ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: The Internet and the Law, the Economist, 13-19 January 2001

2001-01-15 11:20:02
from [Charles E. Perkins] [Permanent Link] 

Hello,

It seems to me that Mobile IPv6 could go a long way towards
solving this problem, in conjunction with some sort of automatic
home address assignment capability.  This topic has been already
discussed in connection with the need to support automatic
renumbering.  Further work could be done by designing a method
of assigning such a home address to the IPv6 node based on
some other means of identification (e.g., NAI).  We already
have some specifications about how to do this for IPv4, using
AAA and Mobile IPv4.

The basic scenario could be as follows:
- An application (or, alternatively, some application context)
  running on some IPv6 node wants to communicate using an
  address that isn't related to its previous addresses
- The node gets a home address from some network that offers
  such a service
- The node uses Mobile IPv6 mechanisms for packet transmission
  to and from its communications partner -- without having to
  go through the home network from which the home address
  was assigned.

This is also related to recent ideas about "homeless Mobile IPv6".
Crucial to effective operation, however, will be the ability to
set up temporary security associations, to avoid unauthorized
redirection of traffic flows to and from the newly assigned
IPv6 address.

Regards,
Charlie P.



Sean Doran wrote:


| Sean, re the IPv6 myth propagated in this article, see
| http://playground.sun.com/ipng/specs/ipv6-address-privacy.html

Yes, this solves the lower-8-bytes in a notional 8+8, in the
sense that it is an identifier of "who", but the draft in question
does not seem to deal with the nature of the "where" part of a
notional 8+8 address.   That is, if some set of bits uniquely
identify an always-on residential computer (or some other device
fixed in the topology), the randomization of the lower 8 bytes
as in §3.2.1 of draft-ietf-ipng-addrconf-privacy-04.txt
does not really help, since only one device anywhere will
be using the pattern in that host's top 64 bits.

Three obvious approaches come to mind: change one's relationship
to the global topology using virtual connections (i.e., tunneling),
change the entire topology's numbering (i.e., global DHCP-like
address leasing even for the biggest ISPs) or use 1:1 NAT at network
boundaries, such that a block of N addresses is directly translated
into an equal-sized block of N addresses expressed with a different
bit pattern.  All of these effectively divorce the topological
address from the identity, in the sense that getpeername(2) might
return two distinct results, viz. where (from the packet header)
or who (from some other protocol).  All three also break the
permanence or globalness or both of an IPv6 address to host mapping.

I will say however that I concur with the comment in §4 ibid., "The
desires of protecting individual privacy vs. the desire to effectively
maintain and debug a network can conflict with each other."   It will
be interesting to see how the IPv6 architecture will evolve now
that these issues are being given more attention, given that some
architectures will have greater conflict than others.

        Sean.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The Internet and the Law, the Economist, 13-19 January 2001, Steven M. Bellovin
Next by Date:  RE: The Internet and the Law, the Economist, 13-19 January 2001, Christian Huitema
Previous by Thread:  Re: The Internet and the Law, the Economist, 13-19 January 2001, Sean Doran
Next by Thread:  Re: The Internet and the Law, the Economist, 13-19 January 2001, Francis Dupont
Indexes:  [Date] [Thread] [Top] [All Lists]