Security and Privacy Considerations for IPv6 Address Generation Mechanisms
draft-ietf-6man-ipv6-address-generation-privacy-08
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2016-01-29
|
08 | Jean Mahoney | Closed request for Last Call review by GENART with state 'No Response' |
2016-01-04
|
08 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2015-12-04
|
08 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2015-11-25
|
08 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2015-10-14
|
08 | (System) | Notify list changed from draft-ietf-6man-ipv6-address-generation-privacy.shepherd@ietf.org, otroan@employees.org, draft-ietf-6man-ipv6-address-generation-privacy.ad@ietf.org, draft-ietf-6man-ipv6-address-generation-privacy@ietf.org, 6man-chairs@ietf.org to (None) |
2015-09-28
|
08 | (System) | RFC Editor state changed to EDIT |
2015-09-28
|
08 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2015-09-28
|
08 | (System) | Announcement was received by RFC Editor |
2015-09-28
|
08 | (System) | IANA Action state changed to No IC from In Progress |
2015-09-28
|
08 | (System) | IANA Action state changed to In Progress |
2015-09-28
|
08 | Amy Vezza | IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup |
2015-09-28
|
08 | Amy Vezza | IESG has approved the document |
2015-09-28
|
08 | Amy Vezza | Closed "Approve" ballot |
2015-09-24
|
08 | Brian Haberman | Ballot writeup was changed |
2015-09-24
|
08 | Brian Haberman | Ballot approval text was generated |
2015-09-23
|
08 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2015-09-23
|
08 | Fernando Gont | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2015-09-23
|
08 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-08.txt |
2015-08-13
|
07 | Brian Haberman | IESG state changed to Approved-announcement to be sent::Revised I-D Needed from Approved-announcement to be sent::Point Raised - writeup needed |
2015-08-06
|
07 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2015-08-06
|
07 | Cindy Morgan | Changed consensus to Yes from Unknown |
2015-08-06
|
07 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Donald Eastlake. |
2015-08-06
|
07 | Benoît Claise | [Ballot comment] Thanks for this (analysis in) this document and also the section 5.1 "network operation". I like table 1 very much. - Fine with … [Ballot comment] Thanks for this (analysis in) this document and also the section 5.1 "network operation". I like table 1 very much. - Fine with the new proposal for the text below (I had the same remark): o Manual configuration * IPv4 address * Service port * Wordy * Low-byte - DHT = Distributed Hash Table, I guess - Section 3, "The first three of these rely on the attacker first gaining knowledge of the target host's IID." Host's IID? Which one is this from the terminology section, the constant IDD, the stable IID, or the temporary IID? I guess, all of them depending on the use case, right? Please make it clear. Alternatively, you might to add a "host IDD" definition, , or "IID": a generic term for constant IDD, the stable IID, and the temporary IID. I'm after some terms consistency here. I see some other instances, such as: "host's interface identifier", "host's IIDs" |
2015-08-06
|
07 | Benoît Claise | Ballot comment text updated for Benoit Claise |
2015-08-06
|
07 | Benoît Claise | [Ballot comment] Thanks for this (analysis in) this document and also the section 5.1 "network operation". I like table 1 very much. - Fine with … [Ballot comment] Thanks for this (analysis in) this document and also the section 5.1 "network operation". I like table 1 very much. - Fine with the new proposal for the text below (I had the same remark): o Manual configuration * IPv4 address * Service port * Wordy * Low-byte - DHT = Distributed Hash Table, I guess - Section 3, "The first three of these rely on the attacker first gaining knowledge of the target host's IID." Host's IID? Which one is this from the terminology section, the constant IDD, the stable IID, or the temporary IID? I guess, all of them depending on the use case, right? Please make it clear. I see some other instances, such as: "host's interface identifier", "host's IIDs" Alternatively, you might to add a "host IDD" definition, , or "IID": a generic term for constant IDD, the stable IID, and the temporary IID. I'm after some consistency. - Any final recommendation? |
2015-08-06
|
07 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2015-08-05
|
07 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2015-08-05
|
