Re: Comments on draft-nordmark-multi6-threats-01

[Iljitsch van Beijnum <iljitsch@muada.com>]

On 9-jun-04, at 3:20, Christian Huitema wrote:

> If by identifiers you mean the last 64 bits of an IPv6 address, then I
> certainly disagree. Mandating that hosts should use the same bottom 64
> bits on every interface would have some severe privacy implications. 
> The
> basic assumption should be that third parties should not be able to
> correlate addresses/locators used on different interfaces or on
> different networks without the host consent.

I don't understand what you're saying.

Obviously we don't want to force people to use the same bottom 64 bits 
for different addresses that are otherwise unrelated, as this imposes 
limitation on address creation as it exists today.

But on the other hand, it makes little sense to generate addresses that 
can't be correlated and then publish a relationship between those 
addresses in the DNS or reveal this relationship in negotiations with 
correspondents.

The addresses used in multihoming are basically different sides of the 
same coin, and as such there should be no expectation of privacy here. 
This is especially true in the case of site multihoming, where leakage 
of the relationship between two addresses within two prefixes creates a 
strong presumption that other addresses within those prefixes are 
related too.

As long as it's possible to use RFC 3041 like mechanisms where the 
identifiers are changed periodically, hosts that desire to hide their 
long-term identity within the site can do so. Wouldn't that be good 
enough?

> I think SEND is doing the exact right thing, from a privacy and 
> security
> point of view.

No, they're FORCING other people to do what they think is the right 
thing. That's not good. People should be able to choose whether they 
want to do this or not.