[LINK] IPv6 vs. Human Security [Was Re: smartphone privacy problems]

Scott Howard scott at doc.net.au
Mon Jan 31 15:38:49 AEDT 2011


On Sun, Jan 30, 2011 at 7:59 PM, Richard Chirgwin
<rchirgwin at ozemail.com.au>wrote:

> It's feasible to me that in the original design of IPv6, privacy may
> have been completely overlooked.
>

It's worth keeping in mind that as much as IPv6 seems like a "new" protocol,
it's actually been around for close 15 years - well before mobility or
privacy in the forms we have them today were a real concern.

However, that doesn't mean this oversight persists:
> http://tools.ietf.org/html/draft-ietf-ipv6-privacy-addrs-v2-05
>

The correct reference for that document is RFC 3041, which has since been
obsoleted by RFC 4941.  This RFC was mentioned in the initial thread, and
removes the issue completely.

A question: does anyone know whether those implementing v6 support (eg
> in routers, etc) in 2011 take into account the existence of privacy
> extensions?
>

As I mentioned previously, Windows (at least Vista and 7) has it enabled by
default on both wired and wireless interfaces.  Routers are less of an
issue, there are technical reasons why turning it on might not be a good
idea - but as they normally don't make outgoing connections there's very few
if any privacy issues.

How address allocation occurs on devices like mobile phones is still to be
seen - but I'd be surprised if mobile phone manufacturers don't enable
RFC4941 by default.

  Scott



More information about the Link mailing list