would you find it acceptable to have the ISP assign you the complete
address e.g. with DHCP, then?
In the context of a user requiring privacy protection, it isn't acceptable.
As far as I know, what the ISP will assign is a prefix; the individual
host addresses are locally assigned by
On 16/03/2011 03:30 a.m., Christian Huitema wrote:
Then what's all this controversy with
draft-gont-6man-managing-privacy-extensions? :-) -- That aside,
there have been quite a few publications asessing the real
privacy provided with the so-called privacy-extensions
Using randomized
On Wed, 16 Mar 2011, Fernando Gont wrote:
On 16/03/2011 03:30 a.m., Christian Huitema wrote:
Then what's all this controversy with
draft-gont-6man-managing-privacy-extensions? :-) -- That aside,
there have been quite a few publications asessing the real
privacy provided with the so-called
Our draft is not meant to propose not to use privacy addresses -- as
noted a few times, already, the proposed mechanism could be used to turn
privacy addresses on for some systems that have decided not to enable
them by default (e.g., FreeBSD).
Windows provides the command line to turn on or
On 03/12/2011 06:29 AM, Fernando Gont wrote:
On 09/03/2011 08:17 a.m., Mikael Abrahamsson wrote:
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG, perhaps due to
the volume of recent I-D postings, and the topic seems relevant.
Le 16 mars 2011 à 07:30, Christian Huitema a écrit :
...
In fact, rather than your draft proposing to not use privacy addresses, we
should pursue the deprecation of using EUI-64 in addresses.
-1
The worst part of your draft is that , if we published it, it would give the
impression that
On 09/03/2011 05:49 p.m., Mark Smith wrote:
I agree. I sort of accept that an ISP can know my addresses in use, in
part because they gave them to me. However, for an ISP to not let me
choose if I want to use privacy addresses on the Internet would
be completely unacceptable.
Why would you
Fernando,
On 2011-03-16 00:55, Fernando Gont wrote:
On 09/03/2011 05:49 p.m., Mark Smith wrote:
I agree. I sort of accept that an ISP can know my addresses in use, in
part because they gave them to me. However, for an ISP to not let me
choose if I want to use privacy addresses on the Internet
.
Why would you find it acceptable to have the ISP assign you the complete
address e.g. with DHCP, then?
In the context of a user requiring privacy protection, it isn't acceptable.
Then what's all this controversy with
draft-gont-6man-managing-privacy-extensions? :-) -- That aside, there
have
Hi, Mikael,
On 09/03/2011 08:17 a.m., Mikael Abrahamsson wrote:
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG, perhaps due to
the volume of recent I-D postings, and the topic seems relevant.
I don't think it solves what it
Notification for
draft-gont-6man-managing-privacy-extensions-01
Date: Sat, 12 Mar 2011 02:57:54 -0800 (PST)
From: IETF I-D Submission Tool idsubmiss...@ietf.org
To: ferna...@gont.com.ar
CC: r...@spawar.navy.mil
A new version of I-D, draft-gont-6man-managing-privacy-extensions-01.txt
has been successfully
On 09/03/2011 09:19 a.m., huabing yu wrote:
(1)If H (Hardware-derived addresses) flag is 1, it indicates that
the host SHOULD generate hardware-derived addresses, and doesn't
generate privacy addresses.
(2)If H (Hardware-derived addresses) flag is 0, the author say that
this bit indicates
On 09/03/2011 11:57 a.m., Mikael Abrahamsson wrote:
If you want to know the mac address of the computer who used an IP
address at a certain time, then you need to tell the host to only use
EUI64 based address and nothing else, you don't tell it to disable
privacy extensions.
This was
this in the next rev of the document.
REQUEST for Fernando G/Ron B:
Separately, keeping the quoted comments above in mind, the I-D
draft-gont-6man-managing-privacy-extensions needs clarification
edits to avoid using the phrase hardware-derived anywhere.
Will do.
REASON
subscribers would be a political blunder.
The requirements in draft-gont-6man-managing-privacy-extensions are
SHOULDs, for this very reason.
How about including some text that explicitly states that a host can
always override the desired policy (with a system toggle) if it desires
to do so
On 09/03/2011 08:17 a.m., Mikael Abrahamsson wrote:
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG, perhaps due to
the volume of recent I-D postings, and the topic seems relevant.
