When I was a child it could be expensive to call people on the telephone outside your local area (which was free), and very expensive to call internationally. But there was a universal addressing and exchange system by which every phone could (in theory) call every other phone. Could we get back to that using lifetime IPv6 addresses as phone numbers, and what would be the privacy implications (if any)?

Follow

@strypey IPv6 has "lifetime" addresses, it's a function of the MAC address on the Interface. The privacy implication is that you got a single address that can track an individual device, even across different networks.

By default, most IPv6 stacks configure that address (and listen on it, if any services are listening), as well as a randomized "privacy address" that's rotated with some regularity.

@r000t that's roughly how I was thinking about it. What do you think about the details @Wolf480pl laid out here?
niu.moe/@Wolf480pl/10256320191

@strypey @Wolf480pl
Realistically, you could get a /56 from a transit provider near you, and route subnets out of that to individual places, potentially using a site-to-site VPN. There are also official parts of the spec that allow subnets to "roam"

Assigning a prefix per person, to be kept for life, seems a bit silly though. This is why DNS was invented; there's no reason for individual people to remember "my friend's prefix"

@strypey @r000t
only the lower 64 bits of the IPv6 address is derived from the MAC address. The upper 64 bits are taken from the prefix announced by a router in Route Advertisements.

So if your lower half is 1234:56ff:fe78:90ab

and your router at home has a 2001:db8:11:200::/56 prefix from the ISP, then when you're at home, you'll have
2001:db8:11:200:1234:56ff:fe78:90ab

but when you're using wifi at an train station, and the station has 2001:db8:44:7700::/56 from the ISP, and that's 5th hotspot of that train company which announces announces 2001:db8:44:7705::/64 to whoever connects to it, then your IP will be
2001:db8:44:7705:1234:56ff:fe78:90ab

@strypey @r000t
there's also a thing called Mobile IPv6 [1] which allows you to use your home IP address wherever you go, but that relies on your home internet connection being up, or at least you still having a contract with your home ISP.

The leading bits of your IP address are like an area code in phone network. But while the phone network has so much headroom it can do away with area codes and just route each phone number individually, on the Internet that would be too much overhead. You need to aggregate routes into larger blocks that go in the same general direction, or things will become very slow.

[1]: en.wikipedia.org/wiki/Mobile_I

@Wolf480pl @strypey
(yeah definitely listen to this guy, he shits all over me in this particular department)

@Wolf480pl I clearly need to do some reading up on #IPv6 implementation. Can you suggest a primer for a semi-literate like myself? ;)
@r000t

@strypey @r000t
See, the problem is... I tend to combine scraps of knowledge from various sources and then forget which comes from where...

I guess the wikipedia article on IPv6[1] is a nice starting point,
especially the Addressing[2] section. Then let your usual wikipedia-traversal-tab-explosion take over, though I guess the articles about addressing[3] and NDP[4] are particularly noteworthy. When you have a good overview and want more technical details or an authoritative source, you can read the RFCs Wikipedia mentions.

Also, if you're more into the how ISPs work, there's stuff like ASNs[5], Provider-Independent[6] and Provider-Aggregatable[7] address space, peering[8], etc, and also some nice CCC talks about some of that stuff, which I could try to find if you wanted.

[1]: en.wikipedia.org/wiki/IPv6
[2]: en.wikipedia.org/wiki/IPv6#Add
[3]: en.wikipedia.org/wiki/IPv6_add
[4]: en.wikipedia.org/wiki/Neighbor
[5]: en.wikipedia.org/wiki/Autonomo
[6]: en.wikipedia.org/wiki/Provider
[7]: en.wikipedia.org/wiki/Provider
[8]: en.wikipedia.org/wiki/Peering

@Wolf480pl CCC talks, yes please. I just need a digestible overview.
@r000t

@strypey @r000t
well, I don't know of any IPv6-specific CCC talks. Also, I don't know what your level is.

There's "Internet - the business side" which talks about ISPs, their policies, and relationships with each other. IIRC I watched this and it was good, but I'm not sure this is what you're looking for.

media.ccc.de/v/35c3-10019-inte

Then there's "How does the Internet work" which is a Foundations talk, which means it's meant for complete beginners. I haven't watched it, but apparently it talks about DNS, IPv4, routing, and all kinds of basic stuff. I kinda thought you know at least half of it, but you consider yourself a total beginner wrt. network protocols, in theory this should be a good start.

media.ccc.de/v/35c3-10005-how_

@Wolf480pl I'll definitely have a look at the first one. I learned all the internet protocol basics in a course I did nearly 20 years ago, so maybe it wouldn't hurt to have a refresher, and I may be in a position to absorb a level of detail that was too much for me when I was first learning it all (and a new Dad to boot, suffering from major sleep dep ;)
@r000t

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.