[138110] in North American Network Operators' Group
Re: Mac OS X 10.7, still no DHCPv6
daemon@ATHENA.MIT.EDU (Joe Abley)
Mon Feb 28 10:04:36 2011
From: Joe Abley <jabley@hopcount.ca>
In-Reply-To: <F05D77A9631CAE4097F7B69095F1B06F05502A@EX02.drtel.lan>
Date: Mon, 28 Feb 2011 10:04:23 -0500
To: Brian Johnson <bjohnson@drtel.com>
X-SA-Exim-Mail-From: jabley@hopcount.ca
Cc: nanog group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2011-02-28, at 09:53, Brian Johnson wrote:
> Can someone explain what exactly the security threat is?
The threat model relates to the ability for a third party to be able to =
identify what subnets a single device has moved between, which is =
possible with MAC-embedded IPv6 addresses but not possible with =
addresses without embedded local identifiers. It's analogous to someone =
tracking credit card use and being able to infer from the vendor crumbs =
where an individual has been.
I don't think this has ever been cited as a global, general threat that =
must be eliminated (just as people are generally happy to use the same =
credit card as they move around the planet and don't generally stress =
about the implications). However, I think it's reasonable that it's a =
concern for some. There is no global, fixed value of "acceptable" when =
it comes to privacy.
Joe
