On 06/06/2013 12:24 AM, Alissa Cooper wrote: > I'll try to re-state one of my questions more simply, based on the > -09: > > How is the attack explained in C.4 mitigated by the mechanism > specified in draft-ietf-6man-stable-privacy-addresses-09?
It doesn't. For instance, Section B.1 explicitly says so (and this type of attack is not meant to be solved by stable-privacy-addresses). In some scenarios, it can be mitigated with RFC 4941. Hoawever, as noted in Section C.4, even ith RFC4941 there are scenarios n which yu cannot do much about it. >>> Which correlation attack vectors do random-per-network addresses >>> mitigate that temporary addresses do not? >> >> See appendix B of drat-ietf-6man-stable-privacy-addresses. > > I see the above-quoted text has been updated to the following: > > In scenarios in which "temporary addresses" are employed, > implementation of the mechanism described in this document (in > replacement of stable addresses based on e.g. IEEE identifiers) > would mitigate address- scanning attacks and also mitigate the > remaining vectors for correlating host activities based on the node's > IPv6 addresses. > > What "the remaining vectors for correlating host activities based on > the node's IPv6 addresses" actually means is "the remaining vectors > for correlating host activities across networks based on the node's > stable IPv6 address," correct? Yes. If you think it'd be better to phrase it that way, I can update the text accordingly. Thanks! Best regards, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
