Yes, the debate is continuing. The crux of the problem
in the
IETF document you point to here is in dealing with
"Autoconfiguration" for IPv6 and DHCP. A bit of a better
overview would be in the IESG document at:
http://www.ietf.org/internet-drafts/draft-iesg-serno-privacy-00.txt
In part it makes some certain suggestions that the IETF is
debating currently in the IPv6 mailing list and working group of
which I am a member. The most important elements taken from
this draft document I point to here are as follows:
"Implementations of protocols which use protocol elements derived
from hardware serial numbers SHOULD provide users with the ability
to
either omit those elements entirely, or select an alternative
means of
deriving those protocol elements. For instance, to avoid
exposure, a
user might prefer to set the IPv6 address via manual configuration
or
DHCPv6 [DHCPv6] rather than by using stateless autoconfiguration.
Protocol elements that contain hardware
serial numbers should be
considered opaque to any applications that use them. Applications
SHOULD NOT attempt to interpret the hardware serial number portion
of
such protocol elements, and MUST NOT depend on the hardware serial
numbers for proper operation.
4. Countermeasures
Countermeasures should be evaluated in
relation to risk. For
instance, there is little additional risk in exposing the hardware
address of a single stationary host that is assigned a static
IP
address.
Depending on the environment, there may
be one or more means of
instructing an operating system or application to use a different
serial
number in various protocols. For instance, it may be possible
to set
the MAC address of an ethernet card to some value other than
the
default.
In some environments, it may be possible
to use network address
translators (NATs), firewalls, or proxies to hide use of particular
hosts, or make substitutions for protocol elements that contain
hardware
serial numbers. However, such solutions have severe limitations
which
are beyond the scope of this memo. [NAT-ARCH1], [NAT-ARCH2]."
J. Baptista wrote:
TELECOM Digest Thu, 14 Oct 99 03:29:00 EDT Volume 19 : Issue 480Regards,Date: Tue, 12 Oct 99 21:04 PDT
From: [EMAIL PROTECTED] (Lauren Weinstein)
Subject: IPv6 Identifier Privacy Issues: The RealityGreetings. Many of you will by now be aware of all the publicity
surrounding reported privacy problems associated with IPv6 (a new
version of the Internet IP communications protocol) currently being
developed under the auspices of the IETF (Internet Engineering Task
Force).Executive Summary: "Don't Panic!"
Some Background:
The concerns revolve around the use of hardware identifiers
(e.g. Network Interface Card IDs) as part of IPv6 packet addressing.
It has been asserted that this would enable tracking of individuals'
activities on the net much more easily than is the case today, and
bring forth a new range of privacy problems.It's of course necessary to have some form of addressing in computer
networks, or you wouldn't be able to read this message right now. The
packets have to know where they're headed. In practice, the existing
Internet protocol (IPv4) provides much the same kind of information in
many cases, particularly when "static" (unchanging) addresses are in
use. Static addresses are the norm for conventional permanent circuit
connections to the net, and increasingly common for DSL and cable
modems.The IPv6 idea of a unique identifier derived from hardware was
intended to help make sure that address duplication would not occur
between different machines -- a continuing headache for present-day
network administrators. It is also considered important to the
authentication and security improvements of IPv6.The risk of such data potentially being misused would appear to be
highest in "mobile" applications, significantly less in dialup
Internet access environments (since many such computers wouldn't even
possess the hardware ID), and least important in permanently linked
dedicated circuit situations, where a static address already provides
an essentially unchanging identity, even in today's environment.The Good News:
To the extent that the permanent IDs are considered to be a privacy
problem, it's obvious that existing technologies such as proxy servers
could be used to wall off identifiers.This could well prove to be unnecessary, however. It appears that
many of the folks raising the red flag on this issue may be unfamiliar
with the fact that the IETF has been aware of these privacy concerns
regarding the permanent identifier, and that they have been addressed
in the IETF June 1999 Draft:"Privacy Extensions for Stateless Address Autoconfiguration in IPv6"
http://www.ietf.org/internet-drafts/draft-ietf-ipngwg-addrconf-privacy-00.txtThe above referenced document gives an excellent overview of the
issues involved and a proposed solution to address the privacy
concerns. It would seem prudent to encourage the adoption of this
proposal into the IPv6 specification, and to urge its implementation
by IPv6 developers and vendors, ideally as the default mode under user
control.--Lauren--
Lauren Weinstein
[EMAIL PROTECTED]
Moderator, PRIVACY Forum --- http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Host, "Vortex Reality Report & Unreality Trivia Quiz"
--- http://www.vortex.com/reality
--
Jeffrey A. Williams
Spokesman INEGroup (Over 95k members strong!)
CEO/DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail [EMAIL PROTECTED]
Contact Number: 972-447-1894
Address: 5 East Kirkwood Blvd. Grapevine Texas 75208
