BBC News - 'Fresh proposals' planned over cyber-monitoring

Ian Batten igb at
Thu May 9 14:30:48 BST 2013

On 8 May 2013, at 14:45, Caspar Bowden (lists) <lists at> wrote:
>> Yeah.  You mean "IPv6 would be a good idea", I think.
> Somebody should tell Surrey about

[[ I see, by the way, that BT are experimenting with NAT for their "Option 1" low-spend customers.  Cats and pigeons. ]]

RFC4941 doesn't completely remove the advantages of IPv6.

Suppose, arguendo, that you think it's a good idea for people hosting webcontent to maintain logs such that it can later be determined who accessed that content (I don't, but as I say, arguendo).

There are two problems that NAT causes that, plus a problem of composition.  NAT boundaries often don't log the inside/outside translation.  Endpoints very rarely log source ports, so the extra bits that NAT is using to extend the available address space are discarded in the log.  And even if you have a complete trace of the NAT translation history and by some miracle you have a complete set of logs from the endpoint including source port numbers, you need to be able to correlate the two, which relies on both systems having accurate clocks.

In the case of IPv6, you remove all those problems.  There's no NAT, the source addresses will be logged complete, and you don't have anything left to correlate.

An endpoint using RFC4941 won't present any problems if they're using a home broadband connection: the high-order 64 bits are unique to the location, so you get the same amount of information you would get if the broadband connection were using NAT.

An endpoint using RFC4941 won't present any problems if they're mobile: the network will probably issue /64s associated with each SIM, and therefore messing about with the low-order bits (even if it doesn't result in the connection dropping) still provides a 1:1 mapping between SIMs and logs.

So even with 4941, IPv6 networks would provide law enforcement with the same information that they would be able to get today if the mobile networks implemented perfectly logged NAT and the endpoints all logged port numbers.

Where RFC4941 does provide privacy is if you're taking your laptop from IETF meeting to IETF meeting, oh, sorry, from Starbucks to Starbucks, it prevents correlation of the low-order bits to link users together. But current IPv4 spying doesn't address that issue either.

So IPv6 would maintain spook capability, even if 4941 were deployed widely (and it is: Windows and OSX both use it on mobile devices, although it appears iOS and Android don't).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list