[118773] in Cypherpunks
Privacy leak in IPV6?
daemon@ATHENA.MIT.EDU (Greg Broiles)
Thu Oct 7 19:53:59 1999
Date: Thu, 7 Oct 1999 16:09:57 -0700
From: Greg Broiles <gbroiles@netbox.com>
To: cypherpunks@cyberpass.net
Message-ID: <19991007160957.B27117@ideath.parrhesia.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Reply-To: Greg Broiles <gbroiles@netbox.com>
Bill Frezza, in an article at
<http://www.techweb.com/se/directlink.cgi?INW19991004S0052>, points out
that IPv6 apparently includes the hardware ethernet address in the IPv6
network address of network clients, and that this has privacy
implications heretofore undiscussed.
Comments?
It occurs to me that it shouldn't be difficult to write an IPv6 stack
which doesn't use this convention - there can't be a strict one-to-one
mapping of IPv6 addresses to ethernet interfaces, because, well,
sometimes network interfaces aren't ethernet - so obviously there's a
mechanism for assigning addresses to non-ethernet devices, and it ought
to be possible to use it for ethernet devices, as well.
Even so, it might be useful to have thought about the privacy aspects of
IPv6 before it's widely deployed.
--
Greg Broiles
gbroiles@netbox.com