07 | Terry Manderson | [Ballot comment] Well constructed document - Thanks! No action for the authors or shepherd here: so in answer to Barry's question. I think this document … [Ballot comment] Well constructed document - Thanks! No action for the authors or shepherd here: so in answer to Barry's question. I think this document is able to stand on its own feet as informational - it doesn't need (in my opinion) to be classified as a BCP to add gravitas. The approach in the document stands as informational but the clear language and coverage of mechanisms and the resulting tradeoffs provide its own weight. |
2015-08-05
|
07 | Terry Manderson | [Ballot Position Update] New position, Yes, has been recorded for Terry Manderson |
2015-08-05
|
07 | Alia Atlas | [Ballot comment] Thanks for the informative and well-written work. |
2015-08-05
|
07 | Alia Atlas | [Ballot Position Update] New position, Yes, has been recorded for Alia Atlas |
2015-08-05
|
07 | Ben Campbell | [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell |
2015-08-05
|
07 | Deborah Brungard | [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard |
2015-08-05
|
07 | Stephen Farrell | [Ballot comment] - general: I really like this document but wonder about how complete it is (or can be). For example, I think there's very … [Ballot comment] - general: I really like this document but wonder about how complete it is (or can be). For example, I think there's very little here on transition mechanism consequences, and no mention at all of the privacy trade offs between CGN and IPv6 addressing. I do think it's a good thing to publish this now though, but it might also be nice to see if we can get it udpated sometime in future. (Which'd argue that maybe we should have a standards track thing like this that recommends what to do when one cares about privacy in different contexts, but I'm not asking we go there now.) - section 1: I'm surprised only A+P gets onto the list here - aren't there more worthy of mention? I hope you can extend this list to include the most commonly used of those. - section 2: I'd not have thought of a SIP proxy as a place to which I'd publish addresses - might be nice (no more) to add a reference that explains that? - section 2: the definitions are probably ok, but they don't really specify disjoint sets of things, e.g. for the stable vs. temporary IID some things will fit both definitions, which seems a bit odd. However, I'm not sure that being much more precise is worthwhile. - section 3: If an addr with an IID like that is used in an ACL (e.g. on a router/switch) that can also be bad if the device moves now and then. (Since anyone can fake 'em.) - section 3: The ways in which a bad actor can gain knowledge are worse than stated - if the IID is broadcast from a handset whilst wandering about, which is what happens a lot! - section 3: Would it be a good idea to try scare the reader a bit via a reference to the Canadian govt story about tracking everyone going throught Toronto airport? I'm not sure readers of this will otherwise get the full import otherwise. - Table 1: I don't agree with some of your "no" statements. I think what you mean by "no" is really "not solely based on wire protocols" or somesuch, e.g. with DHCP the servers can assist with location tracking based on client ID or layer 2 information. I think you should clarify what "no" means here to not give a slightly wrong impression. - Table 1: What logic was used to determine how many rows to include here? Actually all of section 4 seems overly focused on IIDs. - 4.8: I'm surprised there's so little to be said here. |
2015-08-05
|
07 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2015-08-04
|
07 | Kathleen Moriarty | [Ballot comment] Nice work on this draft! |
2015-08-04
|
07 | Kathleen Moriarty | [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty |
2015-08-04
|
07 | Spencer Dawkins | [Ballot comment] A nit, and a compliment in the form of a question for the IESG ... The nit: The term "low byte" doesn't have … [Ballot comment] A nit, and a compliment in the form of a question for the IESG ... The nit: The term "low byte" doesn't have a reference on first use in Section 4.2, and doesn't appear in the terminology section. I think I understand the point this text is making: The extent to which location tracking can be successfully performed depends, to a some extent, on the uniqueness of the employed Interface ID. For example, one would expect "low byte" Interface IDs ^^^^^^^^^^ to be more widely reused than, for example, Interface IDs where the whole 64-bits follow some pattern that is unique to a specific organization. Widely reused Interface IDs will typically lead to false positives when performing location tracking. but I'm guessing, and the point seems important enough to justify clarity. Could you add "low byte" to the terminology section, unless it's a term of art all your readers will understand? The following text was helpful to me in guessing what "low byte" means, On the other hand, some DHCPv6 software