Diff: draft-thaler-6lo-privacy-considerations-00.txt - draft-thaler-6lo-privacy-considerations-01.txt

	< draft-thaler-6lo-privacy-considerations-00.txt	draft-thaler-6lo-privacy-considerations-01.txt >

	Network Working Group D. Thaler	Network Working Group D. Thaler
	Internet-Draft Microsoft	Internet-Draft Microsoft

	Intended status: Informational September 25, 2015	Intended status: Informational October 2, 2015
	Expires: March 28, 2016	Expires: April 4, 2016


	6LoWPAN Privacy Considerations	Privacy Considerations for IPv6 over Networks of Resource-Constrained
	draft-thaler-6lo-privacy-considerations-00	Nodes
		draft-thaler-6lo-privacy-considerations-01

	Abstract	Abstract

	This document discusses how a number of privacy threats apply to	This document discusses how a number of privacy threats apply to

	6LoWPAN technologies, and provides advice to protocol designers on	technologies designed for IPv6 over networks of resource-constrained
	how to address such threats in IPv6-over-foo adaptation layer	nodes, and provides advice to protocol designers on how to address
	specifcations.	such threats in IPv6-over-foo adaptation layer specifcations.

	Status of This Memo	Status of This Memo

	This Internet-Draft is submitted in full conformance with the	This Internet-Draft is submitted in full conformance with the
	provisions of BCP 78 and BCP 79.	provisions of BCP 78 and BCP 79.

	Internet-Drafts are working documents of the Internet Engineering	Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute	Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-	working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.	Drafts is at http://datatracker.ietf.org/drafts/current/.

	Internet-Drafts are draft documents valid for a maximum of six months	Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any	and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference	time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."	material or to cite them other than as "work in progress."


	This Internet-Draft will expire on March 28, 2016.	This Internet-Draft will expire on April 4, 2016.

	Copyright Notice	Copyright Notice

	Copyright (c) 2015 IETF Trust and the persons identified as the	Copyright (c) 2015 IETF Trust and the persons identified as the
	document authors. All rights reserved.	document authors. All rights reserved.

	This document is subject to BCP 78 and the IETF Trust's Legal	This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents	Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of	(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents	publication of this document. Please review these documents

	skipping to change at page 4, line 32 ¶	skipping to change at page 4, line 32 ¶
	If, on the other hand, the devices being scanned for do not implement	If, on the other hand, the devices being scanned for do not implement
	a "stealth mode", but respond with TCP RST or ICMP Echo Reply	a "stealth mode", but respond with TCP RST or ICMP Echo Reply
	packets, then the address scan is not limited by the ICMP unreachable	packets, then the address scan is not limited by the ICMP unreachable
	rate limit in routers, since the attacker can determine the presence	rate limit in routers, since the attacker can determine the presence
	of a host without them. In such cases, more bits of entropy would be	of a host without them. In such cases, more bits of entropy would be
	needed to provide the same level of protection.	needed to provide the same level of protection.

	3. Potential Approaches	3. Potential Approaches

	The table below shows the number of bits of entropy currently	The table below shows the number of bits of entropy currently

	available in various 6LoWPAN technologies:	available in various technologies:

	+---------------+--------------------------+--------------------+	+---------------+--------------------------+--------------------+
	\| Technology \| Reference \| Bits of Entropy \|	\| Technology \| Reference \| Bits of Entropy \|
	+---------------+--------------------------+--------------------+	+---------------+--------------------------+--------------------+
	\| 802.15.4 \| [RFC4944] \| 16+ or any EUI-64 \|	\| 802.15.4 \| [RFC4944] \| 16+ or any EUI-64 \|
	\| Bluetooth LE \| [I-D.ietf-6lo-btle] \| 48 \|	\| Bluetooth LE \| [I-D.ietf-6lo-btle] \| 48 \|
	\| DECT ULE \| [I-D.ietf-6lo-dect-ule] \| 40 or any EUI-48 \|	\| DECT ULE \| [I-D.ietf-6lo-dect-ule] \| 40 or any EUI-48 \|
	\| MS/TP \| [I-D.ietf-6lo-6lobac] \| 8 or 64 \|	\| MS/TP \| [I-D.ietf-6lo-6lobac] \| 8 or 64 \|
	\| ITU-T G.9959 \| [RFC7428] \| 8 \|	\| ITU-T G.9959 \| [RFC7428] \| 8 \|
	\| NFC \| [I-D.ietf-6lo-nfc] \| 6 or ??? \|	\| NFC \| [I-D.ietf-6lo-nfc] \| 6 or ??? \|
	+---------------+--------------------------+--------------------+	+---------------+--------------------------+--------------------+


	6LoWPAN technologies generally support either IEEE identifiers or so	Such technologies generally support either IEEE identifiers or so
	called "Short Addresses", or both, as link layer addresses. We	called "Short Addresses", or both, as link layer addresses. We
	discuss each in turn.	discuss each in turn.

	3.1. IEEE-Identifier-Based Addresses	3.1. IEEE-Identifier-Based Addresses


	Some 6LoWPAN technologies allow the use of IEEE EUI-48 or EUI-64	Some technologies allow the use of IEEE EUI-48 or EUI-64 identifiers,
	identifiers, or allow using an arbitrary 64-bit identifier. Using	or allow using an arbitrary 64-bit identifier. Using such an
	such an identifier to construct IPv6 addresses makes it easy to use	identifier to construct IPv6 addresses makes it easy to use the
	the normal LOWPAN_IPHC encoding with stateless compression, allowing	normal LOWPAN_IPHC encoding with stateless compression, allowing such
	such IPv6 addresses to be fully elided in common cases.	IPv6 addresses to be fully elided in common cases.

	Interfaces identifiers formed from IEEE identifiers can have	Interfaces identifiers formed from IEEE identifiers can have
	insufficient entropy unless the IEEE identifier itself has sufficient	insufficient entropy unless the IEEE identifier itself has sufficient
	entropy, and enough bits of entropy are carried over into the IPv6	entropy, and enough bits of entropy are carried over into the IPv6
	address to sufficiently mitigate the threats. Privacy threats other	address to sufficiently mitigate the threats. Privacy threats other
	than "Correlation over time" can be mitigated using per-network	than "Correlation over time" can be mitigated using per-network
	randomized IEEE identifiers with 46 or more bits of entropy. A	randomized IEEE identifiers with 46 or more bits of entropy. A
	number of such proposals can be found at	number of such proposals can be found at
	<https://mentor.ieee.org/privecsg/documents>, and Section 10.8 of	<https://mentor.ieee.org/privecsg/documents>, and Section 10.8 of
	[BTCorev4.1] specifies one for Bluetooth. Using IPv6 addresses	[BTCorev4.1] specifies one for Bluetooth. Using IPv6 addresses

End of changes. 7 change blocks.
	15 lines changed or deleted	16 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/