FWIW, in Flanders (Northern region of Belgium) the two largest ISPs (Telenet and Belgacom) have been enabling IPv6 for their customers for the last year or so. Unfortunately, this only includes residential customers that got the latest CPE model (though luck if you're stuck with an older model). In the case of Telenet (monopoly ISP on HFC network) every customer gets a /56 subnet. This is just to say that (some) ISPs are actually rolling out IPv6. I would imagine the situation to be similar in other regions of the world. Floris On wo 25 jun 2014 07:55:22 CEST, Brian Trammell wrote: > > hi Martin, all, > > On 25 Jun 2014, at 01:55, Martin Rex <mrex@xxxxxxx> wrote: > >> >> Why would any private individual want to get an IPv6 address? >> With DHCP IPv4 + NAT (on your Home router) and even more so with CGN, >> you may have at least a vague chance that your ID doesn't stick out >> of every IP datagram like a sore thumb. With IPv6, you're stripped >> naked for traffic analysis by every governmental agency worldwide, no >> matter >> how strong you encrypt your traffic. > > > There is an incredibly dubious assumption hidden in this statement > that it's hard to map NATted addresses to user and session > identifiers. Not only is it not particularly hard, it's actually > _required_ in certain jurisdictions for ISPs to keep this mapping > information to respond to LE requests. > > Even if you're _not_ the ISP or (quasi-)legally empowered to compel it > to give you this information, there's enough information radiated by > application layer protocols that you can tease session identifiers > back out of traces even without payload and with addressing > information *purposefully* destroyed, as opposed to merely tweaked for > operational expediency. See e.g. Coull et al "Playing Devil's > Advocate: Inferring Sensitive Information from Anonymized Network > Traces" NDSS 2007; Wright et al "On Inferring Application Protocol > Behaviors in Encrypted Network Traffic" Journal of Machine Learning > Research 2006; and the citation trees rooted at those two papers. > > Network address translation is simply an expedient technique to tease > a few more bits out of the address space by hiding those bits in > transient state kept along the path. The assumption that it is somehow > hard to store or reconstruct that transient state is simply incorrect. > > As a method for protecting privacy, NAT is privacy theater, full stop. > >> >> The end-2-end principle is equivalent to a fairly complete loss of >> privacy. >> Really, I'm glad that I can use IPv4 and get a new IPv4 address assigned >> several times a day. > > > I'm pretty sure I read somewhere that we're out of "new" IPv4 > addresses. :) So those addresses aren't new, they're reused. So the > important metric here isn't the frequency of change, but (1) the size > of the set of addresses and (2) the predictability of that set. Unless > you're changing your ISP several times a day, NAT serves only to > "hide" you in a pool of a very small number of bits of address entropy. > > Regards, > > Brian >
Attachment:
signature.asc
Description: OpenPGP digital signature