On 1/3/2023 12:01 PM, Phillip Hallam-Baker wrote:
On Tue, Jan 3, 2023 at 2:39 PM Brian E Carpenter <
brian.e.carpenter@xxxxxxxxx> wrote:
On 03-Jan-23 23:27, John Mattsson wrote:
IP addresses are still not only long-lived trackable identifiers, but
they also reveal your location.
IP addressing is intrinsically topological, so this is never going to
change.
(Temporary IPv6 addresses are not long-lived, but they remain topological.)
Which is an argument for not using IP addresses end-to-end.
It is also the argument behind efforts like Oblivious DNS (RFC 9230) or
Oblivious HTTP (https://datatracker.ietf.org/wg/ohttp/about/).
As Brian said, IP addresses will always embed some kind of topology, and
we should always assume that this can identify the location of sending
and receiving parties, as well as providing strong clues about their
identity. The end-to-end solution is to "wash" the addresses by going
through relays, but there is always the risk of relays participating in
tracking. The "oblivious" approach is to mitigate that by minimizing
information provided to relays.
So yes, IP addresses leak location. But also, yes, the IETF is doing
something concrete about that.
-- Christian Huitema
