Re: Comments on draft-nordmark-multi6-threats-01

[Brian E Carpenter <brc@zurich.ibm.com>]

marcelo bagnulo braun wrote:
> El 10/06/2004, a las 20:30, Erik Nordmark escribió:
>
> > > i guess that also in this point, we should follow the general criteria
> > > of not making things worse than currently are.
> > > SO the level of privacy provided in current single homed IPv6 should be
> > > provided in multihoming, i guess.
> > >
> > > (a possibility could be to include the current level of privacy support
> > > in IPv6, just as the other current state of the art are presented.)
> >
> >
> > Good point.
> > I guess we can start with IPv4 where in some cases (dialup being the
> > prime example) the IPv4 addresses change over time.
> > In IPv6 the temporary addresses RFC provide a way to make it
> > harder to correlate packets from the same machine over time.
> >
> > So I think the "do no harm" criteria means that the introduction
> > of multihoming support should still provide the same ability as we
> > have in IPv6 with temporary addresses.
>
> agree
> i guess it should also be noted that in order to be reachable, a node 
> has to have a stable IP address (stable means compatible with DNS times 
> for instance) (which is obvious anyway, that in order to be reachable a 
> node cannot be anonymous :-)

And we have to be a bit careful here too. The applicability of RFC 3041,
or of CGAs which are the same but more so, is probably not to corporate
networks (which is what the word "site multihoming" makes me think of).
A network that is grown-up enough to require multihoming has almost
certainly given up anonymity at the /48 level already, and at that point
anonymity at the /128 level may not have much value. On the contrary,
traceability of /128s may be *required*.

   Brian