From nobody Wed Jan 28 10:00:42 2026 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f1HpM6VWsz6PbSh for ; Wed, 28 Jan 2026 10:00:43 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f1HpM5m5Kz3ZvZ; Wed, 28 Jan 2026 10:00:43 +0000 (UTC) (envelope-from brooks@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769594443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=k7PjPDRNqC8DW6pR6CJRCqxpy7co/5p61Ps8oAkJTq4=; b=LHCU1jem2WSDx9mOOVGATInhLxiI5dN1VW0fFyPElbVcFwiRQmyi/O9T0Q2PshmhTLJbPY PBG1M8cO4Mn7KFbzfOqorrjvFq+PUtveAB6WNnCiPaGPM5BWhDCeSDXjVCPj1vyeXC6DMw fidos0ijNWkbkzHuf/4a1a5dhQvyKtVs7oyfN4zd4FERJnphPYgCUqJp5c+EnEHCyycZhZ Bg4eFvC+Rs/uFnEuT49CpO66uWBb/CpOgZmQJItwKRhIU3e9lizCDLR2l9ilz379tkgnUW 8BcfYlq4G28T59eSFOjjU1UkISQhgvroPQsDfU5DY5EMtL8qxGxcsu6xxFEwLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769594443; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=k7PjPDRNqC8DW6pR6CJRCqxpy7co/5p61Ps8oAkJTq4=; b=G2ehkG8P3/cFII/UW4ve2K+o35P9mt3uzvZK2ugnNIANSfyGa6TF4YMGJ4LSquHM0xTPyr sO0NcnXoDRX9O9IrslBrrIVm1nYbPVCHZXESdu/T2CWswgpA4hZ3FiXnk4u9+FhXy3aOsl HlIKIoq+gEpvRENrnooN6F038wc1xDL1Xry0kMRh8CqG3eA0rtUNbJNoh/bl6SUdyz4q9q 0oU+bxF5WjL21uQen+YNdttEMNN4nrxmOLFfeSWXJAwQilvFImUbp79DcQt0iCZYTIPqh9 zojHI2VMIRXR6t2U+eq7MEemMkyCYUG2Grnyr4QRIgJSloQvWeiTnMNGO7AwlA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769594443; a=rsa-sha256; cv=none; b=aRPmGsrY8lWvYibiozU1+Oglxj+waL5ozkoKlS37hdLtctgPRhrJXEyOKoY6W2zfvV3WbQ PXqk2hu7rKHX2WUcOtZ2Xl1+2TkcDgROJz9Hj3Vj8qgGTbiZHMIOD8PD7ehZVjRBt7Qx5F Z2jaBj8sFTnCSZ8BSEroiRxUDmy4UA+z98s7kpWMa2R8uvV4XtNOe2jCOjPy7HgiKXRsSf k0Ax1AXyLXTm44ZK9ipMRlJFbGoaEzgkrsp0dCy1j4ZBTc45WfEo4rZeecXfUUskqxFjB/ dy9GUTVbJ6IOO2XPGRaEhWwcJVz8uhR/2sqJH22h0AdQ6TtdOnST+1XlmCI5qw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: brooks/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4f1HpM4zY8zrxr; Wed, 28 Jan 2026 10:00:43 +0000 (UTC) (envelope-from brooks@freebsd.org) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id C5A1F3C01A0; Wed, 28 Jan 2026 10:00:42 +0000 (UTC) Date: Wed, 28 Jan 2026 10:00:42 +0000 From: Brooks Davis To: Pouria Mousavizadeh Tehrani Cc: freebsd-current@freebsd.org, madpilot@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani wrote: > Hi everyone, > > With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable > it by default in CURRENT at least. > As you may already know, we currently use the EUI64 method for generating > stable IPv6 addresses, which has serious privacy issues. > > IMHO, trying to maintain backward compatibility defeats the purpose of a > privacy RFC. > > To be clear, we don't want to change the ip addresses of existing servers. > However, it's reasonable for users to expect changes during a major upgrade > (15 -> 16), a fresh install of a new major release, or living on CURRENT. > So, for obvious reasons, changing the default value would not be MFCed. > > What do you think? I wonder if we should ship an update to 15 (landing in 15.1) explicitly adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to /etc/sysctl.conf so people who later upgrade to 16 aren't painfully surprised when their server disappears. New installs of 16 would get the new default, but upgrades would keep the old default. The downside would be that people who have edited sysctl.conf would have a merge conflict to resolve, but that's a fairly normal thing. -- Brooks