Node Requirements: Issue 14 - Privacy Extensions

To: ipv6 at ietf.org
Subject: Node Requirements: Issue 14 - Privacy Extensions
From: Thomas Narten <narten at us.ibm.com>
Date: Fri, 24 Jul 2009 10:34:45 -0400
Delivered-to: ipv6 at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>

The document currently says:

>    5.7.3.  Privacy Extensions for Address Configuration in IPv6 - RFC 4941
> 
>    Privacy Extensions for Stateless Address Autoconfiguration [RFC4941]
>    SHOULD be supported.  It is recommended that this behavior be
>    configurable on a connection basis within each application when
>    available.  It is noted that a number of applications do not work
>    with addresses generated with this method, while other applications
>    work quite well with them.

IMO, additional context is needed. As 4941 itself states, RFC 4941 is
only useful for mobile devices -- devices that actually move around
within the network. Servers generally do not do that. Plus, servers
are by definition visible (so folk can access them). Thus, in the case
of servers, a blanket SHOULD is not appropriate. I'd like to propose
the following replacement text:

   Privacy Extensions for Stateless Address Autoconfiguration
   [RFC4941] addresses a specific problem involving a mobile device
   that regularly changes its point of attachment to the
   Internet. When using Stateless Address Autoconfiguration [RFC
   4862], the Interface Identifier portion of formed addresses stays
   constant and is globally unique. Thus, although a node's global
   IPv6 address will change as it changes its point of attachment, the
   Interface Identifier portion of those addresses remain the same,
   making it possible for servers to track the location of an
   individual device as it moves around. This may raise privacy
   concerns as described in [RFC 4862].

   That said, the problem addressed by Privacy Extensions only happen
   when a device regularly changes its point of attachment (i.e., for
   mobile devices) and where the mobile device is associated with a
   single (or small number) of users In such sitatuations, privacy may
   be a concern and RFC4941 SHOULD be implemented. In other cases,
   RFC4941 provides limited or no benefit. In particular, RFC4941
   provide little benefit to servers.
   
Note also that I propose dropping:

   It is recommended that this behavior be configurable on a
   connection basis within each application when available.  It is
   noted that a number of applications do not work with addresses
   generated with this method, while other applications work quite
   well with them.

The above recommendation is not in RFC 4941, and I do not believe it
is appropriate for an AS to be adding a requirement that 4941 itself
does not mention.

Comments?

Thomas

Follow-Ups:
- RE: Node Requirements: Issue 14 - Privacy Extensions
  - From: Hongyu Li
- RE: Node Requirements: Issue 14 - Privacy Extensions
  - From: john.loughney

Prev by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by Date: Re: Node Requirements: Issue 13 - CGA/SeND support
Previous by thread: Re: Node Requirements: Issue 13 - CGA/SeND support
Next by thread: RE: Node Requirements: Issue 14 - Privacy Extensions
Index(es):
- Date
- Thread

Node Requirements: Issue 14 - Privacy Extensions

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.