On 03/27/2012 04:44 PM, Dominik Elsbroek wrote: > since I got confused on the discussion in the plenary this morning: I > think we have to consider that having a temporary address like defined > in RFC 4941 does not prevent from or even mitigates the scanning > problem mentioned this morning in discussion.
Exactly. That's why we need stable privacy-enhanced addresses regardless of whether one implements RFC 4941. > Scanning MAC-address > derived addresses on hosts using privacy extension keeps possible and > feasible since the privacy address is only an additional address. The > address derived by the MAC address is still reachable and a valid > address (like a have just tested on my macbook just to be sure). Thus > it is still possible to scan an IPv6 network by iterating over the > changing 24 bits. Agreed. > So I don't agree with the sentence: "Clearly, temporary addresses can > help reduce the attack exposure window, since the lifetime of each > IPv6 address is reduced when compared to that of addresses generated > with the method specified in this document." in > draft-gont-6man-stable-privacy-addresses-00.txt. What I meant is that if the attacker knows the host adresess, then attack exposure is a bit reduced for the temporary addresses, simply because their lifetime is shorter. But yes, this "reduced exposure" is really debatable. The lifetime of temporary addresses is usually long enough that, in practice, they don't really reduce exposure. I will try to fix this in the next rev. (thanks for pointing this out!) > The only goal achieved by using a temporary address (_and_ using it) > is privacy in that way, a website, or any other third party service, > cannot track a user also in case of prefix changes. Well, draft-gont-6man-stable-privacy-addresses addresses this point, without the management burden usually implied by temporary addresses. Temporary addresses could, in some sense, prevent correlation of different activities of the same node from the same network... but unless you use an insanely short lifetime, the lifetime is long enough that these addresses do not prevent much of this possible "correlation". > In my opinion > there is no security related reason to use privacy extension. So far, there is/was, because we didn't/don't have yet standardized stable privacy addresses... Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
