![nanog logo](/images/nanog-logo.png)
nanog mailing list archives
RE: ISP customer assignments
From: "TJ" <trejrco () gmail com>
Date: Mon, 5 Oct 2009 20:40:28 -0400
On Mon, 05 Oct 2009 16:13:37 CDT, Dan White said:a publicly routeable stateless auto configured address is no less secure than a publicly routeable address assigned by DHCP. Security is, and should be, handled by other means.The problem is user tracking and privacy. RFC4941's problem statement: Addresses generated using stateless address autoconfiguration [ADDRCONF] contain an embedded interface identifier, which remains constant over time. Anytime a fixed identifier is used in multiple contexts, it becomes possible to correlate seemingly unrelated activity using this identifier. The correlation can be performed by o An attacker who is in the path between the node in question and the peer(s) to which it is communicating, and who can view the IPv6 addresses present in the datagrams. o An attacker who can access the communication logs of the peers with which the node has communicated. Since the identifier is embedded within the IPv6 address, which is a fundamental requirement of communication, it cannot be easily hidden. This document proposes a solution to this issue by generating interface identifiers that vary over time. Note that an attacker, who is on path, may be able to perform significant correlation based on o The payload contents of the packets on the wire o The characteristics of the packets such as packet size and timing Use of temporary addresses will not prevent such payload-based correlation. (end quote) Or phrased differently - if I DCHP my laptop in a Starbuck's, on Comcast,
at
work, at a hotel, and a few other places, you'll get a whole raft of
answers
which will be very hard to cross-corrolate. But if all those places did IPv6 autoconfig, the correlation would be easy, because my address would
always
end in 215:c5ff:fec8:334e - and no other users should have those last 64
bits.
Amazingly enough, some people think making it too easy to Big-Brother you
is a
security issue...
Isn't this really a security by obscurity argument? Making it a bit harder for the attacker, relying on 'Eve' just not realizing who I am? Most of those concerns are in fact mitigated by a well implemented Privacy implementation ... and many of the remaining concerns do in fact apply to IPv4. Not to mention the 'higher layer' aspects. Bottom line - if you are doing something that warrants some level of privacy or protection, you should do something to ensure that level of privacy or protection - never assume you are private/secure by default. /TJ
Current thread:
- Re: ISP customer assignments, (continued)
- Re: ISP customer assignments William Herrin (Oct 05)
- RE: ISP customer assignments Brian Johnson (Oct 05)
- Re: ISP customer assignments Chuck Anderson (Oct 05)
- Re: ISP customer assignments William Herrin (Oct 05)
- Re: ISP customer assignments Ricky Beam (Oct 05)
- Re: ISP customer assignments Dan White (Oct 05)
- Re: ISP customer assignments Valdis . Kletnieks (Oct 05)
- Re: ISP customer assignments Dan White (Oct 05)
- Re: ISP customer assignments Ricky Beam (Oct 05)
- Re: ISP customer assignments Dan White (Oct 06)
- RE: ISP customer assignments Brian Johnson (Oct 05)
- RE: ISP customer assignments TJ (Oct 05)
- Re: ISP customer assignments Valdis . Kletnieks (Oct 05)
- Re: ISP customer assignments William Herrin (Oct 05)
- Message not available
- Re: ISP customer assignments Dan White (Oct 06)
- Re: ISP customer assignments TJ (Oct 06)
- Re: ISP customer assignments James Hess (Oct 06)
- Re: ISP customer assignments Michael Dillon (Oct 08)
- Re: ISP customer assignments Steven Bellovin (Oct 05)
- Re: ISP customer assignments Owen DeLong (Oct 05)
- Re: ISP customer assignments Michael Thomas (Oct 05)