I don't think it solves what it thinks it
On Fri, Mar 11, 2011 at 08:01, Mark Townsley m...@townsley.net
wrote:
On Mar 11, 2011, at 3:32 AM, Christian Huitema wrote:
I'm saying the reasons people are tempted to disable RFC4941 are
misplaced.
+1
Consider that if I want privacy and you won't let me use RFC4941, I
might just make up
Blue sky: Could the SP allow privacy addresses, at least for global
use, and log its own mappings between privacy addressses and MACs or
other persistent identifiers? Then it can always trace back to
determine who did what if necessary.
I'm sure service providers *could* do this. But it's
It doesn't. The I-D aims at allowing routers specify which policy they want
hosts to employ when generating their IPv6 addresses.
Uh? I definitely don't want to give the router at Starbucks the means to
specify the privacy configuration of my laptop.
I understand that corporation want to
On 03/12/2011 16:44, Christian Huitema wrote:
It doesn't. The I-D aims at allowing routers specify which policy they want
hosts to employ when generating their IPv6 addresses.
Uh? I definitely don't want to give the router at Starbucks the means to
specify the privacy configuration of my
On 12/03/2011 09:44 p.m., Christian Huitema wrote:
It doesn't. The I-D aims at allowing routers specify which policy
they want hosts to employ when generating their IPv6 addresses.
Uh? I definitely don't want to give the router at Starbucks the means
to specify the privacy configuration of
Hi, James,
On 09/03/2011 04:08 p.m., james woodyatt wrote:
About the H-bit in the PIO it proposes, the draft says this:
When set, this bit indicates that hardware-derived addresses SHOULD
be used when configuring IPv6 addresses as a result of Stateless
Address Autoconfiguration. When not
On Sat, 12 Mar 2011 21:57:14 -0300
Fernando Gont ferna...@gont.com.ar wrote:
On 12/03/2011 09:44 p.m., Christian Huitema wrote:
It doesn't. The I-D aims at allowing routers specify which policy
they want hosts to employ when generating their IPv6 addresses.
Uh? I definitely don't want
It doesn't. The I-D aims at allowing routers specify which policy they want
hosts to employ when generating their IPv6 addresses.
Uh? I definitely don't want to give the router at Starbucks the means to
specify the privacy configuration of my laptop.
I understand that corporation want
Mark Smith i...@69706e6720323030352d30312d31340a.nosense.org writes:
I also think there is a fundamentally incorrect assumption is being
made - that IPv6 addresses and humans are tightly coupled.
Actually, if you look at trends, they are increasingly tightly
coupled.
Internet access by humans
the thread uncovered)
RFC4941 by itself does the trick.
But draft-gont-6man-managing-privacy-extensions (the subject of
this thread) says you can't use RFC4941.
I'm saying the reasons people are tempted to disable RFC4941 are
misplaced. Really, they want the same tracking of
which-host
On Mar 11, 2011, at 3:32 AM, Christian Huitema wrote:
I'm saying the reasons people are tempted to disable RFC4941 are misplaced.
+1
Consider that if I want privacy and you won't let me use RFC4941, I might
just make up a new MAC address each time I connect.
Consider also the
On 10 Mar 2011, at 02:34 , Dan Wing wrote:
Nobody wants it removed in corporate deployments, either.
That statement is far too strong; it simply is not true.
Consider for a moment an IPv6-enabled telephone,
on the desk of a Very Important Person at a company, ...
(Laugh. I don't believe
: draft-gont-6man-managing-privacy-extensions-00.txt
On 2011-03-10 00:17, Mikael Abrahamsson wrote:
On Wed, 9 Mar 2011, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-
privacy-extensions-00.txt
I recommend that folks read the above draft. I
On Mar 10, 2011, at 4:10 AM, Ran Atkinson wrote:
It seems pretty clear that Fred's NPTv6 is going to be deployed in at least
some locations, albeit for entirely different reasons. I'm not sure if that
meets your definition of NAPT66 or not.
It does not. NPTv6 only translates the network
uncovered)
Paul Chilton
Low Power RF Solutions (formerly Jennic)
NXP Semiconductors
-Original Message-
From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of james
woodyatt
Sent: 10 March 2011 16:02
To: Ran Atkinson
Cc: ipv6@ietf.org
Subject: Re: draft-gont-6man-managing
-Original Message-
From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of
Ran Atkinson
Sent: Thursday, March 10, 2011 4:10 AM
To: ipv6@ietf.org
Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt
On 10 Mar 2011, at 02:34 , Dan Wing wrote:
Nobody
-Original Message-
From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of
Paul Chilton
Sent: Thursday, March 10, 2011 10:18 AM
To: james woodyatt
Cc: ipv6@ietf.org
Subject: RE: draft-gont-6man-managing-privacy-extensions-00.txt
Doesn't a combination of RFC4941
I'm saying the reasons people are tempted to disable RFC4941 are misplaced.
