From nobody Mon Feb 9 20:49:35 2026 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f8xdZ3lRkz6S0Jx for ; Mon, 09 Feb 2026 20:49:38 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f8xdY32Q2z3XHV; Mon, 09 Feb 2026 20:49:37 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770670178; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=lNmIYWs4pl+EhKe5hdd0v1x+7ms3btQNqfNs26KgYxo=; b=tm9DrTc7RtkQ0Uq4N8ATpbo+Hd5nGehnvMg5tOcikFdybshmXdvlV8pQZ4En/AbRlTLjRN wVNVXyZVIDoMT6uUvrXLnFMBnsU/xdEVqn0yKfXNxamqCQ1Sj5+b9cvo7StGc3zprZgsmS M41Gl+jtlqZssPEPP+lSePOtfkex/ZbTCZvOGUdMINeSoRA9BKQ4BoyxpZFq+m5pNV01Sz hCVJ8w9cxYuqWghTn2YxVP3Ht8J+jDXhZNioQmFksqtqegpio9+rjMscGa7xZa15zdAZeC tVu+M44Wx3WaE4sbLs6jsHred3iA7ZF+7H+2kYbUdUCeqZ2zsKL3ZMs8i8yv4A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1770670177; a=rsa-sha256; cv=none; b=RK/8e9hnbSz5OD9kvYySuJmlQRs8EkfL+j+SEBcV70QxyYLMCR+i9kkRGAUoxxetJ4hih5 ubd2KD+FOJ6qfbXv6nDCKy1GkCCMRN9ygFZcW01gYnvsILkYFFu0em5E+RyOJDgdi4GZO7 IMhx/SqLN6AkOtj0gBSHSK/n+yyEPCdYGppda8QXptA35BOXE97P5r8AKiNvEPJ4WBJntC 2sPsOT1ALwJ/R1dVTB97vErjZhB5eCSDDRLmPPAlko7MoPniRBQAgTzMPxjjwZiQVnYZlU 2bwUbW8qRL+pn4aCAi8o4Z3z2iVIpbxwkNyN7bjatqLFOsryuI70Gr+bcHARJw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1770670177; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=lNmIYWs4pl+EhKe5hdd0v1x+7ms3btQNqfNs26KgYxo=; b=Ohbb52G0E1GbzkPsL3ahknMAOggVogH9ZxYCbDG1Rosgcg2UEp4sbetgIvWdkL+xAUI3ps Ug72PBL1nef7kVMytlu5pOn41Sqqi4uUwni4gmV7c4931gEb/uAs6iPRtJ8RwXGTfbhnc8 iGmUwJHaXMeA2sRpQsN3v6+LRlVH3VXCkHnbcwkKoBAwoRJX1jc8O4tG7b4nrCM3oFy5Ze pt9HAbAO5NgKu74DRkTWvm/wYvNYUqLhop0KcmjMOHw1BrPictxO+u9/7aFasliZ+zR8nL uesdWrTmt4TlswNfZKECosVINqA6WkWnasPJ3A0eiJuGDIxmCHFe/eXyPYtzTA== Received: from [IPV6:2a01:e11:2002:4280:ab9b:8bf1:ec36:413a] (unknown [IPv6:2a01:e11:2002:4280:ab9b:8bf1:ec36:413a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4f8xdX6LrCz5fc; Mon, 09 Feb 2026 20:49:36 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Message-ID: <7521210e-1348-40b8-85ed-8e7a0d3b290a@FreeBSD.org> Date: Mon, 9 Feb 2026 21:49:35 +0100 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Guido Falsi Subject: Re: we should enable RFC7217 by default To: Brooks Davis , Pouria Mousavizadeh Tehrani Cc: freebsd-current@freebsd.org References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> Content-Language: en-US Autocrypt: addr=madpilot@FreeBSD.org; keydata= xsBNBE+G+l0BCADi/WBQ0aRJfnE7LBPsM0G3m/m3Yx7OPu4iYFvS84xawmRHtCNjWIntsxuX fptkmEo3Rsw816WUrek8dxoUAYdHd+EcpBcnnDzfDH5LW/TZ4gbrFezrHPdRp7wdxi23GN80 qPwHEwXuF0X4Wy5V0OO8B6VT/nA0ADYnBDhXS52HGIJ/GCUjgqJn+phDTdCFLvrSFdmgx4Wl c0W5Z1p5cmDF9l8L/hc959AeyNf7I9dXnjekGM9gVv7UDUYzCifR3U8T0fnfdMmS8NeI9NC+ wuREpRO4lKOkTnj9TtQJRiptlhcHQiAlG1cFqs7EQo57Tqq6cxD1FycZJLuC32bGbgalABEB AAHNIkd1aWRvIEZhbHNpIDxtYWRwaWxvdEBGcmVlQlNELm9yZz7CwHgEEwECACIFAk+G+3MC GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBrmhg5Wy9KT2uIIAIrawQ89TnqEhi2C OEQAhx3uqWZuNoS6NyiSgsRCmtSnT2GOgH4Ucbr/I37SkV1B3K6HkoL6lwN8Gjf5KOgLqmTi E1W3RTwS7l8PSvdnjM9i7g351R4mTijtxawB/JcQf/Kge3Yqr1V4g6H+wQXHUStmHThbupuN trzRphvR/e5ekT0FTyVfPmpcbm68i2bwZnKUex/TNIECBykYh8b+SYMLhENf2ayRjCIWS2Ad 