Default security functions on an IPv6 CPE
Fred Baker
fred at cisco.com
Tue May 31 04:30:44 CEST 2011
On May 30, 2011, at 3:31 PM, Fernando Gont wrote:
> On 05/30/2011 07:21 PM, Doug Barton wrote:
>
>>> Christian Huitema had noted on 6man@ that they generate IPv6 addresses
>>> as a result of a hash function that includes the prefix. i.e., the
>>> address (IID) varies from network to network, but is constant within the
>>> network.
>>
>> Yeah, my understanding is that it's not quite 4941, it's what I
>> not-really-jokingly refer to as the microsoft embrace and extend 4941
>> work-alike. In this particular case the differences don't seem to
>> actually hurt anything however, so points for that. :)
>
> Well, it does help privacy -- provided you think that temp addresses
> help in that area (many argue that they don't, though)
I'm not sure that "privacy" addresses or temporary addresses help privacy; if we can find the user of an IPv4 address, we can probably find the user of an IPv6 address. They do offer some alternatives when MAC addresses aren't so obvious, and if using a MAC address makes someone uncomfortable, they provide an alternative there as well.
More information about the ipv6-ops
mailing list