Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Republicans propose data retention laws targeting ISPs, home WiFi users

From: David Farber <dave () farber net>
Date: Fri, 20 Feb 2009 12:13:01 -0500


Begin forwarded message:

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: February 20, 2009 12:03:07 PM EST
To: dave () farber net
Cc: "David S. Isenberg (isen)" <isen () isen com>
Subject: Re: [IP] Re: Republicans propose data retention laws targeting ISPs, home WiFi users 



If we had IPv6, we wouldn't need no stinking
temporary addresses, because IPv6 has approximately
enough permanent addresses for every atom in the
universe. Then "they" would know which IP address
did which communication, and we'd get a symmetrical
Internet where the distinction between client and
server would be moot. Not sure if this tradeoff
between safety and liberty is worth it, I'm just
saying that in this case we get a little liberty
*back* in the trade too.


This is just plain wrong, for several reasons.  First -- IP addresses
are always composed of a <network,host> pair (though the boundary is
not knowable from the outside).  This is necessary for routing -- we
can't do flat routing to every home computer, let alone every
IPv6-enabled light switch on the planet.  When your machine travels --
a laptop in a hotel, an iPhone that has roamed to another place, a home
computer when you change residence, an office computer when your
employer changes ISPs -- the network portion changes.

Even the host portion can (and should) change; otherwise, everyone else
can track you.

IPv6 normally uses stateless autoconfiguration to generate the host
portion, which means there are no records necessary; any host that
connects will have an address.  That means that though law enforcement
may know that something is the same computer as earlier, they don't
know whose it is.  But will this bill outlaw stateless autoconfig?

Then, of course, there is RFC 4941, which describes a method by which
hosts can pick their own host portion, dynamically.  WIll this be
outlawed?  If so, why?  Perhaps there's a societal benefit to letting
law enforcement track people; I fail to see the benefit to letting
Google et al. do so.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: