RE: Perils of structured host identifiers (was: Modified EUI-64 format)

To: Christian Huitema <huitema at windows.microsoft.com>, Rémi Després <remi.despres at free.fr>, Brian E Carpenter <brian.e.carpenter at gmail.com>
Subject: RE: Perils of structured host identifiers (was: Modified EUI-64 format)
From: Dave Thaler <dthaler at windows.microsoft.com>
Date: Tue, 7 Jul 2009 19:42:51 +0000
Accept-language: en-US
Cc: 6man <ipv6 at ietf.org>, Xing Li <xing at cernet.edu.cn>, Behave WG <behave at ietf.org>
Delivered-to: ipv6 at core3.amsl.com
In-reply-to: <6B55F0F93C3E9D45AF283313B8D342BA0436FB0A at TK5EX14MBXW652.wingroup.windeploy.ntdev.microsoft.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <E4561B14EE2A3E4E9D478EBFB5416E1B0A2F5A at TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com> <18256DC3-184D-48FE-B37C-2F9867597304 at free.fr> <E4561B14EE2A3E4E9D478EBFB5416E1B0A5745 at TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com> <EB331E19-8164-4805-A412-4686D16C955F at free.fr> <4A4F5F9A.40202 at gmail.com> <268554C4-E415-492E-B950-4B9531F53CEA at free.fr> <6B55F0F93C3E9D45AF283313B8D342BA0436FB0A at TK5EX14MBXW652.wingroup.windeploy.ntdev.microsoft.com>
Thread-index: AQHJ/laViOX9VxMZ50+8rdgQa5jI6JBqeFag
Thread-topic: Perils of structured host identifiers (was: Modified EUI-64 format)

Christian Huitema wrote:
[...]
> Structured identifiers are not compatible with privacy address
> extensions. Moreover, embedding addresses in identifiers discloses
> information that would otherwise have remained hidden behind the NAT
> and the firewall. The IPv4 address encoded in the host identifier is
> passed to third parties, stored in server logs. The third parties now
> have access to the local addresses used inside the corporation. They
> can analyze subnet structure. At a minimum, this should be a privacy
> concern.
[...]

Agree, this is captured in the recently posted
draft-thaler-behave-translator-addressing-00.txt
section 3.1 point 6:

  When the IPv4 network is a private network for which the topology
  is considered sensitive information, the algorithm SHOULD provide
  a way to hide the details of the internal IPv4 subnetting scheme.
  Note that there may be other mechanisms of discovering the
  topology beyond merely inspecting addresses, so while this is not
  sufficient in itself, it is a necessary component of any larger
  solution.  Also note that providing this capability conflicts
  with requirement 3.

Aside: I just discovered the end is a typo (it shouldn't be "3"), it's
referring to the use of dotted-decimal in the textual representation
of IPv6 addresses with embedded IPv4 addresses, which makes
management and troubleshooting easier (which is also listed as
a SHOULD and hence the note that you can't meet both SHOULDs).

-Dave

References:
- Re: [BEHAVE] Modified EUI-64 format
  - From: Rémi Després
- Re: [BEHAVE] Modified EUI-64 format
  - From: Brian E Carpenter
- Re: [BEHAVE] Modified EUI-64 format
  - From: Rémi Després
- Perils of structured host identifiers (was: Modified EUI-64 format)
  - From: Christian Huitema

Prev by Date: Re: Perils of structured host identifiers (was: Modified EUI-64 format)
Next by Date: RE: Perils of structured host identifiers (was: Modified EUI-64 format)
Previous by thread: Re: [BEHAVE] Perils of structured host identifiers (was: Modified EUI-64 format)
Next by thread: Fwd: New Version Notification for draft-arifumi-6man-addr-select-conflict-00
Index(es):
- Date
- Thread

RE: Perils of structured host identifiers (was: Modified EUI-64 format)

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.