> > > > The GGSN always provides an Interface > Identifier to > > > the mobile host. > > > > > > ==> Is that IID trackable? If so, this might be > worth mentioning in > > > security considerations' second "bullet": If IID is > > > trackable (like EUI64 > > > is), changing the prefix doesn't help with privacy. > > > > => The IID for the _link-local_address_only. > > The host can use any other IIDs for addresses > > with scopes larger than the link-local one. > > No security issues here. > > 100% same applies to e.g. IID addresses based on Ethernet > MAC-addresses. > > If IID is trackable like Ethernet MAC, and > implementors/operators don't > realize this, they every probably use the same IID by > default for global > addresses too because that's the easiest way. And thus the > problems.
=> Agreed. Hence, RFC3041, which is generic for all IPv6 nodes. So an implementer of a cellular host can follow RFC3041 too. > > I'm not saying this is a critical thing, but if e.g. IID is > derived from > the e.g. cellular subscription ID's, _some_ might disagree. > So I think > this issue should be brought in the open, e.g.: > > --8<-- > This means that 3GPP networks will already provide a > limited form of addressing privacy, and no global > tracking of a > single host is possible through its address > --8<-- > > ==> if IID part of a global address is trackable, the > prefix part of the > address is irrelevant and this argument would be moot. (Of course > depending a bit on the exact details of 'addressing privacy'.) => The IID part for link-local addresses is essentially a random number. There is nothing in 3GPP that specifies how it should be generated.In fact, depending on how you implement the GGSN, you could use the same IID for all decives because each link is p2p and each device has a separate prefix. So, maybe we can add something to say that hosts are encouraged to use 3041. But there is no globally unique token in the IID that will make a 'device or user' trackable. Hesham -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
