[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposed Resolution of Issues [1-37]
At 09:33 2/09/2005 +0100, Tim Chown wrote:
Issue 24 - so what text will you use?
:)
In the background Elwyn worked with us on this aspect. The
text to replace Ch4.4 is below. We feel that text looks more balanced
now.
This replacement text will be in the NAP-02 draft.
<snip>
4.4. Privacy and Topology Hiding
using IPv6
Partial host privacy is achieved in IPv6 using pseudo-random
privacy
addresses [RFC 3041] which are generated as required, so
that a
session can use an address that is valid only for a limited
time.
Exactly as with IPv4 NAT, this only allows such a session to
be
traced back to the subnet that originates it, but not
immediately to
the actual host.
Due to the large IPv6 address space available there is
plenty of
freedom to randomize subnet allocations. By doing
this, it is
possible to reduce the correlation between a subnet and its
location.
When doing both subnet and IID randomization [RFC 3041] a
casual
snooper won't be able to deduce much about the networks
topology.
The obtaining of a single address will tell the snooper very
little
about other addresses. This is different from IPv4
where address
space limitations cause this to be not true. In most
usage cases
this concept should be sufficient for address privacy and
topology
hiding.
In the case where a network administrator wishes to fully
conceal the
internal IPv6 topology, and the majority of its host
computer
addresses, a possible option is to run all internal traffic
using
Unique Local Addresses (ULA) since such packets can by
definition
never exit the site. For hosts that do in fact need to
generate
external traffic, by using multiple IPv6 addresses (ULAs and
one or
more global addresses), it will be possible to hide and mask
some or
all of the internal network. As discussed in Section
3.1, there are
multiple parts to the IPv6 address, and different techniques
to
manage privacy for each.
There are two possible scenarios for the extreme situation
when a
network manager also wishes to fully conceal the internal
IPv6
topology.
o One could use explicit host routes and remove the
correlation
between location and IPv6 address.
This solution does however
show severe scalability issues.
o The other technology to fully hide the internal
topology would be
to use a tunneling mechanism. Mobile
IPv6 without route
optimization is one example. In this
example the public facing
addresses are indirected via an edge Home
Agent (HA). This
indirection method truly masks the
internal topology as all nodes
with global access appear to share a
common subnet. The downside
of using this method is that it makes
usage of middleware like a
Home Agent (HA).
<end snip>
Brgds,
G/