leases sequential addresses (typically low-byte addresses). These addresses can be considered to be stable addresses. The drawback of this address generation scheme compared to "stable, semantically opaque" addresses is that, since they follow specific patterns, they enable IPv6 address scans. but it didn't appear until Section 4.8. Authors and 6man working group, please take what follows as a compliment - no action required on your part, I think. For the IESG - I wonder if this document could be published as something more than Informational. It's important, relevant, useful, and clearly written. Maybe it doesn't quite fit being published as a BCP. Maybe it doesn't quite fit being published as an Applicability Statement (https://tools.ietf.org/html/rfc2026#section-3.2). The response to the first question in the shepherd writeup didn't explain why Informational was the proper intended RFC status, so I thought I should ask here. Maybe it has enough gravitas as is. But I'd also ballot Yes for either BCP or AS. |
2015-08-04
|
07 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
2015-08-02
|
07 | Alvaro Retana | [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana |
2015-07-31
|
07 | Alissa Cooper | [Ballot Position Update] New position, Recuse, has been recorded for Alissa Cooper |
2015-07-29
|
07 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2015-07-20
|
07 | Brian Haberman | IESG state changed to IESG Evaluation from Waiting for Writeup |
2015-07-20
|
07 | Brian Haberman | Placed on agenda for telechat - 2015-08-06 |
2015-07-20
|
07 | Brian Haberman | Ballot has been issued |
2015-07-20
|
07 | Brian Haberman | [Ballot Position Update] New position, Yes, has been recorded for Brian Haberman |
2015-07-20
|
07 | Brian Haberman | Created "Approve" ballot |
2015-07-20
|
07 | Brian Haberman | Ballot writeup was changed |
2015-07-13
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Qin Wu. |
2015-07-13
|
07 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
2015-07-10
|
07 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2015-07-10
|
07 | Pearl Liang | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-ipv6-address-generation-privacy-07, which is currently in Last Call, and has the following comments: We understand that, upon … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-6man-ipv6-address-generation-privacy-07, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object. If this assessment is not accurate, please respond as soon as possible. |
2015-07-02
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2015-07-02
|
07 | Jean Mahoney | Request for Last Call review by GENART is assigned to Roni Even |
2015-07-02
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Donald Eastlake |
2015-07-02
|
07 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Donald Eastlake |
2015-06-30
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Qin Wu |
2015-06-30
|
07 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Qin Wu |
2015-06-29
|
07 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2015-06-29
|
07 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Privacy Considerations for IPv6 Address … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Privacy Considerations for IPv6 Address Generation Mechanisms) to Informational RFC The IESG has received a request from the IPv6 Maintenance WG (6man) to consider the following document: - 'Privacy Considerations for IPv6 Address Generation Mechanisms' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2015-07-13. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document discusses privacy and security considerations for several IPv6 address generation mechanisms, both standardized and non-standardized. It evaluates how different mechanisms mitigate different threats and the trade-offs that implementors, developers, and users face in choosing different addresses or address generation mechanisms. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-address-generation-privacy/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-address-generation-privacy/ballot/ No IPR declarations have been submitted directly on this I-D. |
2015-06-29
|
07 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
2015-06-29
|
07 | Brian Haberman | Last call was requested |
2015-06-29
|
07 | Brian Haberman | Last call announcement was generated |
2015-06-29
|
07 | Brian Haberman | Ballot approval text was generated |
2015-06-29
|
07 | Brian Haberman | Ballot writeup was generated |
2015-06-29
|
07 | Brian Haberman | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2015-06-26
|
07 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-07.txt |
2015-06-25
|
06 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2015-06-25
|
