Re: The Internet and the Law, the Economist, 13-19 January 2001
2001-01-15 11:20:02
Hello,
It seems to me that Mobile IPv6 could go a long way towards
solving this problem, in conjunction with some sort of automatic
home address assignment capability. This topic has been already
discussed in connection with the need to support automatic
renumbering. Further work could be done by designing a method
of assigning such a home address to the IPv6 node based on
some other means of identification (e.g., NAI). We already
have some specifications about how to do this for IPv4, using
AAA and Mobile IPv4.
The basic scenario could be as follows:
- An application (or, alternatively, some application context)
running on some IPv6 node wants to communicate using an
address that isn't related to its previous addresses
- The node gets a home address from some network that offers
such a service
- The node uses Mobile IPv6 mechanisms for packet transmission
to and from its communications partner -- without having to
go through the home network from which the home address
was assigned.
This is also related to recent ideas about "homeless Mobile IPv6".
Crucial to effective operation, however, will be the ability to
set up temporary security associations, to avoid unauthorized
redirection of traffic flows to and from the newly assigned
IPv6 address.
Regards,
Charlie P.
Sean Doran wrote:
| Sean, re the IPv6 myth propagated in this article, see
| http://playground.sun.com/ipng/specs/ipv6-address-privacy.html
Yes, this solves the lower-8-bytes in a notional 8+8, in the
sense that it is an identifier of "who", but the draft in question
does not seem to deal with the nature of the "where" part of a
notional 8+8 address. That is, if some set of bits uniquely
identify an always-on residential computer (or some other device
fixed in the topology), the randomization of the lower 8 bytes
as in §3.2.1 of draft-ietf-ipng-addrconf-privacy-04.txt
does not really help, since only one device anywhere will
be using the pattern in that host's top 64 bits.
Three obvious approaches come to mind: change one's relationship
to the global topology using virtual connections (i.e., tunneling),
change the entire topology's numbering (i.e., global DHCP-like
address leasing even for the biggest ISPs) or use 1:1 NAT at network
boundaries, such that a block of N addresses is directly translated
into an equal-sized block of N addresses expressed with a different
bit pattern. All of these effectively divorce the topological
address from the identity, in the sense that getpeername(2) might
return two distinct results, viz. where (from the packet header)
or who (from some other protocol). All three also break the
permanence or globalness or both of an IPv6 address to host mapping.
I will say however that I concur with the comment in §4 ibid., "The
desires of protecting individual privacy vs. the desire to effectively
maintain and debug a network can conflict with each other." It will
be interesting to see how the IPv6 architecture will evolve now
that these issues are being given more attention, given that some
architectures will have greater conflict than others.
Sean.
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- The Internet and the Law, the Economist, 13-19 January 2001, Sean Doran
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Sean Doran
- Re: The Internet and the Law, the Economist, 13-19 January 2001,
Charles E. Perkins <=
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Keith Moore
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Brian E Carpenter
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Perry E. Metzger
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Greg Minshall
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Marc Horowitz
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Garrett Wollman
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Jon Crowcroft
- Re: The Internet and the Law, the Economist, 13-19 January 2001, Brian E Carpenter
|
Previous by Date: |
Re: The Internet and the Law, the Economist, 13-19 January 2001, Steven M. Bellovin |
Next by Date: |
RE: The Internet and the Law, the Economist, 13-19 January 2001, Christian Huitema |
Previous by Thread: |
Re: The Internet and the Law, the Economist, 13-19 January 2001, Sean Doran |
Next by Thread: |
Re: The Internet and the Law, the Economist, 13-19 January 2001, Francis Dupont |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|