Date: Tue, 10 Jun 2008 14:52:29 +0200 (CEST) From: "Max Laier" <max@love2party.net> To: "Doug Barton" <dougb@FreeBSD.org> Cc: freebsd-net@freebsd.org, so@freebsd.org Subject: Re: Proposal: Enable IPv6 Privacy Extensions (RFCs 3041/4941) by default Message-ID: <f631fe5a908400203c4b498ffd56d030.squirrel@mlaier.homeunix.org> In-Reply-To: <484E0C08.1060800@FreeBSD.org> References: <484E0C08.1060800@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Di, 10.06.2008, 07:07, schrieb Doug Barton: > By default, IPv6 stateless autoconfiguration creates a 64 bit hostid > for each interface based on the mac address (for ethernet, but for us > that's the common case). This is convenient since if you're using RA > neither the user nor the admin has to do anything to get the node on > line, it "just works." There is a privacy issue with this however, > because this identifier is created in such a way as to make it > globally unique, the machine (and therefore in almost all cases the > user) can be tracked by third parties such as web sites, even if they > move from one network prefix to another, such as with a laptop. > > To address those privacy concerns RFC 3041 was written, and eventually > obsoleted by RFC 4941. ftp://ftp.rfc-editor.org/in-notes/rfc4941.txt > Our IPv6 implementation comes with the code to enable this feature, > but by default it is turned off. My proposal is to enable it by > default, and give the user a knob in rc.conf to turn it off. I'm > interested in any arguments y'all might have for or against. To test > this is pretty simple, add the following to /etc/sysctl.conf: > net.inet6.ip6.use_tempaddr=1 > net.inet6.ip6.prefer_tempaddr=1 > > The "normal" EUI-64-based address will still be configured, but there > will also be a random identifier added to the interface as an alias, > and outgoing traffic will go out from that address. > > In way of comparison, windows starting with XP enables this feature by > default for clients, and has a knob to enable it for servers. I'd be > interested to hear what other systems do. > > > Thoughts? All for it. Are you, however, sure that we implement RFC 4941 fully? I think there are some configuration parameters missing. Also, I seem to recall that our DAD wasn't quite state-of-the-art, yet. Finally, any chance I can get you to implement the socket options in RFC 5014, so that programs have can force a temp/static address if they so choose - independent of the global setting. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f631fe5a908400203c4b498ffd56d030.squirrel>