Date: Tue, 27 Jan 2026 19:09:58 +0100 From: Guido Falsi <madpilot@FreeBSD.org> To: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org>, freebsd-current@freebsd.org Subject: Re: we should enable RFC7217 by default Message-ID: <1c328ef9-0efe-4a80-8912-920ee4905e5f@FreeBSD.org> In-Reply-To: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail
On 1/27/26 01:05, Pouria Mousavizadeh Tehrani wrote: > Hi everyone, Hi! > > With `net.inet6.ip6.use_stableaddr` now available, I believe we should > enable it by default in CURRENT at least. > As you may already know, we currently use the EUI64 method for > generating stable IPv6 addresses, which has serious privacy issues. > > IMHO, trying to maintain backward compatibility defeats the purpose of a > privacy RFC. > > To be clear, we don't want to change the ip addresses of existing > servers. However, it's reasonable for users to expect changes during a > major upgrade (15 -> 16), a fresh install of a new major release, or > living on CURRENT. > So, for obvious reasons, changing the default value would not be MFCed. > > What do you think? > I'm happy my contribution spurred this kind of interest. I would like to enable it by default on head, but I'd rather have a good consensus on this before actually doing it. it has already been noted that this shouldn't be a big problem for servers, which usually get manually assigned addresses for various reasons, so I would not worry much about that scenario. So I'm obviously in favor of this proposal. BTW I'm also proposing MFCing this to stable/15 [1]. But the feature would remain off by default there. If any source committer would feel like approving me committing this MFC it would really be appreciated. (I don't have a src commit bit, and, as far as I understand our rules, I need explicit approval to commit any change there) [1] https://reviews.freebsd.org/D54382 -- Guido Falsi <madpilot@FreeBSD.org>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1c328ef9-0efe-4a80-8912-920ee4905e5f>