> The IPv6 Privacy Extension is defined in RFC 4941. It is a format defining temporary addresses that change in regular time intervals; successive addresses appear unrelated to each other for outsiders and are a means of protection against address correlation. Their regular change is independent from the network prefix; this way, they protect against tracking of movement as well as against temporal correlation.
So carriers (ISPs) still would need to do NAT, the RFC didn't seem (I skimmed) explicit?
Isn't the removal of processing traffic a large part of the sell for IPv6.
Also, surely the ISP can sell IP-to-user correlation lists as I assume they do now? They can presumably do it anonymously bit with some other party seeking the other part of the data that allows deobfuscation of users (eg to comply with GDRP)?
The way it works is that the ISP assigns the home user's router a prefix (e.g. 64 bits). Devices on the home network pick a random address within that prefix, and regenerate it periodically, keeping the old address alive for a while too.
Only the router needs an IPv6-to-MAC-address map (it always needed that, this was no different with IPv4). The ISP just has a static route that sends all traffic matching the prefix to the router.
With this you can still easily recognize households by IPv6 prefix, but at least you cannot reliably distinguish devices within that household.
No ISPs don't need to do NAT but you can if you like. You also don't have to do NAT with IPv4 if you only have one device or get a subnet from your ISP. It's just done because we don't have enough v4 addresses.
They can do subnet to customer correlation. The IPv6 is randomly generated by your device if you use SLAAC. But if your ISP is an adversary you have pretty much lost anyway. If they provide you with a router they can see all devices in your network (MAC and hostname) and they could also map certain devices to certain port ranges and sell that too.
I'm sorry, you've misconstrued the question. The context is the privacy extension to IPv6 under RFC 4941. So, my question was would ISPs need to do NAT in order to provide that extension -- I only skimmed the RFC but there was no other obvious way to me for it to be provided that wouldn't fall to an adversarial ISP because it appears they must do NAT to make that work?
AIUI ISPs provide a fixed prefix to customers. So I'd need to look how SLAAC would work if it uses a random IPv6 address; surely your ISP only has allowance to use a limited set of numbers that are allocated to them by IANA or whoever.
They they don't need NAT that is simply called routing. The ISP sends every packet that is in your assigned /64 to your routers IP address. It's called prefix delegation [0]
Yes they get a /32 by default (at least in RIPE) larger allocations need justification. But there are 2^32 /64 subnets in a /32 so every ISP gets a complete IPv4 internet of /64 they can assign to their customers at will. Your devices assigns itself a random IP address from that /64 network your ISP gave you via prefix delegation.
> The IPv6 Privacy Extension is defined in RFC 4941. It is a format defining temporary addresses that change in regular time intervals; successive addresses appear unrelated to each other for outsiders and are a means of protection against address correlation. Their regular change is independent from the network prefix; this way, they protect against tracking of movement as well as against temporal correlation.