06 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-06.txt |
2015-06-23
|
05 | Brian Haberman | IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation |
2015-06-23
|
05 | Brian Haberman | Notification list changed to draft-ietf-6man-ipv6-address-generation-privacy.shepherd@ietf.org, otroan@employees.org, draft-ietf-6man-ipv6-address-generation-privacy.ad@ietf.org, draft-ietf-6man-ipv6-address-generation-privacy@ietf.org, 6man-chairs@ietf.org from "Ole Troan" <otroan@employees.org> |
2015-06-19
|
05 | Brian Haberman | IESG state changed to AD Evaluation from Publication Requested |
2015-06-18
|
05 | Ole Trøan | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Informational document. The type is indicated on the title page. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary This document discusses privacy and security considerations for several IPv6 address generation mechanisms, both standardized and non-standardized. It evaluates how different mechanisms mitigate different threats and the trade-offs that implementors, developers, and users face in choosing different addresses or address generation mechanisms. Working Group Summary The initial revision of this work was published in July 2013. There is a strong consensus in support of this document. Document Quality The 6man working group appoints reviewers for all documents being advanced to the IESG. This document has been reviewed in detail by 6man reviewers, and it has had extensive discussion on the mailing list. Personnel Document Shepherd: Ole Troan Responsible Area Director: Brian Haberman (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document has been reviewed by the 6man chairs, ID nits have been checked, as well as by the appointed 6man reviewers. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. The Document Shepherd has no issues with this document. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why. Yes. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? Strong consensus. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No appeal or discontent registered. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. No nits. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No formal reviews required. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? No. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. None. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No. Not directly. While the material here is used as justification for changing the default interface-id and for the work on mechanisms with a higher level of privacy. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). I can confirm all points. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. There are no formal language in this document. |
2015-06-18
|
05 | Ole Trøan | Responsible AD changed to Brian Haberman |
2015-06-18
|
05 | Ole Trøan | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2015-06-18
|
05 | Ole Trøan | IESG state changed to Publication Requested |
2015-06-18
|
05 | Ole Trøan | IESG process started in state Publication Requested |
2015-06-18
|
05 | Ole Trøan | Changed document writeup |
2015-04-27
|
05 | Ole Trøan | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2015-04-27
|
05 | Ole Trøan | IETF WG state changed to WG Consensus: Waiting for Write-Up from Waiting for WG Chair Go-Ahead |
2015-04-27
|
05 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-05.txt |
2015-02-23
|
04 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-04.txt |
2015-02-19
|
03 | Ole Trøan | Notification list changed to "Ole Troan" <otroan@employees.org> |
2015-02-19
|
03 | Ole Trøan | Document shepherd changed to Ole Troan |
2015-02-19
|
03 | Ole Trøan | Intended Status changed to Informational from None |
2015-01-15
|
03 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-03.txt |
2015-01-09
|
02 | Ole Trøan | Tag Revised I-D Needed - Issue raised by WGLC set. Tag Revised I-D Needed - Issue raised by WG cleared. |
2015-01-09
|
02 | Ole Trøan | Tag Revised I-D Needed - Issue raised by WG set. |
2015-01-09
|
02 | Ole Trøan | IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call |
2014-12-07
|
02 | Bob Hinden | Tag Revised I-D Needed - Issue raised by WG cleared. |
2014-12-07
|
02 | Bob Hinden | IETF WG state changed to In WG Last Call from WG Document |
2014-10-10
|
02 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-02.txt |
2014-08-04
|
01 | Ole Trøan | Tag Revised I-D Needed - Issue raised by WG set. |
2014-02-14
|
01 | Alissa Cooper | New version available: draft-ietf-6man-ipv6-address-generation-privacy-01.txt |
2013-12-02
|
00 | Ted Lemon | This document now replaces draft-cooper-6man-ipv6-address-generation-privacy instead of None |
2013-10-16
|
00 | Fernando Gont | New version available: draft-ietf-6man-ipv6-address-generation-privacy-00.txt |