Hi Doug, > > > > We have local source address selection mechanisms in recent Windows > versions that use randomized IIDs on outbound connections today. This > doesn't prevent exposure of the information regarding the internal > network structure, but nor do firewalls at publically addressed IPv4 > institutions today. > > This has been covered many times, but once more (with feeling) ... > > The problem that 4941 is designed to fix is to avoid being able to > track the same user on *different* networks. This is possible because > by default the host portion of the address remains constant, and > theoretically globally unique. > > Privacy for a user that is always connecting through the same network > is a whole different basket of bagels. We have not had carrier NAT solutions until walled gardens came in with 3G networks, and now people are mooting CGNs, but I have not seen many in general use for access networks. Up until now, we have migrated addresses when a new PDP-Context, PPP (Dialup/xDSL) or DHCP Lease has been supplied. In IPv4, the session uniquely identifies/identified the session and links to the user during that interval. The same is true for IPv6, except that IPv6 defaulted to MAC based IIDs. With 4941, the same Layer 2 identity is removed, and we have the same circumstances with IPv4 and IPv6. So CGNs for IPv4 are an answer to a new question that you pose where the implicit assumption is that it is insufficient to maintain address unlinkability between different PDP-Context/PPP/DHCP sessions. Given that we have good local addressing mechanisms in IPv6 (ULA, Link-local) and automatic global prefix configuration mechanisms (SAA/RA/DHCPv6/DHCPv6-PD), I would like to know: What are the advantages of CGNs for IPv6 and does the cost to application development justify the change? Sincerely, Greg Daley _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf