Iljitsch van Beijnum wrote: > On 21 feb 2008, at 16:34, Harald Alvestrand wrote: > >> Think of the case where there are 1000 users on a LAN, and one of them >> desires to use the address privacy option for all the normal reasons. > >> Then think about the policeman / bad guy / secret agent / mafioso with a >> trace of all traffic from that LAN - he can immediately say that the 999 >> were using non-privacy-enhanced addresses, and the resulting trace will >> show him immediately what the 1000th was up to, no matter how many times >> he changed his address. > > I'm assuming you mean "a trace of the activities of addresses from > that LAN as seen from elsewhere", because if they can sniff the LAN > they can also see the link addresses. > > But what the good/bad guy sees is 1099 addresses, 999 of which are > used for somewhat long periods, and 100 of which are used for somewhat > short periods. They don't know how many users there were on the LAN, > although they can probably guess to within 10% or so based on the > amount of traffic. They also don't have any way to know which user was > using which privacy address at any given time unless they had a much > more intimite view of the LAN in question. > Unless you implement an identifiable format for privacy enhanced addresses; in that case they can 100% accurately say that 100 addresses were "used by someone with something to hide". That was the idea I was trying to point out the bad sides of. _______________________________________________ IETF mailing list IETF@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf