Skip to main content

Security and Privacy Considerations for IPv6 Address Generation Mechanisms
draft-ietf-6man-ipv6-address-generation-privacy-08

Revision differences

Document history

Date Rev. By Action
2016-01-29
08 Jean Mahoney Closed request for Last Call review by GENART with state 'No Response'
2016-01-04
08 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2015-12-04
08 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2015-11-25
08 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2015-10-14
08 (System) Notify list changed from draft-ietf-6man-ipv6-address-generation-privacy.shepherd@ietf.org, otroan@employees.org, draft-ietf-6man-ipv6-address-generation-privacy.ad@ietf.org, draft-ietf-6man-ipv6-address-generation-privacy@ietf.org, 6man-chairs@ietf.org to (None)
2015-09-28
08 (System) RFC Editor state changed to EDIT
2015-09-28
08 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2015-09-28
08 (System) Announcement was received by RFC Editor
2015-09-28
08 (System) IANA Action state changed to No IC from In Progress
2015-09-28
08 (System) IANA Action state changed to In Progress
2015-09-28
08 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent::AD Followup
2015-09-28
08 Amy Vezza IESG has approved the document
2015-09-28
08 Amy Vezza Closed "Approve" ballot
2015-09-24
08 Brian Haberman Ballot writeup was changed
2015-09-24
08 Brian Haberman Ballot approval text was generated
2015-09-23
08 (System) Sub state has been changed to AD Followup from Revised ID Needed
2015-09-23
08 Fernando Gont IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2015-09-23
08 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-08.txt
2015-08-13
07 Brian Haberman IESG state changed to Approved-announcement to be sent::Revised I-D Needed from Approved-announcement to be sent::Point Raised - writeup needed
2015-08-06
07 Cindy Morgan IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation
2015-08-06
07 Cindy Morgan Changed consensus to Yes from Unknown
2015-08-06
07 Tero Kivinen Request for Last Call review by SECDIR Completed: Has Nits. Reviewer: Donald Eastlake.
2015-08-06
07 Benoît Claise
[Ballot comment]
Thanks for this (analysis in) this document and also the section 5.1 "network operation".
I like table 1 very much.

- Fine with …
[Ballot comment]
Thanks for this (analysis in) this document and also the section 5.1 "network operation".
I like table 1 very much.

- Fine with the new proposal for the text below (I had the same remark):

o  Manual configuration

      *  IPv4 address

      *  Service port

      *  Wordy

      *  Low-byte



- DHT = Distributed Hash Table, I guess

- Section 3, "The first three of these rely on the
  attacker first gaining knowledge of the target host's IID."

Host's IID? Which one is this from the terminology section, the constant IDD, the stable IID, or the temporary IID?
I guess, all of them depending on the use case, right? Please make it clear.
Alternatively, you might to add a "host IDD" definition, , or "IID": a generic term for constant IDD, the stable IID, and the temporary IID.
I'm after some terms consistency here. I see some other instances, such as: "host's interface identifier", "host's IIDs"
2015-08-06
07 Benoît Claise Ballot comment text updated for Benoit Claise
2015-08-06
07 Benoît Claise
[Ballot comment]
Thanks for this (analysis in) this document and also the section 5.1 "network operation".
I like table 1 very much.

- Fine with …
[Ballot comment]
Thanks for this (analysis in) this document and also the section 5.1 "network operation".
I like table 1 very much.

- Fine with the new proposal for the text below (I had the same remark):

o  Manual configuration

      *  IPv4 address

      *  Service port

      *  Wordy

      *  Low-byte



- DHT = Distributed Hash Table, I guess

- Section 3, "The first three of these rely on the
  attacker first gaining knowledge of the target host's IID."

Host's IID? Which one is this from the terminology section, the constant IDD, the stable IID, or the temporary IID?
I guess, all of them depending on the use case, right? Please make it clear.
I see some other instances, such as: "host's interface identifier", "host's IIDs"
Alternatively, you might to add a "host IDD" definition, , or "IID": a generic term for constant IDD, the stable IID, and the temporary IID.
I'm after some consistency.

- Any final recommendation?
2015-08-06
07 Benoît Claise [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise
2015-08-05
07 Joel Jaeggli [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli
2015-08-05
07 Terry Manderson
[Ballot comment]
Well constructed document - Thanks!

