[discuss] IP Protocols and Intranets

Brian E Carpenter brian.e.carpenter at gmail.com
Tue Jan 7 00:19:20 UTC 2014


Let me add my comments after Andrew's:

On 07/01/2014 06:24, ajs at anvilwalrusden.com wrote:
> Off list for now, since I need to understand more and there's some
> pressure to minimize list traffic.
> 
> On Mon, Jan 06, 2014 at 07:59:59AM -0800, nathalie coupet wrote:
> 
>> 1) Could you please explain why IPv6 creates more security concerns by its use of MAC addresses than IPv4?
> 
> Why do you think it does?

As Lee Howard also mentioned, there's a privacy issue, since your MAC address
(whether for Ethernet or Wi-Fi) is a constant value that could be used to
track and trace an individual device. But this has been a well understood
vulnerability since at least the time of the Intel chip serial number privacy
panic in 1999. We have alternatives that avoid this risk and Microsoft, for
example, no longer uses the MAC address method. This issue will go away
as part of the general trend for privacy protection (well underway
before Snowden, by the way).

Technical resource:
http://tools.ietf.org/html/draft-ietf-6man-ipv6-address-generation-privacy

>> 2) Why doesn't the IETF design a protocol for IPvX with a pool of addresses we *know* will never run out instead of renewing the difficult task of changing the routing hardware every so often when faced with the threat of depletion? (even though this might not be the case before several centuries with IPv6).
>>
> 
> The way to do this is to create variable-length addresses.  There's a
> cost to variable-length addressing, because everything that deals with
> addresses has to cope with the variable length in order to make sure
> they have the right address.  
> 
> To see a (very) rough analogy, consider parsing English sentences.  If
> we didn't have initial capitals and end-of-sentence markers, it would
> be harder to understand the meaning.  For instance:
> 
>     We need some more salad.  Who'll run to the store?
> 
>     we need some more salad who'll run to the store
> 
> For machines, it's just easier to know "this address is _n_ bits long"
> than to have to figure it out.  (You could carry the information with
> the address, but this introduces security concerns and yet more
> trade-offs.)
> 
> So, this was the best engineering judgement of the participants in the
> various WGs that decided these things.  Is that an adequate answer?
> If not, why not?

It was controversial at the time IPv6 was chosen. But it really is
a non-issue when you consider the size of the IPv6 space objectively.
Some people still disagree with this statement; I'd say it's a
point where the IETF consensus was genuinely rough, but the Area
Directors had to make a choice.

>> 3) What would designing multiple geographic Intranets do to the overall operation of the Internet (besides wreaking havoc on the business model of Big Data companies such as Google, Facebook and the likes?)
>>
> 
> We already have this.  But I think I don't fully understand what you
> mean.  Could you say more, please?

We also already have some geographies with notorious control over
entry and exit points. It wasn't hard for the old Egyptian government
to cut Egypt off when they wanted too, simply because they had imposed
the necessary controls inside their own jurisdiction. It wasn't hard
for Pakistan to block YouTube once (although by a slip of the keyboard,
they blocked it worldwide). It's expensive but not conceptually hard
to impose strict control over the web content entering a country. So I
don't understand what *new* issues we are facing.

> 
>> 4) What happened to the project of assigning the IANA function and ICANN responsibilities to the IAB? Why was it dropped?   
>>
> 
> Please tell me what you mean by "the IANA function" and I might be
> able to hint at an answer.  As I've noted on list before, there's more
> than one.  You might also like to look at Jari Arkko's blog post on
> IANA and the recent Internet-Draft on the topic.

Nothing was dropped - the IANA role was first recognized by the
IAB back when it was the Internet Activities Board. The first mention
I can find in the IAB minutes was 1990-06-28. Overseeing IANA has been
officially in the IAB's charter since 1994, which is why the IETF-ICANN
MoU about the IANA was co-signed by the IETF Chair (Fred Baker at the
time) and the IAB Chair (me at the time). Note that the ICANN signatory
was Mike Roberts, who sent an excellent note to this list yesterday.

(I tried Wikipedia for IANA history, but all I got was "Iana is a
commune in Vaslui County, Romania." See:
http://en.wikipedia.org/wiki/Internet_Assigned_Numbers_Authority#History )

   Brian



More information about the discuss mailing list