[address-policy-wg] RE: IPv6 addresses really are scarce after all

> Assume we agree on the needed functionality.  It is hard to
> disagree and many of us have seen the need to isolate some
> people and apparatus from others, and to assign different
> capability to them, for many years.

People want security, and the threats that Michael mention are real:
children spying on the parent's traffic, guests abusing the access to do
something illegal on the Internet. But subnets are not a particularly
efficient way of solving these threats.

Take the issue of guests abusing the privilege and engaging in illegal
action. The concrete risk is that men in black will knock at your door
and ask about said actions. Picture yourself arguing that "it obviously
wasn't me, because the packets come from the network that I provide to
my guests". The men in black will not be impressed, since you obviously
have access to all the networks in your house. Your only defense will be
to rat a specific guest, supposing of course that you are so enclined.
Subnet or no subnet will no help you do that. Access control and logs
will help, but these are not tied to subnets.

Consider then the attacks between computers on the same network. Michael
mentioned traffic snooping. But modern Wi-Fi network are protected
against that already. They negotiate different per-session keys. Even in
promiscuous mode, the Wi-Fi card does not see the unicast traffic of the
other stations in the network. In home networks, the key is derived from
an initial 4-ways handshake, secured by a pass-phrase. Most deployments
use a single pass-phrase today, so teenagers could indeed develop tools
to crack the exchange. But nothing prevents using different pass-phrases
for different group of users.

The other risk are the active attacks between connected computers.
However, as John pointed out, there is lot of demand for connectivity
between computers in the home. Many people have tried to engineer
network topologies that follow organization or authorization boundaries,
but the mostly that makes your network expensive to run without really
solving the issues. 

Also, ultimately, all forms of topology based control rely on the
security of the home router. Do you really believe that a teenager who
is clever enough to hack into Wi-Fi access protections will not also be
able to hack into the home router?

If we want actual protection, it is probably much easier to use end to
end security. And in your own house, you might consider forms of social
control, as in "OK, you hacked my computer, give me the keys of your
car..."

Frankly, I don't see users managing subnets any time soon. 

-- Christian Huitema