[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

[Eugen Leitl]

On Mon, Mar 12, 2012 at 01:17:20PM +0000, The Fungi wrote:
> On 2012-03-12 07:15:02 +0000 (+0000), Alex List wrote:
> [...]
> > A fixed ID in the Internet can bring back the memories of [2], a
> > very sensitive topic, specially for older generations.
> [...]
> 
> Which is a disappointing leap of misunderstanding, given that a
> fixed Internet address is more akin to a fixed postal/street
> address. If your address always changed, the mail and the fire
> brigade might have a lot more trouble locating your home. Hopefully
> German law doesn't dictate that everyone should get a different
> street address every day?

Instead of relying on anonymity by obscurity one should consider
using a dedicated anonymizing layer on static or dynamic addresses.
E.g. Tor https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#TorshouldsupportIPv6.

Tor should support IPv6.

That's a great idea! There are two aspects for IPv6 support that Tor needs. First, Tor needs to support exit to hosts that only have IPv6 addresses. Second, Tor needs to support Tor relays that only have IPv6 addresses.

The first is far easier: the protocol changes are relatively simple and isolated. It would be like another kind of exit policy.

The second is a little harder: right now, we assume that (mostly) every Tor relay can connect to every other. This has problems of its own, and adding IPv6-address-only relays adds problems too: it means that only relays with IPv6 abilities can connect to IPv6-address-only relays. This makes it possible for the attacker to make some inferences about client paths that it would not be able to make otherwise.

There is an  IPv6 exit proposal to address the first step for anonymous access to IPv6 resources on the Internet.

Full IPv6 support is definitely on our "someday" list; it will come along faster if somebody who wants it does some of the work.