ietf
[Top] [All Lists]

Re: Netfilter (Linux) Does IPv6 NAT

2011-12-05 20:30:15
Greg Daley wrote:

The assumption that information is present only within the IP address
is erroneous.
This has been studied for mobile IPv6 users as well,
and there is information leakage up and down the stack.

Your reasoning is obviously flawed.

Having a temporary dynamic IP address assigned will not prevent any
negligent or privacy-ignorant protocols and apps higher up the stack
to reveal identifying information about you.

But _without_ a temporary dynamic IP address, each and every of your
network communcation will be 100% identifyable as you for everybody that
can oberserve you IP datagrams floating by, even when you're using IPSEC.



We have local source address selection mechanisms in recent Windows
versions that use randomized IIDs on outbound connections today.
This doesn't prevent exposure of the information regarding the
internal network structure, but nor do firewalls at publically
addressed IPv4 institutions today.

I fail to understand what you mean by "randomized IIDs".
What you need is a temporary network address randomized by you ISP
so that your address blends within the entire customer base
of that ISP.



Putting NATs on the path just causes the device inside the network
to be unaware of its presented addresses, which means that it will
impede peer-to-peer communications, as it cannot even describe its
available services without external information services.

Asking your border router for the temporary external IP-Address is
trivial compared to performing a secure DNS lookup.



This is the awful situation in IPv4 today:  Address scarcity
is not the problem, addressability is the problem.

It is a problem for which solutions exists or can be built with
moderate effort.  Privacy is a much more serious problem today,
and without temporary dynamic addresses assigned by the ISP
privacy can no longer exist.


-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf