[Cryptography] peering through NAT

Matt Palmer matt at hezmatt.org
Sun May 12 19:34:43 EDT 2019

On Fri, May 10, 2019 at 08:06:56PM -0700, Christian Huitema wrote:
> But then, having a unique stable address/identifier for each device has
> some pretty nasty privacy implications.  It is not hard to find privacy
> advocates who believe that Carrier Grade NAT is great, because it lets
> people hide.

It is not hard to find *someone* in support of any position.  It does not,
however, make it correct.  CGNAT is no better than per-CPE NAT, from a
privacy/anonymity perspective.

Common CGNAT equipment, for legal reasons, constrains each customer to a
fixed range of source ports on a single public IP, because it's a lot easier
and cheaper to log "customer X is on ports 2000-2050" than it is
to log every outgoing connection's (IP, port, customer) tuple.

IPv6 is no better, of course, but it is also no worse.  Use random IPv6
addresses within the /64 assigned to your LAN, chosen for every single
outgoing connection if you really want it.  The first RFC specifying a
standard algorithm for assigning privacy addresses (RFC3041) is now old
enough to drink in civilized jurisdictions, so nobody who claims to be
knowledgeable in this area should be surprised by its existence.

With randomised IPv6 addresses, you get the same benefits as IPv4 NAT (CG-
or otherwise).  You can be associated with other connections from the same
ISP account in all cases.  There's always an ISP-assigned identifier --
whether that be an IP+port range, public IP, or /64 prefix -- that doesn't
change, but device-level associations have to be done a layer higher than
that of network addressing.

- Matt

More information about the cryptography mailing list