Dear All,
I support to have a semi stable private address. But very much
against the idea of replacing EUI-64 addresses. The client application
based on the policy should pick pivate or EUI-64 addresses.
Note: - Nothing stops me to pick MAC addresses from no longer existing
vendor e.g DEC
I think the proper implementation of RFC 3041 or/and 4941 can solve your
problem
Best Regards,
Janos Mohacsi
Head of HBONE+ project
Network Engineer, Director Network and Multimedia
NIIF/HUNGARNET, HUNGARY
Co-chair of Hungarian IPv6 Forum
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
On Fri, 20 Apr 2012, Dominik Elsbroek wrote:
Personally I support this draft. But would like to see stable privacy
enhanced addresses as a replacement for IEEE-based addresses since
they allow an attacker to infer to the vendor of a NIC. On OUIs of
Apple Inc. they also allow conclusion to the operating system.
Thus an attacker gets more information by an IPv6 address than they
should in my opinion.
Cheers,
Dominik
On Thu, Apr 19, 2012 at 22:17, Fernando Gont <[email protected]> wrote:
On 04/19/2012 10:34 AM, Eliot Lear wrote:
It's not an argument against RFc4941, but rather an argument that even
with RFC4941, you still need to do something about the IEEE-based IIDs.
At the Paris IETF, some folks argued that if you have RFC 4941 in place,
you don't need draft-gont-6man-stable-privacy-addresses. Section 7 of
draft-gont-6man-stable-privacy-addresses (which should be an Appendix,
rather than a section in the main body of the document) illustrates that
that's not the case: even if you're employing RFC4941, you're still
subject to host-scanning attacks and host tracking.
Well, host scanning at least. Host tracking depends on the implementation.
Not sure what you mean. If you don't do
draft-gont-6man-stable-privacy-addresses, you do either IEEE-derived
IIDs, or the randomized-but-stable-across-networks Windows IIDs. -- And
as long as you have stable-across-networks IIDs, you can be tracked.
How do you arrive to the conclusion that people might want to use this
instead of CGAs??
As noted in the I-D tihs mechanism is meant to be a replacement for IIDs
based on IEEE identifiers. This is orthogonal to RFC4941 and orthogonal
to CGAs.
I know what you mean. That matters less than how other people make use
of the work.
We can't produce specs for people that cannot read and understand specs.
draft-gont-6man-stable-privacy-addresses solves a real and existing problem.
To me, "people using draft-gont-6man-stable-privacy-addresses instead of
CGAs" makes as much sense as "people using
draft-gont-6man-stable-privacy-addresses instead of TCP" -- I don't even
know how that might happen, and I've not heard your reasoning of why
that might happen.
Cheers,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
