[LINK] IPv6 vs. Human Security [Was Re: smartphone privacy problems]

Roger Clarke Roger.Clarke at xamax.com.au
Mon Jan 31 09:00:59 AEDT 2011 

Very clear and helpful, thanks Karl.

But what you're saying is that IETF engineers are guilty as charged:
>What IPv6 does, *but only with autoconfigured addresses*, is to make
>your MAC address public.

The default destroys the separation between identifier and address 
that was inherent in IPv4.

By default, an IPv6-connected device is recognisable nomatter where 
on the net it may connect.

That's highly insecure.  (I'm talking about the security of humans 
here, rather than of computers or data).

Spook agencies may have the expertise to protect their operatives, 
but what about unpaid spies, whistleblowers, and freedom-fighters in 
most of the world's countries?  See 
http://www.rogerclarke.com/DV/Dissidentity.html.

The onus has been placed on users to:
-   realise that this has been imposed on them
-   go looking for information
-   learn enough to make sense of the information
-   work out what to do on their devices to override the default
-   do it
-   remember that this workaround is safety-critical
-   sustain it across generations of software and hardware

So the world's users have been forced to get under the bonnet, 
because of the utter social irresponsibility of IETF engineers.

What's more, it's easy for nation-states to criminalise the 
obfuscation of IPv6 MAC-addresses.  So IPv6 is, by design, a weapon 
for autocratic governments (not to mention marketers).


[The reason I'm so appalled at this is that this question arose on 
link a decade ago, and I'd understood from that discussion that the 
generation of IPv6-addresses based on the MAC was an early idea that 
had gone away.

[If it's the instruction in the RFC, and if some designs depend on 
it, and those designs will break if the IP-address is *not* generated 
in that way, then human insecurity has been built into the 
architecture of the Internet - and not as a result of governments 
getting control of it, but by engineers asleep at the wheel.]

________________________________________________________________________

>On Sun, 2011-01-30 at 12:21 +1100, Roger Clarke wrote:
>>  As I read your post, Paul, you're saying that IETF engineers have
>>  decided that privacy doesn't matter, and that unique identification
>>  of the device is intrinsic to any IPv6 service?
>>
>>  If so, aren't anonymity and pseudonymity are banned by IETF decree?
>>
>>  Leaving aside the small question of privacy for the moment, what do
>>  the many organisations that depend on obfuscation in order to protect
>>  information and human life think of the design of IPv6?


At 18:28 +1100 30/1/11, Karl Auer wrote:
>Whoa, there Nelly! Whoa! :-)
>
>The standard, works-on-all-platforms method is automatic address
>configuration. On most/all interface types that have a hardware address,
>IPv6 automatic address configuration takes an externally provided prefix
>and builds an address out of it using the hardware address, very
>slightly (and definitely reversibly) munged.
>
>BUT: There are several other ways an address can be obtained by a host.
>Addresses can be statically configured, obtained via DHCP,
>cryptographically generated, randomly generated or the privacy
>extensions ("temporary addresses") can be used.
>
>Someone with a real need to hide their MAC address can choose any one of
>these methods to avoid advertising their MAC address to the world. In
>practice it seems likely that DHCPv6 will end up being the most common
>delivery mechanism for most end users of addresses. That's just a
>prognostication of course - the book is still being written...
>
>Now, that being said, people also need to look at whether the alleged
>badness of a "constant" or "partially constant" IP address is really
>new. Right now, you have a DHCP-allocated IP address on the outside
>interface of your home router. If it changes at all, it changes slowly
>(days or weeks between changes). You may have several levels of NAT
>between you and the website or other service you visit, but let's assume
>there's just one, and you are getting a globally routable IP address.
>That IP address "identifies" all hosts in your home network. Typically
>there are very few such hosts - often only one. That's the situation
>*now*, what are you doing about it? What can you do about it?
>
>What IPv6 does, *but only with autoconfigured addresses*, is to make
>your MAC address public. So if you take your laptop from home to an
>airport lounge and visit a a website you once visited, that website can
>be pretty sure it's seeing the same laptop (strictly speaking, the same
>interface) again.
>
>Regards, K.
>
>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Karl Auer (kauer at biplane.com.au)                   +61-2-64957160 (h)
>http://www.biplane.com.au/kauer/                   +61-428-957160 (mob)
>
>GPG fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
>Old fingerprint: B386 7819 B227 2961 8301 C5A9 2EBC 754B CD97 0156
>
>
>Content-Type: application/pgp-signature; name="signature.asc"
>Content-Description: This is a digitally signed message part
>
>Attachment converted: Rincewind:signature 7.asc (    /    ) (006A5BDC)
>_______________________________________________
>Link mailing list
>Link at mailman.anu.edu.au
>http://mailman.anu.edu.au/mailman/listinfo/link

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list