No action for the authors or shepherd here: so in answer to Barry's question. I think this document …
[Ballot comment]
Well constructed document - Thanks!

No action for the authors or shepherd here: so in answer to Barry's question. I think this document is able to stand on its own feet as informational - it doesn't need (in my opinion) to be classified as a BCP to add gravitas. The approach in the document stands as informational but the clear language and coverage of mechanisms and the resulting tradeoffs provide its own weight.
2015-08-05
07 Terry Manderson [Ballot Position Update] New position, Yes, has been recorded for Terry Manderson
2015-08-05
07 Alia Atlas [Ballot comment]
Thanks for the informative and well-written work.
2015-08-05
07 Alia Atlas [Ballot Position Update] New position, Yes, has been recorded for Alia Atlas
2015-08-05
07 Ben Campbell [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell
2015-08-05
07 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2015-08-05
07 Stephen Farrell
[Ballot comment]

- general: I really like this document but wonder about
how complete it is (or can be). For example, I think
there's very …
[Ballot comment]

- general: I really like this document but wonder about
how complete it is (or can be). For example, I think
there's very little here on transition mechanism
consequences, and no mention at all of the privacy trade
offs between CGN and IPv6 addressing. I do think it's a
good thing to publish this now though, but it might also
be nice to see if we can get it udpated sometime in
future. (Which'd argue that maybe we should have a
standards track thing like this that recommends what to
do when one cares about privacy in different contexts,
but I'm not asking we go there now.)

- section 1: I'm surprised only A+P gets onto the list
here - aren't there more worthy of mention? I hope you
can extend this list to include the most commonly used
of those.

- section 2: I'd not have thought of a SIP proxy as a
place to which I'd publish addresses - might be nice (no
more) to add a reference that explains that?

- section 2: the definitions are probably ok, but they
don't really specify disjoint sets of things, e.g.  for
the stable vs. temporary IID some things will fit both
definitions, which seems a bit odd. However, I'm not
sure that being much more precise is worthwhile.

- section 3: If an addr with an IID like that is used in
an ACL (e.g. on a router/switch) that can also be bad if
the device moves now and then. (Since anyone can fake
'em.)

- section 3: The ways in which a bad actor can gain
knowledge are worse than stated - if the IID is broadcast
from a handset whilst wandering about, which is what
happens a lot!

- section 3: Would it be a good idea to try scare the
reader a bit via a reference to the Canadian govt story
about tracking everyone going throught Toronto airport?
I'm not sure readers of this will otherwise get the full
import otherwise.

- Table 1: I don't agree with some of your "no"
statements. I think what you mean by "no" is really "not
solely based on wire protocols" or somesuch, e.g. with
DHCP the servers can assist with location tracking based
on client ID or layer 2 information. I think you should
clarify what "no" means here to not give a slightly
wrong impression.

- Table 1: What logic was used to determine how many
rows to include here? Actually all of section 4 seems
overly focused on IIDs.

- 4.8: I'm surprised there's so little to be said here.
2015-08-05
07 Stephen Farrell [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell
2015-08-04
07 Kathleen Moriarty [Ballot comment]
Nice work on this draft!
2015-08-04
07 Kathleen Moriarty [Ballot Position Update] New position, Yes, has been recorded for Kathleen Moriarty
2015-08-04
07 Spencer Dawkins
[Ballot comment]
A nit, and a compliment in the form of a question for the IESG ...

The nit: The term "low byte" doesn't have …
[Ballot comment]
A nit, and a compliment in the form of a question for the IESG ...

The nit: The term "low byte" doesn't have a reference on first use in Section 4.2, and doesn't appear in the terminology section. I think I understand the point this text is making:
 
  The extent to which location tracking can be successfully performed
  depends, to a some extent, on the uniqueness of the employed
  Interface ID.  For example, one would expect "low byte" Interface IDs
                                                ^^^^^^^^^^
  to be more widely reused than, for example, Interface IDs where the
  whole 64-bits follow some pattern that is unique to a specific
  organization.  Widely reused Interface IDs will typically lead to
  false positives when performing location tracking.
 
but I'm guessing, and the point seems important enough to justify clarity. Could you add "low byte" to the terminology section, unless it's a term of art all your readers will understand?

