Hi Doug,
We have local source address selection mechanisms in recent Windows
versions that use randomized IIDs on outbound connections today. This
doesn't prevent exposure of the information regarding the internal
network structure, but nor do firewalls at publically addressed IPv4
institutions today.
This has been covered many times, but once more (with feeling) ...
The problem that 4941 is designed to fix is to avoid being able to
track the same user on *different* networks. This is possible because
by default the host portion of the address remains constant, and
theoretically globally unique.
Privacy for a user that is always connecting through the same network
is a whole different basket of bagels.
We have not had carrier NAT solutions until walled gardens came in with 3G
networks, and now people are mooting CGNs, but I have not seen many in general
use for access networks.
Up until now, we have migrated addresses when a new PDP-Context, PPP
(Dialup/xDSL) or DHCP Lease has been supplied. In IPv4, the session uniquely
identifies/identified the session and links to the user during that interval.
The same is true for IPv6, except that IPv6 defaulted to MAC based IIDs. With
4941, the same Layer 2 identity is removed, and we have the same circumstances
with IPv4 and IPv6.
So CGNs for IPv4 are an answer to a new question that you pose where the
implicit assumption is that it is insufficient to maintain address
unlinkability between different PDP-Context/PPP/DHCP sessions.
Given that we have good local addressing mechanisms in IPv6 (ULA, Link-local)
and automatic global prefix configuration mechanisms (SAA/RA/DHCPv6/DHCPv6-PD),
I would like to know: What are the advantages of CGNs for IPv6 and does the
cost to application development justify the change?
Sincerely,
Greg Daley
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf