On Aug 3, 2011, at 10:53 AM, Jay Ashworth wrote:
----- Original Message -----
From: "Owen DeLong" <owen@delong.com>
On Aug 3, 2011, at 6:55 AM, Jay Ashworth wrote:
You guys aren't *near* paranoid enough. :-)
If the ISP
a) Assigns dynamic addresses to customers, and b) changes those IPs on a relatively short scale (days)
then
c) outside parties *who are not the ISP or an LEO* will have a relatively harder time tying together two visits solely by the IP address.
ROFL... Yeah, right... Because the MAC suffix won't do anything.
Did I mention I haven't implemented v6 yet? :-)
No, you didn't. Perhaps you should spend some time learning about it before you opine on how it should or should not be implemented. FWIW, I have implemented IPv6 in multiple organizations, including my home where I've been running with it for several years.
*Really*? It bakes the endpoint MAC into the IP? Well, that's miserably poor architecture design.
It can and it is a common default. It is not required. It's actually rather elegant architecture design for the goals it was implemented to accomplish.
While this isn't "privacy", per se, that "making harder" is at least somewhat useful to a client in reducing the odds that such non-ISP/LEO parties will be unable to tie their visits, assuming they've controlled the items they *can* control (cookies, flash cookies, etc).
Which is something, what, 1% of people probably even know how to do, let alone practice on a regular basis.
Yup; let's go out of our way to penalize the smart people; that's a *great* plan; I so enjoy it when people do it -- and they do it *far* too often for my tastes.
No, my point is that if you use RFC-4193, there's not really much benefit from altering the prefix, so, nobody gets penalized and you can still have static addresses. Further, I consider myself relatively smart and by not having static prefixes, you're blocking things I want, so, arguably dynamic prefixes also penalize the smart people.
Imperfect security != no security, *as long as you know where the holes are*.
If people want this, they can use RFC-4193 to just about the same effect. The ISP modifying the prefix regularly simply doesn't do much.
I'll make a note of it.
Let me know if you have further questions. Owen