The following text was helpful to me in guessing what "low byte" means,

  On the other hand, some DHCPv6 software leases sequential addresses
  (typically low-byte addresses).  These addresses can be considered to
  be stable addresses.  The drawback of this address generation scheme
  compared to "stable, semantically opaque" addresses is that, since
  they follow specific patterns, they enable IPv6 address scans.

but it didn't appear until Section 4.8.

Authors and 6man working group, please take what follows as a compliment - no action required on your part, I think.

For the IESG - I wonder if this document could be published as something more than Informational. It's important, relevant, useful, and clearly written. Maybe it doesn't quite fit being published as a BCP. Maybe it doesn't quite fit being published as an Applicability Statement (https://tools.ietf.org/html/rfc2026#section-3.2). The response to the first question in the shepherd writeup didn't explain why Informational was the proper intended RFC status, so I thought I should ask here.

Maybe it has enough gravitas as is.

But I'd also ballot Yes for either BCP or AS.
2015-08-04
07 Spencer Dawkins [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins
2015-08-02
07 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2015-07-31
07 Alissa Cooper [Ballot Position Update] New position, Recuse, has been recorded for Alissa Cooper
2015-07-29
07 Barry Leiba [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba
2015-07-20
07 Brian Haberman IESG state changed to IESG Evaluation from Waiting for Writeup
2015-07-20
07 Brian Haberman Placed on agenda for telechat - 2015-08-06
2015-07-20
07 Brian Haberman Ballot has been issued
2015-07-20
07 Brian Haberman [Ballot Position Update] New position, Yes, has been recorded for Brian Haberman
2015-07-20
07 Brian Haberman Created "Approve" ballot
2015-07-20
07 Brian Haberman Ballot writeup was changed
2015-07-13
07 Gunter Van de Velde Request for Last Call review by OPSDIR Completed: Has Nits. Reviewer: Qin Wu.
2015-07-13
07 (System) IESG state changed to Waiting for Writeup from In Last Call
2015-07-10
07 (System) IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed
2015-07-10
07 Pearl Liang
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-6man-ipv6-address-generation-privacy-07, which is currently in Last Call, and has the following comments:

We understand that, upon …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

IANA has reviewed draft-ietf-6man-ipv6-address-generation-privacy-07, which is currently in Last Call, and has the following comments:

We understand that, upon approval of this document, there are no IANA Actions that need completion.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, IANA does not object.

If this assessment is not accurate, please respond as soon as possible.
2015-07-02
07 Jean Mahoney Request for Last Call review by GENART is assigned to Roni Even
2015-07-02
07 Jean Mahoney Request for Last Call review by GENART is assigned to Roni Even
2015-07-02
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Donald Eastlake
2015-07-02
07 Tero Kivinen Request for Last Call review by SECDIR is assigned to Donald Eastlake
2015-06-30
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Qin Wu
2015-06-30
07 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Qin Wu
2015-06-29
07 Amy Vezza IANA Review state changed to IANA - Review Needed
2015-06-29
07 Amy Vezza
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Privacy Considerations for IPv6 Address …
The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC:
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Privacy Considerations for IPv6 Address Generation Mechanisms) to Informational RFC


The IESG has received a request from the IPv6 Maintenance WG (6man) to
consider the following document:
- 'Privacy Considerations for IPv6 Address Generation Mechanisms'
  as
Informational RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2015-07-13. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  This document discusses privacy and security considerations for
  several IPv6 address generation mechanisms, both standardized and
  non-standardized.  It evaluates how different mechanisms mitigate
  different threats and the trade-offs that implementors, developers,
  and users face in choosing different addresses or address generation
  mechanisms.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-address-generation-privacy/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-6man-ipv6-address-generation-privacy/ballot/


No IPR declarations have been submitted directly on this I-D.


