From owner-freebsd-net@FreeBSD.ORG Tue Jun 10 12:54:33 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3CA911065670 for ; Tue, 10 Jun 2008 12:54:33 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id CB5AE8FC13 for ; Tue, 10 Jun 2008 12:54:32 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-055-146.pools.arcor-ip.net [88.66.55.146]) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis) id 0MKwtQ-1K63Mt2Mcf-0004CT; Tue, 10 Jun 2008 14:54:31 +0200 Received: (qmail 46219 invoked by uid 80); 10 Jun 2008 12:52:29 -0000 Received: from 141.3.70.194 (SquirrelMail authenticated user mlaier) by mlaier.homeunix.org with HTTP; Tue, 10 Jun 2008 14:52:29 +0200 (CEST) Message-ID: In-Reply-To: <484E0C08.1060800@FreeBSD.org> References: <484E0C08.1060800@FreeBSD.org> Date: Tue, 10 Jun 2008 14:52:29 +0200 (CEST) From: "Max Laier" To: "Doug Barton" User-Agent: SquirrelMail/1.4.15 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Provags-ID: V01U2FsdGVkX18Lyo6xh1A3IzVDt/36kvT3nFqSARnO9clFHSg BUpSu+UYq4QoIYZxOufVf6NbSOlMbpZ8J9n6CnTH8qBCjHYQJx cHdvvPJhXaJNVWyJyckEQ== Cc: freebsd-net@freebsd.org, so@freebsd.org Subject: Re: Proposal: Enable IPv6 Privacy Extensions (RFCs 3041/4941) by default X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2008 12:54:33 -0000 Am Di, 10.06.2008, 07:07, schrieb Doug Barton: > By default, IPv6 stateless autoconfiguration creates a 64 bit hostid > for each interface based on the mac address (for ethernet, but for us > that's the common case). This is convenient since if you're using RA > neither the user nor the admin has to do anything to get the node on > line, it "just works." There is a privacy issue with this however, > because this identifier is created in such a way as to make it > globally unique, the machine (and therefore in almost all cases the > user) can be tracked by third parties such as web sites, even if they > move from one network prefix to another, such as with a laptop. > > To address those privacy concerns RFC 3041 was written, and eventually > obsoleted by RFC 4941. ftp://ftp.rfc-editor.org/in-notes/rfc4941.txt > Our IPv6 implementation comes with the code to enable this feature, > but by default it is turned off. My proposal is to enable it by > default, and give the user a knob in rc.conf to turn it off. I'm > interested in any arguments y'all might have for or against. To test > this is pretty simple, add the following to /etc/sysctl.conf: > net.inet6.ip6.use_tempaddr=1 > net.inet6.ip6.prefer_tempaddr=1 > > The "normal" EUI-64-based address will still be configured, but there > will also be a random identifier added to the interface as an alias, > and outgoing traffic will go out from that address. > > In way of comparison, windows starting with XP enables this feature by > default for clients, and has a knob to enable it for servers. I'd be > interested to hear what other systems do. > > > Thoughts? All for it. Are you, however, sure that we implement RFC 4941 fully? I think there are some configuration parameters missing. Also, I seem to recall that our DAD wasn't quite state-of-the-art, yet. Finally, any chance I can get you to implement the socket options in RFC 5014, so that programs have can force a temp/static address if they so choose - independent of the global setting. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News