[AusNOG] IPv6 excuses

Nathanael Bettridge nathanael at prodigy.com.au
Fri May 27 20:45:47 EST 2016


> -----Original Message-----
> From: Mark Smith [mailto:markzzzsmith at gmail.com]
> On 27 May 2016 at 17:36, Nathanael Bettridge <nathanael at prodigy.com.au>
> wrote:
> >> -----Original Message-----
> >> From: Mark Smith [mailto:markzzzsmith at gmail.com] On 27 May 2016 at
> >> 16:15, Nathanael Bettridge <nathanael at prodigy.com.au>
> >> wrote:
> >> > I wonder how long before the AG’s office realizes v6 can let them
> >> > track usage of individual devices (for the data retention stuff),
> >> > and mandates v6 and the disabling of privacy extensions?
> >>
> >> "Metadata Retention and the Internet"
> >>
> >> http://telsoc.org/ajtde/2015-04-v3-n1/a4
> >
> > Just read through that now.
> > Privacy addresses are potentially a foil to this (which is why I mentioned
> them), but they can likely be linked across ephemeral addresses to some
> degree by session related data.
> 
> You'll have to explain how IPv4 NAT is somehow makes end users impervious
> to session related data. I don't think it does, otherwise many web apps
> would be failing. NATs don't act as session anonymisers.

It doesn’t. However it makes it slightly harder to match the data that we as ISPs are retaining on behalf of the government to actual individuals.

> NATs can be surprisingly transparent. You might want to have a look at this
> paper from 2002, describing a way to identify individual hosts behind a NAT
> from the outside based on the values of just one of the
> IPv4 fields that isn't changed by the NAT.
> 
> "A Technique for Counting NATted Hosts"
> https://www.cs.columbia.edu/~smb/papers/fnat.pdf
> 
> >Likewise with SHIM6. Certainly a problem for data retention in terms of
> volume however.
> > IPv6 NAT from what I can see isn't being applied on a wide scale in
> Australia. Perhaps within multihomed business environments it will find a
> place, but most consumer CPEs don’t even support NAT66 or NPT etc.
> > Data retention with a pure v6 network will certainly give far richer data to
> various agencies, that’s for sure.
> >
> 
> Have you had any experience with what LEAs can get today? You seem to be
> assuming that with IPv4 and NAT they get nothing, and with IPv6 they get
> everything. That is not the case.

I'm talking purely in terms of the historical data ISPs are required to retain here, and what can be determined from that. 
In that regard, IPv4 through a NAT results in some loss of information vs IPv6 without NAT.

With more aggressive data capture methods, of course this isn't as big a barrier by far.

-Nathanale Bettridge



More information about the AusNOG mailing list