7tnTKhMtnS5jtW6qjBy4RoTpQD6oR1xIgkTRlQ49roVCUfdHb+Y/kh+U9G1IcoNy4vkg9IfP dwpSfnP+a8j0AZ1hMnOLZ1fYoQrs+4gVLy8Fs7TOwU0EUxB7QQEQAKFhrDceoPdK/IHDSmoj 6SQYisvM7VdhcleS7E9DoEAVt7yMbf6HbbMVTTY6ckvwTWQssywLBXNVqxgc4WLJjzfUhgef +WE75M3+WFYlOVQLGZY/zEVgma1raYnOHNAOzeHLDmEXjbZP6vGAeDyBbGfQPpE7qGYZ7ube T3XwQO+PklcCrvOPj2ZPcAxGNS2xVU/LzONqCrJqLMJSIcCdsbiSP4G5PnDFHtMokaTY6OEr 8OEQfOAerhcHUa/z7Uu8YtmaqKH+QGkE/WEgaRqSiTnv0JOTD+DxehaqvoKPPZ++2NpCZMHB 2i6A/xifmQwEiIjEXtcueBRzkNUQkxhqZyS13SrhocL9ydtaVPBzZatAEjUDDEJmAMLVFs45 qfyhMiNapHJo2n3MW/E5omqCvEkDdWX/en3P7CK2TemeaDghMsgkNKax/z0wNo5UZCkOPOz0 xpNiUilOVbkuezZZNg65741qee2lfXhQIaZ66yT7hphc/N/z3PIAtLeze4u1VR2EXAuZ2sWA dlKCNTlJMsaU/x70BV11Wd/ypnVzM68dfdQIIAj1iMFAD/lXGlEUmKXg5Ov2VQDlTntQoanC YrAg+8CttPzjrydgLZFq3hrtQmfc0se5yv1WHS69+BsUOG09RvvawUDZxUjW19kyeN9THaNR gow3kSuArUp6zSmJABEBAAHCwF8EGAEIAAkFAlMQe0ECGwwACgkQGuaGDlbL0pMN5wgA4bCk X/qwEVC06ToeR6C2putmSWQMgpDaqrv65Hubo+QGmg2P4ewTYQQ4g6oYWS03qHxqVVWhKz7F jfrV+dH8qbCLfSgIcvdBha7ayGZVrsiuMLKGbw36fcmkZPpSDOfHcP0XH8Z+u9CWj0xUkTxA lZ/7i6gYSUpG2JWNtdmE/X8VVEyXusCLwy0K0BI60A/4dRTIX3C4QKrJ3ZbUXegz70ynjHf+ lQMZ9IZKASoRMuS5FozPQh6abvmwZEPdf5I9riUElzvHrqJ8Bx0t3Pujdoth+yNHpnBxrtO8 LkQdrQ58P0SwcaIX33T2U9pG8bhu5YVR88FQ8OQ0cEsPBpDncg== In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/28/26 11:00, Brooks Davis wrote: > On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani wrote: >> Hi everyone, >> >> With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable >> it by default in CURRENT at least. >> As you may already know, we currently use the EUI64 method for generating >> stable IPv6 addresses, which has serious privacy issues. >> >> IMHO, trying to maintain backward compatibility defeats the purpose of a >> privacy RFC. >> >> To be clear, we don't want to change the ip addresses of existing servers. >> However, it's reasonable for users to expect changes during a major upgrade >> (15 -> 16), a fresh install of a new major release, or living on CURRENT. >> So, for obvious reasons, changing the default value would not be MFCed. >> >> What do you think? > > I wonder if we should ship an update to 15 (landing in 15.1) explicitly > adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to > /etc/sysctl.conf so people who later upgrade to 16 aren't painfully > surprised when their server disappears. New installs of 16 would get > the new default, but upgrades would keep the old default. The downside > would be that people who have edited sysctl.conf would have a merge > conflict to resolve, but that's a fairly normal thing. > > -- Brooks > Hi all, I just committed the change in the default (thanks to zlei for approving it, and all the reviewers). [1] I'll also send an heads up to current@ and net@ just in case. I am replying t this specific message in the thread because I do like brooks' idea on how to introduce this on stable. Once I get the MFC approved and committed [2], I could send a further PR implementing such a change on stable/15 sysctl.conf. Thanks all for the support. [1] https://cgit.freebsd.org/src/commit/?id=a2eb0894b79bd0241e51c6888a52bea369ae8a6a [2] https://reviews.freebsd.org/D54382 -- Guido Falsi