From nobody Tue Jan 27 20:55:07 2026
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f0yNG00vkz6QQHq
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Tue, 27 Jan 2026 20:55:25 +0000 (UTC)
	(envelope-from pmh@hausen.com)
Received: from mail2.pluspunkthosting.de (mail2.pluspunkthosting.de [217.29.33.228])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4f0yNF2YjMz3fKk
	for <freebsd-current@freebsd.org>; Tue, 27 Jan 2026 20:55:25 +0000 (UTC)
	(envelope-from pmh@hausen.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from smtpclient.apple (87.138.185.145)
 by mail2.pluspunkthosting.de (Axigen)
 with (ECDHE-RSA-AES256-GCM-SHA384 encrypted) ESMTPSA id 1F19A8;
 Tue, 27 Jan 2026 21:55:18 +0100
Content-Type: text/plain;	charset=us-ascii
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@FreeBSD.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.300.41.1.7\))
Subject: Re: we should enable RFC7217 by default
From: "Patrick M. Hausen" <pmh@hausen.com>
In-Reply-To: <39a63487-ee9a-4792-a787-d476ae6f6a0c@plan-b.pwste.edu.pl>
Date: Tue, 27 Jan 2026 21:55:07 +0100
Cc: freebsd-current@freebsd.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <B32765C1-568D-4104-908A-0BFD70CB1CD8@hausen.com>
References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org>
 <aecexj2ljvrt343rqcywqvfy7mbr7vqppiklxqbs6bcrhvm3l7@f4uatudmhcku>
 <0f5fcd3d-b189-49f5-ac81-d4fb48d90a77@FreeBSD.org>
 <n7aw5afsi5nclf5z4p4txyh2ixrsik2ludwcbrhmszce2ohzlf@ngx6ukw2il7t>
 <f02cc984-c41e-4ed9-b3b0-6037e4104091@FreeBSD.org>
 <blfdmylxcqo5velvfztcsv6ap6eccvfrb5jh7ojgegrhbaodo7@aodorlp357k6>
 <39a63487-ee9a-4792-a787-d476ae6f6a0c@plan-b.pwste.edu.pl>
To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
X-Mailer: Apple Mail (2.3864.300.41.1.7)
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Rspamd-Queue-Id: 4f0yNF2YjMz3fKk

HI all,

Am 27.01.2026 um 21:46 schrieb Marek Zarychta =
<zarychtam@plan-b.pwste.edu.pl>:

> To narrow the impact, I suggest switching to the MAC address as the =
default key source instead of the interface name.

If I read the relevant RFC correctly the main argument for stable =
addresses in contrast to
traditional EUI-64 is the narrowing of the search space in sweep scan =
attacks.
Because the OUIs which make up half of the order of magnitude are well =
known.

Isn't that the case, too, if we start with the MAC address and the hash =
algorithm
by which the final address is generated is public?

Kind regards,
Patrick=