[117873] in North American Network Operators' Group
Re: ISP customer assignments
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Oct 5 18:36:26 2009
To: Dan White <dwhite@olp.net>
In-Reply-To: Your message of "Mon, 05 Oct 2009 16:13:37 CDT."
<20091005211337.GP5403@dan.olp.net>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 05 Oct 2009 18:35:09 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1254782109_3393P
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
On Mon, 05 Oct 2009 16:13:37 CDT, Dan White said:
> a publicly routeable stateless auto configured address is no less
> secure than a publicly routeable address assigned by DHCP. Security is,=
and
> should be, handled by other means.
The problem is user tracking and privacy.
RFC4941's problem statement:
Addresses generated using stateless address autoconfiguration
=5BADDRCONF=5D contain an embedded interface identifier, which remains=
constant over time. Anytime a fixed identifier is used in multiple
contexts, it becomes possible to correlate seemingly unrelated
activity using this identifier.
The correlation can be performed by
o An attacker who is in the path between the node in question and
the peer(s) to which it is communicating, and who can view the
IPv6 addresses present in the datagrams.
o An attacker who can access the communication logs of the peers
with which the node has communicated.
Since the identifier is embedded within the IPv6 address, which is a
fundamental requirement of communication, it cannot be easily hidden.
This document proposes a solution to this issue by generating
interface identifiers that vary over time.
Note that an attacker, who is on path, may be able to perform
significant correlation based on
o The payload contents of the packets on the wire
o The characteristics of the packets such as packet size and timing
Use of temporary addresses will not prevent such payload-based
correlation.
(end quote)
Or phrased differently - if I DCHP my laptop in a Starbuck's, on Comcast,=
at
work, at a hotel, and a few other places, you'll get a whole raft of answ=
ers
which will be very hard to cross-corrolate. But if all those places did
IPv6 autoconfig, the correlation would be easy, because my address would
always end in 215:c5ff:fec8:334e - and no other users should have those
last 64 bits.
Amazingly enough, some people think making it too easy to Big-Brother you=
is a security issue...
--==_Exmh_1254782109_3393P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFKynSdcC3lWbTT17ARAtwWAJ9SdV6eOwbJZQRXbMKg990acdW6aQCgvXa8
WNxtffXESw59XsakPhAWAQk=
=2nlJ
-----END PGP SIGNATURE-----
--==_Exmh_1254782109_3393P--
