From owner-freebsd-net@freebsd.org Wed Jun 14 02:51:15 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8456C77F3C for ; Wed, 14 Jun 2017 02:51:15 +0000 (UTC) (envelope-from rpaulo@me.com) Received: from mr11p00im-asmtp001.me.com (mr11p00im-asmtp001.me.com [17.110.69.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8C7AF76123; Wed, 14 Jun 2017 02:51:15 +0000 (UTC) (envelope-from rpaulo@me.com) Received: from process-dkim-sign-daemon.mr11p00im-asmtp001.me.com by mr11p00im-asmtp001.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0ORI00C00N8QIC00@mr11p00im-asmtp001.me.com>; Wed, 14 Jun 2017 02:51:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=04042017; t=1497408669; bh=IMOLJaFgp0MeT2VPT2K7TD/o24WpZXjL1t4q5LrD3mI=; h=MIME-version:Content-type:Message-id:Subject:From:To:Date; b=K2GJ52CgJzDgWf29Rz2MHsFbp46VbPAt44ciVycNDU1LSPMNMY7fDiq5KlDeFTIBw GX43IMyQgVogflb37/c8BHETKSrtHdrAxySvLv7VKYHau4ctu/cGUtFrwq9rzLsT5p 2/pp765iJCkfbx5VmqjYRfOYt/fjpzliS/+KmZB4x9nDaZ7ludJJOwmpuGYClrcYoS F7o9Q41W9EQZ3i/Yu4MmQnUoLtK1oGPNIzRyCLiF5A40AaXsAeVGkNv8Od+YTkK/TE uMUNhCFjFpy8I1igrgMZJBQn9zQ52TUFkRveFFszCyLoNsMSjRHpJd2SytPBCx+LHO O8wL8PsAFgsQQ== MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: text/plain; charset=UTF-8 Received: from icloud.com ([127.0.0.1]) by mr11p00im-asmtp001.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0ORI00KZPNX7F510@mr11p00im-asmtp001.me.com>; Wed, 14 Jun 2017 02:51:08 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-06-14_01:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1701120000 definitions=main-1706140052 Message-id: <1497408664.2220.3.camel@me.com> Subject: Re: Enable IPv6 Privacy Extensions by default From: Rui Paulo To: Tijl Coosemans , "Bjoern A. Zeeb" Cc: freebsd-net@FreeBSD.org Date: Tue, 13 Jun 2017 19:51:04 -0700 In-reply-to: <20170612131912.42537b13@kalimero.tijl.coosemans.org> References: <20170611215904.4612ee41@kalimero.tijl.coosemans.org> <20170612131912.42537b13@kalimero.tijl.coosemans.org> X-Mailer: Evolution 3.22.6-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2017 02:51:15 -0000 On Mon, 2017-06-12 at 13:19 +0200, Tijl Coosemans wrote: > On Sun, 11 Jun 2017 22:13:14 +0000 "Bjoern A. Zeeb" s.zabbadoz.net> wrote: > > On 11 Jun 2017, at 19:59, Tijl Coosemans wrote: > > > I recently got a new modem/router from my ISP that supports > > > IPv6.  Added > > > ifconfig_em0_ipv6="inet6 accept_rtadv" and rtsold_enable="YES" to > > > /etc/rc.conf like the handbook says and now all my FreeBSD > > > systems have > > > an IPv6 address. \o/ > > > > > > I also added these lines to /etc/sysctl.conf to enable temporary > > > addresses: > > > > > > net.inet6.ip6.use_tempaddr=1 > > > net.inet6.ip6.prefer_tempaddr=1 > > > > > > Shouldn't these be enabled by default?  There was a proposal 9 > > > years ago > > > that didn't get any objections but it seems it wasn't committed: > > > https://lists.freebsd.org/pipermail/freebsd-net/2008-June/018381. > > > html > > > > > > If there are no objections, I'll make the change in a week or > > > so.   > > > > Object :) > > > > Check the rc.conf ipv6_privacy option rather than setting the > > sysctl > > manually. > > Ah, thanks.  I see that RFC 4941 also recommends it be disabled by > default. RFC 4941 was written in a time where MAC address privacy was not a concern, but now we know better. I don't see any reason why we shouldn't have privacy addresses enabled by default. In fact, back in 2008 no one voiced their concerns. -- Rui Paulo