Re: end-user ipv6 deployment and concerns about privacy

[Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>]

On Wed, 18 Aug 2010 20:04:47 +0930
Mark Smith <nanog () 85d5b20a518b8f6864949bd940457dc124746ddc nosense org>
wrote:

> On Wed, 18 Aug 2010 01:12:19 +0200
> Hannes Frederic Sowa <hannes () mailcolloid de> wrote:
>
> > Hello!
> >
> > As the first IPv6 deployments for end-users are in the planning stage
> > in Germany, I realized I have not found any BCP for handling
> > addressing in those scenarios. IPv6 will make it a lot easier for
> > static address deployments but I wonder weather this is in the best
> > sense for the customers. As I normally come from the technical side I
> > prefer static addressing. But in the world of facebook and co. I
> > wonder if it would be a better to let the user have the choice. A
> > major provider of dsl here in Germany recently blogged about this [1].
> > Their proposal is to serve two subnets, one being a static one while
> > the other one will be dynamically allocated. I have no clue how the
> > user would switch between these subnets (without using some kind of
> > command line tools).
> >
> > This is not about using privacy extensions as the subnet is sufficient
> > for identification.
> >
> > Did you reach any conclusion on this matter?
>
> Haven't really thought about it before.
>
> One thing to consider is that unless the preferred and valid lifetimes
> of an IPv6 prefix are set to infinity, IPv6 prefixes are always dynamic
> - they'll eventually expire unless they're refreshed. The preferred and
> valid lifetimes for prefixes that are delegated to customers could be
> something that they might be able to change via a web portal, bounded
> to within what you as an ISP are happy with e.g. 1 to 30 days, rather
> than the absolute range of lifetime values supported.

In case it isn't clear, the customer would have multiple delegated IPv6
prefixes during the overlap period. New prefixes are phased in and old
ones are phased out. Over what time period the phase in / phase out
occurs is what the customer could have the ability to change.

Changing addresses will disrupt ongoing communications. While
IPv6 can't prevent that disruption, it does have mechanisms available
to handle it far more gracefully than the customer having to bounce
their PPP session to acquire new addressing. With the right parameters,
I think an ISP could make phasing in/phasing out prefixes transparent
for most cases.

> CPE could also
> potentially do the same thing with the range of subnets it has been
> delegated, by phasing in and out subnets over time on it's downstream
> interfaces. (The more subnets the better, so a /48 would be ideal for
> this.)
>
> As you've mentioned, privacy addresses help. A related idea is
> described in "Transient addressing for related processes: Improved
> firewalling by using IPv6 and multiple addresses per host." [0], Peter
> M. Gleitz and Steven M. Bellovin, which takes advantage of the 2^64
> addresses in a /64, and has different applications on the same host use
> different source IPv6 addresses.
>
> Pretending to be multiple hosts, or even just one with privacy
> addresses, moving around multiple subnets, on delegated prefixes that
> change fairly regularly would probably mitigate quite a lot of the
> privacy concerns people may have related to IPv6 addressing.
>
> Regards,
> Mark.
>
>
> [0] http://www.cs.columbia.edu/~smb/papers/tarp.pdf