[AusNOG] IPv6 excuses
Mark Smith
markzzzsmith at gmail.com
Fri May 27 17:59:39 EST 2016
On 27 May 2016 at 17:36, Nathanael Bettridge <nathanael at prodigy.com.au> wrote:
>
>
>> -----Original Message-----
>> From: Mark Smith [mailto:markzzzsmith at gmail.com]
>> On 27 May 2016 at 16:15, Nathanael Bettridge <nathanael at prodigy.com.au>
>> wrote:
>> > I wonder how long before the AG’s office realizes v6 can let them track
>> > usage of individual devices (for the data retention stuff), and mandates v6
>> > and the disabling of privacy extensions?
>>
>> Geoff discussed IPv6, privacy addresses and metadata retention quite
>> comprehensively in:
>>
>> "Metadata Retention and the Internet"
>>
>> http://telsoc.org/ajtde/2015-04-v3-n1/a4
>
> Just read through that now.
> Privacy addresses are potentially a foil to this (which is why I mentioned them), but they can likely be linked across ephemeral addresses to some degree by session related data.
You'll have to explain how IPv4 NAT is somehow makes end users
impervious to session related data. I don't think it does, otherwise
many web apps would be failing. NATs don't act as session anonymisers.
NATs can be surprisingly transparent. You might want to have a look at
this paper from 2002, describing a way to identify individual hosts
behind a NAT from the outside based on the values of just one of the
IPv4 fields that isn't changed by the NAT.
"A Technique for Counting NATted Hosts"
https://www.cs.columbia.edu/~smb/papers/fnat.pdf
>Likewise with SHIM6. Certainly a problem for data retention in terms of volume however.
> IPv6 NAT from what I can see isn't being applied on a wide scale in Australia. Perhaps within multihomed business environments it will find a place, but most consumer CPEs don’t even support NAT66 or NPT etc.
> Data retention with a pure v6 network will certainly give far richer data to various agencies, that’s for sure.
>
Have you had any experience with what LEAs can get today? You seem to
be assuming that with IPv4 and NAT they get nothing, and with IPv6
they get everything. That is not the case.
Regards,
Mark.
More information about the AusNOG
mailing list