Date: Tue, 27 Jan 2026 22:10:13 +0100 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: "Patrick M. Hausen" <pmh@hausen.com> Cc: freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: <e52f78b2-27d3-4454-920c-d04df757f473@plan-b.pwste.edu.pl> In-Reply-To: <B32765C1-568D-4104-908A-0BFD70CB1CD8@hausen.com> References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <aecexj2ljvrt343rqcywqvfy7mbr7vqppiklxqbs6bcrhvm3l7@f4uatudmhcku> <0f5fcd3d-b189-49f5-ac81-d4fb48d90a77@FreeBSD.org> <n7aw5afsi5nclf5z4p4txyh2ixrsik2ludwcbrhmszce2ohzlf@ngx6ukw2il7t> <f02cc984-c41e-4ed9-b3b0-6037e4104091@FreeBSD.org> <blfdmylxcqo5velvfztcsv6ap6eccvfrb5jh7ojgegrhbaodo7@aodorlp357k6> <39a63487-ee9a-4792-a787-d476ae6f6a0c@plan-b.pwste.edu.pl> <B32765C1-568D-4104-908A-0BFD70CB1CD8@hausen.com>
index | next in thread | previous in thread | raw e-mail
W dniu 27.01.2026 o 21:55, Patrick M. Hausen pisze: > HI all, > > Am 27.01.2026 um 21:46 schrieb Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>: > >> To narrow the impact, I suggest switching to the MAC address as the default key source instead of the interface name. > If I read the relevant RFC correctly the main argument for stable addresses in contrast to > traditional EUI-64 is the narrowing of the search space in sweep scan attacks. > Because the OUIs which make up half of the order of magnitude are well known. > > Isn't that the case, too, if we start with the MAC address and the hash algorithm > by which the final address is generated is public? > > Kind regards, > Patrick > As far as I know, this is not possible with current computing platforms, and it would probably require prolonged observation of the same host across different subnets. On the other hand, we still have EUI-64–based link-local addresses. Although they are not exposed to the Internet, they remain a concern. -- Marek Zarychtahome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e52f78b2-27d3-4454-920c-d04df757f473>