Default security functions on an IPv6 CPE

Doug Barton dougb at
Tue May 31 02:58:28 CEST 2011

On 05/30/2011 17:07, Fernando Gont wrote:
> IIRC, one of the arguments was that, if e.g. there's a single host
> active in a given subnet, even if it varies its address, it's easy to
> figure out that its simply the same host varying its Interface ID
> (particularly when the address itself is claiming that it si a temporary
> address;-)  ).

That's not the problem that privacy addresses were intended to solve. 
The real issue is that if you take the same host (laptop, whatever) and 
use it on different networks you can still be tracked because the host 
part of the address is (intended to be) globally unique. Regarding that 
threat model, privacy addresses are effective.



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the ipv6-ops mailing list