On Aug 3, 2011, at 10:53 AM, Jay Ashworth wrote: > ----- Original Message ----- >> From: "Owen DeLong" <[email protected]> > >> On Aug 3, 2011, at 6:55 AM, Jay Ashworth wrote: >>> You guys aren't *near* paranoid enough. :-) >>> >>> If the ISP >>> >>> a) Assigns dynamic addresses to customers, and >>> b) changes those IPs on a relatively short scale (days) >>> >>> then >>> >>> c) outside parties *who are not the ISP or an LEO* will have a >>> relatively harder time tying together two visits solely by the IP >>> address. >> >> ROFL... Yeah, right... Because the MAC suffix won't do anything. > > Did I mention I haven't implemented v6 yet? :-) >
No, you didn't. Perhaps you should spend some time learning about it before you opine on how it should or should not be implemented. FWIW, I have implemented IPv6 in multiple organizations, including my home where I've been running with it for several years. > *Really*? It bakes the endpoint MAC into the IP? Well, that's miserably > poor architecture design. > It can and it is a common default. It is not required. It's actually rather elegant architecture design for the goals it was implemented to accomplish. >>> While this isn't "privacy", per se, that "making harder" is at least >>> somewhat useful to a client in reducing the odds that such >>> non-ISP/LEO >>> parties will be unable to tie their visits, assuming they've >>> controlled >>> the items they *can* control (cookies, flash cookies, etc). >> >> Which is something, what, 1% of people probably even know how to do, >> let alone practice on a regular basis. > > Yup; let's go out of our way to penalize the smart people; that's a > *great* plan; I so enjoy it when people do it -- and they do it *far* > too often for my tastes. > No, my point is that if you use RFC-4193, there's not really much benefit from altering the prefix, so, nobody gets penalized and you can still have static addresses. Further, I consider myself relatively smart and by not having static prefixes, you're blocking things I want, so, arguably dynamic prefixes also penalize the smart people. >>> Imperfect security != no security, *as long as you know where the >>> holes are*. >> >> If people want this, they can use RFC-4193 to just about the same >> effect. The ISP modifying the prefix regularly simply doesn't do much. > > I'll make a note of it. > Let me know if you have further questions. Owen
smime.p7s
Description: S/MIME cryptographic signature
