Iljitsch van Beijnum wrote:
On 21 feb 2008, at 16:34, Harald Alvestrand wrote:
Think of the case where there are 1000 users on a LAN, and one of them
desires to use the address privacy option for all the normal reasons.
Then think about the policeman / bad guy / secret agent / mafioso with a
trace of all traffic from that LAN - he can immediately say that the 999
were using non-privacy-enhanced addresses, and the resulting trace will
show him immediately what the 1000th was up to, no matter how many times
he changed his address.
I'm assuming you mean "a trace of the activities of addresses from
that LAN as seen from elsewhere", because if they can sniff the LAN
they can also see the link addresses.
But what the good/bad guy sees is 1099 addresses, 999 of which are
used for somewhat long periods, and 100 of which are used for somewhat
short periods. They don't know how many users there were on the LAN,
although they can probably guess to within 10% or so based on the
amount of traffic. They also don't have any way to know which user was
using which privacy address at any given time unless they had a much
more intimite view of the LAN in question.
Unless you implement an identifiable format for privacy enhanced
addresses; in that case they can 100% accurately say that 100 addresses
were "used by someone with something to hide".
That was the idea I was trying to point out the bad sides of.
IETF mailing list