[ipv6hackers] Dynamic prefixes & privacy (was: IPv6 prefix changing)

Owen DeLong owend at he.net
Wed Mar 21 18:26:19 CET 2012

On Mar 21, 2012, at 7:21 AM, Markus Reschke wrote:

> On Wed, 21 Mar 2012, Alex List wrote:
> Hi!
>>> Bottom line, most providers strive to minimize these disruptions because
>>> most customers don't like them. I don't know of too many people who
>>> care enough about hiding from the marketing spooks to make them
>>> worth the performance/stability penalty that they carry. I know that I
>>> have had the same IP lease from Comcast, for example, in IPv4 for
>>> almost 2 years at this point.
>> I don't know in other countries, but I think there's a market for that
>> in Germany[5]. Btw, I'm expecting here a very extensive media coverage
>> of the World IPv6 Launch Day[6].
> The latest news from AS3320 regarding IPv6 prefixes:
> They'll offer two privacy enhancements. A change-my-prefix-button at the customer self-service homepage. And the other one is a prefix randomizer built into their DSL routers. The router will choose a /64 out of the assigned /56 and change the prefix from time to time.

The change-my-prefix button seems like a reasonable approach to me. It allows those who want their prefix changed to have it done on demand while not inflicting it on the rest of the customer base. It's better than dynamic because it changes on demand, rather than being static for (possibly very long) periods of time.

The prefix randomizer is pretty silly.

> IMHO those enhancements won't help anything, because we know the /56 as soon as we see one of its /64s. The change-my-prefix-button is just a manual version of dynamic prefixes. Without PE there's enough data to track users by IPv6 addresses easily!

I'm not sure how PE helps to resolve this at the prefix level. Yes, it anonymizes the MAC address (and I can see some value in that for devices that move from network to network, though not enough to think it should be on by default), but, for a host that is on the same prefix consistently, I think PE is pretty irrelevant.


More information about the Ipv6hackers mailing list