Default security functions on an IPv6 CPE

Fernando Gont fernando at gont.com.ar
Tue May 31 00:08:44 CEST 2011


Hi, Fred,

On 05/30/2011 06:53 PM, Fred Baker wrote:
>>> Privacy addresses are the answer here; software initiating connectivity
>>> should be doing so from temporary addresses, and other software
>>> listening for incoming connectivity should only be doing so from the
>>> public address.
>>
>> FWIW, I was told recently that Windows 7 implements some sort of
>> *privacy* addresses, rather than *temporary* addresses -- they do not
>> have modified EUI-64 format identifiers, but do not change as frequently
>> as temporary addresses.
> 
> I believe they implement
> 
> http://www.ietf.org/rfc/rfc4941.txt
> 4941 Privacy Extensions for Stateless Address Autoconfiguration in
>      IPv6. T. Narten, R. Draves, S. Krishnan. September 2007. (Format:
>      TXT=56699 bytes) (Obsoletes RFC3041) (Status: DRAFT STANDARD)

Christian Huitema had noted on 6man@ that they generate IPv6 addresses
as a result of a hash function that includes the prefix. i.e., the
address (IID) varies from network to network, but is constant within the
network.

I'll try to check on my Windows 7 box...

Best regards,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1






More information about the ipv6-ops mailing list