On Fri, Feb 12, 2016 at 11:15 PM, Brian E Carpenter <brian.e.carpenter@xxxxxxxxx> wrote:
To be clear, I don't have a strong opinion on this; it simply seemed like> Yes. Also, we can add text explaining that once these problems are better
> understood and the IETF agrees on the proper way to handle anonymous prefix
> delegation, clients MAY use the agreed upon solution. Which is kind of
> redundant, but if you guys prefer it that way, why not.
something the IPv6 community should be aware of before it ends up in an RFC.
I also noticed this morning that it might impact draft-ietf-v6ops-host-addr-availability.
+1 to the other comments here.
I see no reason why prefix delegation should be worse for anonymity than address assignment. In fact, using prefix delegation instead of address assignments provides benefits for anonymity against off-link attackers, because delegating a prefix to a client allows that client to use many different addresses (potentially, even a different address for every remote host it connects to, or a different address for every new TCP connection).
As Brian says, there are many other reasons why a network would want to provide a dedicated prefix to the host; see draft-ietf-v6ops-host-addr-availability .
I would instead say something like:
====
The anonymity properties of DHCPv6 Prefix Delegation, which use IA_PD identity associations, are similar to those of of DHCPv6 address assignment using IA_NA identity associations.
Because current host OS implementations do not typically request prefixes, clients that wish to use DHCPv6 PD - just like clients that wish to use any DHCP or DHCPv6 option that is not currently widely used - should recognize that doing so will serve as a form of fingerprinting unless or until client use of DHCPv6 PD becomes more widespread.
====