Date: Wed, 28 Jan 2026 12:38:02 +0100 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Brooks Davis <brooks@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: <c81777c4-e01a-4667-8642-cd0c4bb5fb1e@plan-b.pwste.edu.pl> In-Reply-To: <aXneSjS69eGWybak@spindle.one-eyed-alien.net> References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <aXneSjS69eGWybak@spindle.one-eyed-alien.net>
index | next in thread | previous in thread | raw e-mail
W dniu 28.01.2026 o 11:00, Brooks Davis pisze: > On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani wrote: >> Hi everyone, >> >> With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable >> it by default in CURRENT at least. >> As you may already know, we currently use the EUI64 method for generating >> stable IPv6 addresses, which has serious privacy issues. >> >> IMHO, trying to maintain backward compatibility defeats the purpose of a >> privacy RFC. >> >> To be clear, we don't want to change the ip addresses of existing servers. >> However, it's reasonable for users to expect changes during a major upgrade >> (15 -> 16), a fresh install of a new major release, or living on CURRENT. >> So, for obvious reasons, changing the default value would not be MFCed. >> >> What do you think? > I wonder if we should ship an update to 15 (landing in 15.1) explicitly > adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to > /etc/sysctl.conf so people who later upgrade to 16 aren't painfully > surprised when their server disappears. New installs of 16 would get > the new default, but upgrades would keep the old default. The downside > would be that people who have edited sysctl.conf would have a merge > conflict to resolve, but that's a fairly normal thing. > > -- Brooks > Unfortunately, support for stable privacy (RFC 7217) is not implemented in stable/15, therefore any discussion about introducing this change into 15.1-RELEASE is pointless at the moment. The MFC of stable privacy (RFC 7217) support to stable/15 is under review on the Phabricator. If you support this initiative, please comment on review D54382. Cheers -- Marek Zarychtahome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c81777c4-e01a-4667-8642-cd0c4bb5fb1e>