Default security functions on an IPv6 CPE
Doug Barton
dougb at dougbarton.us
Tue May 31 02:58:28 CEST 2011
On 05/30/2011 17:07, Fernando Gont wrote:
> IIRC, one of the arguments was that, if e.g. there's a single host
> active in a given subnet, even if it varies its address, it's easy to
> figure out that its simply the same host varying its Interface ID
> (particularly when the address itself is claiming that it si a temporary
> address;-) ).
That's not the problem that privacy addresses were intended to solve.
The real issue is that if you take the same host (laptop, whatever) and
use it on different networks you can still be tracked because the host
part of the address is (intended to be) globally unique. Regarding that
threat model, privacy addresses are effective.
Doug
--
Nothin' ever doesn't change, but nothin' changes much.
-- OK Go
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
More information about the ipv6-ops
mailing list