Default security functions on an IPv6 CPE

Fernando Gont fernando at gont.com.ar
Tue May 31 15:04:07 CEST 2011


On 05/30/2011 11:30 PM, Fred Baker wrote:
>>>> Christian Huitema had noted on 6man@ that they generate IPv6
>>>> addresses as a result of a hash function that includes the
>>>> prefix. i.e., the address (IID) varies from network to network,
>>>> but is constant within the network.
>>> 
>>> Yeah, my understanding is that it's not quite 4941, it's what I 
>>> not-really-jokingly refer to as the microsoft embrace and extend
>>> 4941 work-alike. In this particular case the differences don't
>>> seem to actually hurt anything however, so points for that. :)
>> 
>> Well, it does help privacy -- provided you think that temp
>> addresses help in that area (many argue that they don't, though)
> 
> I'm not sure that "privacy" addresses or temporary addresses help
> privacy; 

FWIW, I should have s/help/hurt/ (i.e., the Microsoft approach (over
RFC4941) does hurt one aspect of privacy).


> if we can find the user of an IPv4 address, we can probably
> find the user of an IPv6 address. They do offer some alternatives
> when MAC addresses aren't so obvious, and if using a MAC address
> makes someone uncomfortable, they provide an alternative there as
> well.

+1

Thanks,
-- 
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at acm.org
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1





More information about the ipv6-ops mailing list