dynamic or static IPv6 prefixes to residential customers

Jay Ashworth jra at baylink.com
Wed Aug 3 17:53:11 UTC 2011


----- Original Message -----
> From: "Owen DeLong" <owen at delong.com>

> On Aug 3, 2011, at 6:55 AM, Jay Ashworth wrote:
> > You guys aren't *near* paranoid enough. :-)
> >
> > If the ISP
> >
> > a) Assigns dynamic addresses to customers, and
> > b) changes those IPs on a relatively short scale (days)
> >
> > then
> >
> > c) outside parties *who are not the ISP or an LEO* will have a
> > relatively harder time tying together two visits solely by the IP
> > address.
> 
> ROFL... Yeah, right... Because the MAC suffix won't do anything.

Did I mention I haven't implemented v6 yet? :-)

*Really*?  It bakes the endpoint MAC into the IP?  Well, that's miserably
poor architecture design.

> > While this isn't "privacy", per se, that "making harder" is at least
> > somewhat useful to a client in reducing the odds that such
> > non-ISP/LEO
> > parties will be unable to tie their visits, assuming they've
> > controlled
> > the items they *can* control (cookies, flash cookies, etc).
> 
> Which is something, what, 1% of people probably even know how to do,
> let alone practice on a regular basis.

Yup; let's go out of our way to penalize the smart people; that's a 
*great* plan; I so enjoy it when people do it -- and they do it *far*
too often for my tastes.

> > Imperfect security != no security, *as long as you know where the
> > holes are*.
> 
> If people want this, they can use RFC-4193 to just about the same
> effect. The ISP modifying the prefix regularly simply doesn't do much.

I'll make a note of it.

Cheers,
-- jra
-- 
Jay R. Ashworth                  Baylink                       jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land Rover DII
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274




More information about the NANOG mailing list