Date: Tue, 27 Jan 2026 21:55:07 +0100 From: "Patrick M. Hausen" <pmh@hausen.com> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: <B32765C1-568D-4104-908A-0BFD70CB1CD8@hausen.com> In-Reply-To: <39a63487-ee9a-4792-a787-d476ae6f6a0c@plan-b.pwste.edu.pl> References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <aecexj2ljvrt343rqcywqvfy7mbr7vqppiklxqbs6bcrhvm3l7@f4uatudmhcku> <0f5fcd3d-b189-49f5-ac81-d4fb48d90a77@FreeBSD.org> <n7aw5afsi5nclf5z4p4txyh2ixrsik2ludwcbrhmszce2ohzlf@ngx6ukw2il7t> <f02cc984-c41e-4ed9-b3b0-6037e4104091@FreeBSD.org> <blfdmylxcqo5velvfztcsv6ap6eccvfrb5jh7ojgegrhbaodo7@aodorlp357k6> <39a63487-ee9a-4792-a787-d476ae6f6a0c@plan-b.pwste.edu.pl>
index | next in thread | previous in thread | raw e-mail
HI all, Am 27.01.2026 um 21:46 schrieb Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>: > To narrow the impact, I suggest switching to the MAC address as the default key source instead of the interface name. If I read the relevant RFC correctly the main argument for stable addresses in contrast to traditional EUI-64 is the narrowing of the search space in sweep scan attacks. Because the OUIs which make up half of the order of magnitude are well known. Isn't that the case, too, if we start with the MAC address and the hash algorithm by which the final address is generated is public? Kind regards, Patrickhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B32765C1-568D-4104-908A-0BFD70CB1CD8>