+1
Consider that if I want privacy and you won't let me use RFC4941, I might just
make up a new MAC address each time I connect.
Consider also the effect of unique identifiers on tracking. The MAC address
follows
On 03/09/2011 06:57, Mikael Abrahamsson wrote:
If you want to know the mac address of the computer who used an IP
address at a certain time, then you need to tell the host to only use
EUI64 based address and nothing else, you don't tell it to disable
privacy extensions. Just because privacy
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy-extensions-00.txt
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG, perhaps due to
the volume of recent I-D postings, and the topic seems relevant.
Cheers
On Wed, 9 Mar 2011, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy-extensions-00.txt
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG, perhaps due to
the volume of recent I-D postings
2011/3/9 Mikael Abrahamsson swm...@swm.pp.se
On Wed, 9 Mar 2011, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy-extensions-00.txt
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG
On Wed, 9 Mar 2011, huabing yu wrote:
(1)If H (Hardware-derived addresses) flag is 1, it indicates that
the host SHOULD generate hardware-derived addresses, and doesn't
generate privacy addresses.
I think it should indicate that ONLY hw-derived address should be created,
which by defintion
that would not embed a hardware address in the IID.
REQUEST for Fernando G/Ron B:
Separately, keeping the quoted comments above in mind, the I-D
draft-gont-6man-managing-privacy-extensions needs clarification
edits to avoid using the phrase hardware-derived anywhere.
REASON
On 2011-03-10 00:17, Mikael Abrahamsson wrote:
On Wed, 9 Mar 2011, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy-extensions-00.txt
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG
On Mar 9, 2011, at 2:01 AM, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy-extensions-00.txt
I recommend that folks read the above draft. I haven't seen the
I-D announcement get cross-posted to the IPv6 WG, perhaps due to
the volume of recent I-D
On 09 Mar 2011, at 13:49 , Brian E Carpenter wrote:
On 2011-03-10 00:17, Mikael Abrahamsson wrote:
I don't think it solves what it thinks it solves, but if this REALLY
should be implemented, it's my initial thinking that the H flag should
be a MUST demand to only have ONE and only one
I would observe that we have multiple documents which note the
importance of traceability for problem resolution. Treating privacy
as an all-or-nothing thing is probably a misleading perspective.
It is extremely likely that privacy addresses, and their bindings to
homes or office desktops,
On Wed, 09 Mar 2011 14:32:45 -0500
Joel M. Halpern j...@joelhalpern.com wrote:
I would observe that we have multiple documents which note the
importance of traceability for problem resolution. Treating privacy
as an all-or-nothing thing is probably a misleading perspective.
It is extremely
Hi Ran,
On Wed, 9 Mar 2011 10:51:59 -0500
RJ Atkinson rja.li...@gmail.com wrote:
On 09 Mar 2011, at 09:57 , Mikael Abrahamsson wrote:
Privacy Extensions is not the only mechanisms that might create an
address to be used, thus I think the disable privacy flag is meaningless.
If you
On Thu, 10 Mar 2011 07:49:29 +1300
Brian E Carpenter brian.e.carpen...@gmail.com wrote:
On 2011-03-10 00:17, Mikael Abrahamsson wrote:
On Wed, 9 Mar 2011, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy-extensions-00.txt
I recommend
On 2011-03-10 09:49, Mark Smith wrote:
On Thu, 10 Mar 2011 07:49:29 +1300
Brian E Carpenter brian.e.carpen...@gmail.com wrote:
On 2011-03-10 00:17, Mikael Abrahamsson wrote:
On Wed, 9 Mar 2011, Ran Atkinson wrote:
http://www.ietf.org/internet-drafts/draft-gont-6man-managing-privacy
-Original Message-
From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of
Brian E Carpenter
Sent: Wednesday, March 09, 2011 10:49 AM
To: Mikael Abrahamsson
Cc: ipv6@ietf.org; Ran Atkinson
Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt
On 2011-03
60 matches
Mail list logo