> This is to limit the number of multicast groups that the
> interface must join?
> While this does not affect long time correlation of the nodes
> communication, it
> allows for easier short time correlation (that is, two
> communicating outside
> observers will be able to notice, that in (prefix X) there is
> a machine
> accessing resource A close to the time where in prefix Y the
> same user is
> accessing resource B.
>
> Without this rule (if instead using a new Interface
> Identifier each time you
> create an anonymous address) accesses to resources that are
> at different
> destination addresses, which have some likelihood to use
> different source
> prefixes, will not be trackable to the same machine. I can
> imagine situations
> where this correlation should be hidden.
Yes, my proposal (to have anonymous addesses with different prefixes sharing
the same random interface identifier) does not provide as much privacy as
using a different random interface identifier for each anonymous address. I
think both behaviors should be allowed. Joining too many multicast groups
might be a significant performance hit in some environments.
> > An implementation consequence of all this is that you do
> need to find the
> > corresponding public addresses from an anonymous address.
>
> Why?
Because when an anonymous address is about to be deprecated and you create a
new anonymous address, I'm proposing to refer to the corresponding public
address's lifetimes to use in the formulas for the lifetimes for the new
anonymous address.
Rich
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