2015-06-29
07 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2015-06-29
07 Brian Haberman Last call was requested
2015-06-29
07 Brian Haberman Last call announcement was generated
2015-06-29
07 Brian Haberman Ballot approval text was generated
2015-06-29
07 Brian Haberman Ballot writeup was generated
2015-06-29
07 Brian Haberman IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2015-06-26
07 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-07.txt
2015-06-25
06 (System) Sub state has been changed to AD Followup from Revised ID Needed
2015-06-25
06 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-06.txt
2015-06-23
05 Brian Haberman IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2015-06-23
05 Brian Haberman Notification list changed to draft-ietf-6man-ipv6-address-generation-privacy.shepherd@ietf.org, otroan@employees.org, draft-ietf-6man-ipv6-address-generation-privacy.ad@ietf.org, draft-ietf-6man-ipv6-address-generation-privacy@ietf.org, 6man-chairs@ietf.org from "Ole Troan" <otroan@employees.org>
2015-06-19
05 Brian Haberman IESG state changed to AD Evaluation from Publication Requested
2015-06-18
05 Ole Trøan
(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  …
(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

  Informational document. The type is indicated on the title page.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  This document discusses privacy and security considerations for
  several IPv6 address generation mechanisms, both standardized and
  non-standardized.  It evaluates how different mechanisms mitigate
  different threats and the trade-offs that implementors, developers,
  and users face in choosing different addresses or address generation
  mechanisms.

Working Group Summary

  The initial revision of this work was published in July 2013. There
  is a strong consensus in support of this document.

Document Quality

  The 6man working group appoints reviewers for all documents being
  advanced to the IESG. This document has been reviewed in detail by
  6man reviewers, and it has had extensive discussion on the mailing
  list.
 
Personnel

  Document Shepherd: Ole Troan
  Responsible Area Director: Brian Haberman

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  The document has been reviewed by the 6man chairs, ID nits have been
  checked, as well as by the appointed 6man reviewers.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed? 

  No.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  No.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.
 
  The Document Shepherd has no issues with this document.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Yes.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  No.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  Strong consensus.

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No appeal or discontent registered.

(11) Identify any ID nits the Document Shepherd has found in this
document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

No nits.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  No formal reviews required.

(13) Have all references within this document been identified as
either normative or informative?

  Yes.

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  No.

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  None.

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  No. Not directly. While the material here is used as justification
  for changing the default interface-id and for the work on mechanisms
  with a higher level of privacy.

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  I can confirm all points.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  None.

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  There are no formal language in this document.
2015-06-18
05 Ole Trøan Responsible AD changed to Brian Haberman
2015-06-18
05 Ole Trøan IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2015-06-18
05 Ole Trøan IESG state changed to Publication Requested
2015-06-18
05 Ole Trøan IESG process started in state Publication Requested
2015-06-18
05 Ole Trøan Changed document writeup
2015-04-27
05 Ole Trøan Tag Revised I-D Needed - Issue raised by WGLC cleared.
2015-04-27
05 Ole Trøan IETF WG state changed to WG Consensus: Waiting for Write-Up from Waiting for WG Chair Go-Ahead
2015-04-27
05 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-05.txt
2015-02-23
04 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-04.txt
2015-02-19
03 Ole Trøan Notification list changed to "Ole Troan" <otroan@employees.org>
2015-02-19
03 Ole Trøan Document shepherd changed to Ole Troan
2015-02-19
03 Ole Trøan Intended Status changed to Informational from None
2015-01-15
03 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-03.txt
2015-01-09
02 Ole Trøan Tag Revised I-D Needed - Issue raised by WGLC set. Tag Revised I-D Needed - Issue raised by WG cleared.
2015-01-09
02 Ole Trøan Tag Revised I-D Needed - Issue raised by WG set.
2015-01-09
02 Ole Trøan IETF WG state changed to Waiting for WG Chair Go-Ahead from In WG Last Call
2014-12-07
02 Bob Hinden Tag Revised I-D Needed - Issue raised by WG cleared.
2014-12-07
02 Bob Hinden IETF WG state changed to In WG Last Call from WG Document
2014-10-10
02 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-02.txt
2014-08-04
01 Ole Trøan Tag Revised I-D Needed - Issue raised by WG set.
2014-02-14
01 Alissa Cooper New version available: draft-ietf-6man-ipv6-address-generation-privacy-01.txt
2013-12-02
00 Ted Lemon This document now replaces draft-cooper-6man-ipv6-address-generation-privacy instead of None
2013-10-16
00 Fernando Gont New version available: draft-ietf-6man-ipv6-address-generation-privacy-00.txt