Re: Node Requirements: Issue 14 - Privacy Extensions

To: Dave Thaler <dthaler at microsoft.com>
Subject: Re: Node Requirements: Issue 14 - Privacy Extensions
From: Tim Chown <tjc at ecs.soton.ac.uk>
Date: Wed, 29 Jul 2009 16:12:03 +0100
Cc: Thomas Narten <narten at us.ibm.com>, "john.loughney at nokia.com" <john.loughney at nokia.com>, "ipv6 at ietf.org" <ipv6 at ietf.org>, Brian E Carpenter <brian.e.carpenter at gmail.com>
Delivered-to: ipv6 at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha1; c=simple/simple; d=ecs.soton.ac.uk; s=200903; t=1248880346; bh=RhEsQJ0IBFKv0Hb03t/DJWb3UE4=; h=References:From:To:In-Reply-To:Mime-Version:Subject:Date:Cc; b=08CKSTMw6CqJVupctiyyQDOqliil0Ne5nwD9Vc4dzrrXGb3HVIWdGr2An/8/eEnpA s+enpB+nDeLf0LUJ7N/oP2bXWlY3J6y7aOSpT+vpAAlNLFmmGuMvnrdaHfs5+NmkiE Optnt88F95odNwqBkbPc4iJtWdO/yJXUTcRcd5Lc=
In-reply-to: <E4561B14EE2A3E4E9D478EBFB5416E1B16805B at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com>
List-archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-help: <mailto:ipv6-request@ietf.org?subject=help>
List-id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-post: <mailto:ipv6@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
References: <200907241434.n6OEYjbi008726 at cichlid.raleigh.ibm.com> <1F18D6510CF0474A8C9500565A7E41A2054A332BAD at NOK-EUMSG-02.mgdnok.nokia.com> <4A6CD0CE.1060207 at gmail.com> <200907281806.n6SI6juE002112 at cichlid.raleigh.ibm.com> <20090728222407.GC28920 at login.ecs.soton.ac.uk> <EMEW3|82c357b1f2fe3af7f095a2d2c4394739l6RNOP03tjc|ecs.soton.ac.uk|2407.GC28920 at login.ecs.soton.ac.uk> <E4561B14EE2A3E4E9D478EBFB5416E1B16805B at TK5EX14MBXW653.wingroup.windeploy.ntdev.microsoft.com> <4772ECD3-3EE8-44DE-8985-3B328C5201B4 at ecs.soton.ac.uk>

That would be better, I agree.

--
Tim

On 29 Jul 2009, at 12:33, Dave Thaler <dthaler at microsoft.com> wrote:

Tim's wording is better but still uses the word
"connections" which implies TCP to many readers, and hence
I prefer "communication".

-----Original Message-----

From: ipv6-bounces at ietf.org [mailto:ipv6-bounces at ietf.org] OnBehalf Of

Tim Chown
Sent: Wednesday, July 29, 2009 12:24 AM
To: Thomas Narten
Cc: john.loughney at nokia.com; ipv6 at ietf.org; Brian E Carpenter
Subject: Re: Node Requirements: Issue 14 - Privacy Extensions

On Tue, Jul 28, 2009 at 02:06:45PM -0400, Thomas Narten wrote:


That said, I generally like Brian's proposed text:


I agree.

  In such situations, RFC4941 SHOULD be implemented. In other

cases,

  RFC4941 provides limited or no benefit.


One possible tweak on the last sentence, how about:

    In such situations, RFC4941 SHOULD be implemented. In other
    cases, such as with standalone servers, RFC4941 provides limited
    or no benefit.

How about - to avoid the 'server' terminology turning it around tosay:


     In such situations, RFC4941 SHOULD be implemented.  However, if
     the node is not expected to initiate connections, or the
potential
     tracking or correlation over time of such connections is not a
     concern, RFC4941 provides limited or no benefit.

  It is
  noted that a number of applications do not work with addresses
  generated with this method, while other applications work

quite

  well with them.


More to the point, there was (at the time) and (probably) still is
today some controversy as to whether the above statement is actually
correct. There have certainly been anectdotes to the effect that
privacy addresses don't work well in some cases (because they aren't
in the DNS properly), but I am also quite sure that the reverse DNS

is

not well populated generally, so its unclear how real an issue that

is

in practice. (For example, those of you that travel a lot willlikelyfind that often the "local" hotel address you are given is not inthe
DNS.)


It's not just reverse DNS issues.   For example I recall a
videoconferencing
app that used multiple connections initiated in different directions
between
two participating hosts.   Between v4 hosts the code assumed a single
global
address was used between peers, and that worked, but when ported to
support
v6 it failed due to attempts to connect back to the observed privacy
address

of the remote peer failing because a firewall hole only existed totalk

to
the peer's 'static' global v6 address.  I suspect similar 'referal'
issues
may happen in other cases.

--
Tim
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------


--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6 at ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

References:
- Node Requirements: Issue 14 - Privacy Extensions
  - From: Thomas Narten
- RE: Node Requirements: Issue 14 - Privacy Extensions
  - From: john.loughney
- Re: Node Requirements: Issue 14 - Privacy Extensions
  - From: Brian E Carpenter
- Re: Node Requirements: Issue 14 - Privacy Extensions
  - From: Thomas Narten
- Re: Node Requirements: Issue 14 - Privacy Extensions
  - From: Tim Chown
- RE: Node Requirements: Issue 14 - Privacy Extensions
  - From: Dave Thaler

Prev by Date: Re: Consensus call on adopting draft-kawamura-ipv6-text-representation
Next by Date: Re: Comments on IPv6 Prefix Subdelegation
Previous by thread: RE: Node Requirements: Issue 14 - Privacy Extensions
Next by thread: Re: Node Requirements: Issue 14 - Privacy Extensions
Index(es):
- Date
- Thread

Re: Node Requirements: Issue 14 - Privacy Extensions

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.