Thank you. My question come from the so misleading Appendix A text: "It discusses a (non-exaustive) number of scenarios in which host privacy is still sacrificed even when privacy/temporary addresses [RFC4941] are employed, as a result of employing interface identifiers that are constant across networks (e.g., those resulting from embedding IEEE identifiers)."
"This section describes one possible attack scenario that illustrates that host-tracking may still be possible when privacy/temporary addresses [RFC4941] are employed." Since for a pure client host adopting the privacy/temprory address, the tracking attacks should not success. I think it is better to clarify the text. Fernando Gont <[email protected]> 写于 2013-03-20 12:21:16: > Hi, Zhou, > > On 03/19/2013 06:14 AM, [email protected] wrote: > > > > I kind did not understand the privacy issues of RFC4941 describbed in > > Appendeix A. > > To my reading and understanding of RFC4941, > > RFC4941 specified to use privacy/temporary address defined as: > > temporary address= subnet Prefix|| Randomized interface identifier > > Randomized interface identifier=Hash(fixed interface identifier||64 > > bits random bits)_left64bits; > > > > Compared to the calcualation proposed in > > draft-ietf-6man-stable-privacy-addresses-03 > > > > RID = F(Prefix, Interface_Index, Network_ID, DAD_Counter, secret_key) > > _left64bits > > > > They have no essential difference considering secret_key may be random > > bits. > > * draft-ietf-6man-stable-privacy-addresses includes the network prefix > in the hash. This is introduces a key property of these addresses: they > are stable within the local network, but change from one network to another. > > * RFC 4941 includes the non-random (typically MAC-address-based) in the > hash. As a result, you replace the NIC, your address changes. OTOH, > draft-ietf-6man-stable-privacy-addresses does not include the MAC > address but rather includes the Interface-Index. Hence, even if you > change the NIC, your IPv6 address does not change. > > > > I wonder how an attacker can track a host by such randomizide IID? > > > > The only privacy problem I can think of in RFC4941, is that, a host may > > have two addresses at the same time, one public fixed address for > > server-function,and one temporay address, > > But if only temp address is used,how can a host be tracked across network? > > Agreed. But RFC4941 states that temporary addresses be generated in > addition to the stable address. > > draft-ietf-6man-stable-privacy-addresses is meant to be an alternative > algorithm for generating the stable addresses. As a result, there are no > IIDs that are constant across networks, and this issue is mitigated. > > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: [email protected] > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > >
-------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
