[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [DNA] No FastRA unlessLandmark?(draft-pentland-dna-protocol-00)

To: greg.daley@eng.monash.edu.au
Subject: Re: [DNA] No FastRA unlessLandmark?(draft-pentland-dna-protocol-00)
From: Sathya Narayanan <sathya@research.panasonic.com>
Date: Thu, 02 Jun 2005 00:04:31 -0400
Cc: dna@eng.monash.edu.au
Sender: owner-dna@ecselists.eng.monash.edu.au

Greg -

> > 
> >>Why doesn't it know? because without the landmark you can't tell 
> that it's DNA capable.
> >>
> >>Fortunately, there are plenty of bits left in the RS header (32)
> >>which could be used to identify a DNA solicitation without divulging
> >>the last attached prefix of the host in a landmark option.
> > 
> > 
> > Yeah - we can do this. We just need to be aware that sending unicast-completeRA
> > at fastRA rate from all routers for every received RS message makes the
> > amplification effect more deadly.
> 
> It really depends on the tokens and how they're used.  If a token
> provides ABC (appropriate byte counting), then the transmission of
> a message with completeRA would diminish the number of RA messages to be sent.

Are you suggesting we change the token-bucket behavior to do ABC? I am not very comfortable with it - but I should think more about it.

> > 
> >>Please be aware that I personally consider location privacy to be a 'big issue'.
> > 
> > 
> > I don't understand this concern. When a IPv6 hosts transmits IPv6 packets on
> > the network wouldn't its IPv6 address become public immediately - or when it
> > responds to NS message for that matter - what information are you trying to
> > protect by not including a landmark option in the RS message. Please explain.
> 
> How about if I used a different MAC address and IPv6 address (+key?)
> to do DNA every time I got a link up indication?
> 
> If I was on the same link, I could go back to my existing identity.
> 
> This temporary identity couldn't be tied back to my existing identity.

Hmmmm - thats interesting. I understand. But, since the landmark is only the prefix and not the whole address, you are still not revealing your whole identity - isn't that enough? Or is there use-cases where you don't even want to reveal the prefix you are using? 

Even though the text suggests (with a MUST) in section 5.2.2 to select a prefix being used for its non-link-local address, it is not necessary to keep it as a MUST. We could relax that condition to a SHOULD - will that help with the privacy issue since the host could always chose a different prefix as the landmark.

- Sathya

Follow-Ups:
- Re: [DNA] No FastRA unlessLandmark?(draft-pentland-dna-protocol-00)
  - From: Greg Daley <greg.daley@eng.monash.edu.au>

Prev by Date: Re: [DNA] leaving out options onLandmarkRA=Yes(draft-pentland-dna-protocol-00.txt)?
Next by Date: Re: [DNA] No FastRA unlessLandmark?(draft-pentland-dna-protocol-00)
Prev by thread: Re: [DNA] leaving out options onLandmarkRA=Yes(draft-pentland-dna-protocol-00.txt)?
Next by thread: Re: [DNA] No FastRA unlessLandmark?(draft-pentland-dna-protocol-00)
Index(es):
- Date
- Thread