Date: Mon, 9 Feb 2026 21:49:35 +0100 From: Guido Falsi <madpilot@FreeBSD.org> To: Brooks Davis <brooks@freebsd.org>, Pouria Mousavizadeh Tehrani <pouria@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: <7521210e-1348-40b8-85ed-8e7a0d3b290a@FreeBSD.org> In-Reply-To: <aXneSjS69eGWybak@spindle.one-eyed-alien.net> References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> <aXneSjS69eGWybak@spindle.one-eyed-alien.net>
index | next in thread | previous in thread | raw e-mail
On 1/28/26 11:00, Brooks Davis wrote: > On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani wrote: >> Hi everyone, >> >> With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable >> it by default in CURRENT at least. >> As you may already know, we currently use the EUI64 method for generating >> stable IPv6 addresses, which has serious privacy issues. >> >> IMHO, trying to maintain backward compatibility defeats the purpose of a >> privacy RFC. >> >> To be clear, we don't want to change the ip addresses of existing servers. >> However, it's reasonable for users to expect changes during a major upgrade >> (15 -> 16), a fresh install of a new major release, or living on CURRENT. >> So, for obvious reasons, changing the default value would not be MFCed. >> >> What do you think? > > I wonder if we should ship an update to 15 (landing in 15.1) explicitly > adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to > /etc/sysctl.conf so people who later upgrade to 16 aren't painfully > surprised when their server disappears. New installs of 16 would get > the new default, but upgrades would keep the old default. The downside > would be that people who have edited sysctl.conf would have a merge > conflict to resolve, but that's a fairly normal thing. > > -- Brooks > Hi all, I just committed the change in the default (thanks to zlei for approving it, and all the reviewers). [1] I'll also send an heads up to current@ and net@ just in case. I am replying t this specific message in the thread because I do like brooks' idea on how to introduce this on stable. Once I get the MFC approved and committed [2], I could send a further PR implementing such a change on stable/15 sysctl.conf. Thanks all for the support. [1] https://cgit.freebsd.org/src/commit/?id=a2eb0894b79bd0241e51c6888a52bea369ae8a6a [2] https://reviews.freebsd.org/D54382 -- Guido Falsi <madpilot@FreeBSD.org>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7521210e-1348-40b8-85ed-8e7a0d3b290a>