Hi, Zhou, On 03/19/2013 06:14 AM, [email protected] wrote: > > I kind did not understand the privacy issues of RFC4941 describbed in > Appendeix A. > To my reading and understanding of RFC4941, > RFC4941 specified to use privacy/temporary address defined as: > temporary address= subnet Prefix|| Randomized interface identifier > Randomized interface identifier=Hash(fixed interface identifier||64 > bits random bits)_left64bits; > > Compared to the calcualation proposed in > draft-ietf-6man-stable-privacy-addresses-03 > > RID = F(Prefix, Interface_Index, Network_ID, DAD_Counter, secret_key) > _left64bits > > They have no essential difference considering secret_key may be random > bits.
* draft-ietf-6man-stable-privacy-addresses includes the network prefix in the hash. This is introduces a key property of these addresses: they are stable within the local network, but change from one network to another. * RFC 4941 includes the non-random (typically MAC-address-based) in the hash. As a result, you replace the NIC, your address changes. OTOH, draft-ietf-6man-stable-privacy-addresses does not include the MAC address but rather includes the Interface-Index. Hence, even if you change the NIC, your IPv6 address does not change. > I wonder how an attacker can track a host by such randomizide IID? > > The only privacy problem I can think of in RFC4941, is that, a host may > have two addresses at the same time, one public fixed address for > server-function,and one temporay address, > But if only temp address is used,how can a host be tracked across network? Agreed. But RFC4941 states that temporary addresses be generated in addition to the stable address. draft-ietf-6man-stable-privacy-addresses is meant to be an alternative algorithm for generating the stable addresses. As a result, there are no IIDs that are constant across networks, and this issue is mitigated. Thanks, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
