Security and Privacy for Multi-Prefix and Provisioning Domains in IPv6

IPv6 allows for multiple addresses per interface. New work at the IETF is about provisioning domains (network signalling hosts with services are available) and routing based on the source address selecting by hosts. What are the security and privacy issues ?

IPv6 has always had an interesting property when compared to IPv4: multiple addresses out of multiple prefixes per interface. New work started at the IETF includes:

  • how the network can signal to hosts the network properties attached to a prefix draft-ietf-intarea-provisioning-domains (in short PvD) and proposes ways for applications to selec the right network services by selecting the right address from the advertised prefix(es);
  • how the network can forward packets based on the source and destination addresses

Some applications are about how to discover captive portal, how to deploy video networks, …

The talk will:

  1. briefly describe the protocols and behaviours being specified;
  2. explain the security threat model, how the PvD can mitigate a lot of threats and how relevant are the remaining threats;
  3. even more important in today world, the privacy concerns will be investigated

About the Speaker