Over-utilisation of v6 neighbour slots

Benedikt Stockebrand bs at stepladder-it.com
Thu Oct 24 13:14:10 CEST 2013


Hi Gert and list,

Gert Doering <gert at space.net> writes:

>> This is too simple: If I want to avoid people/devices being tracked when
>> moving from one link to another, then I need to use a new temporary
>> address whenever I switch between links.  
>
> link address = md5(prefix+randombits)
>
> not that hard, ain't it?

depends on the CPU/MCU power you have at hand, but generally speaking
that should be the way to go.  It still leaves the question if an
attacker controlling the prefix assigned could do anything with this,
but I don't see any issue here right away.

> So when changing links, you get a different temporary address, if you
> go back, and the timer (that goes into "randombits") has not yet fired,
> you get the same one you had before.

Yes, that's basically what should be done.

> ISTR that Fernando has a draft about that already.

So, in a few years from now (after the RFC has been released, the
various vendors have implemented it and the salespeople have rolled it
out...) the problem may be gone.  Good.  So now we only have to deal
with it as an intermediate problem:-)


Cheers,

    Benedkt

-- 
			 Business Grade IPv6
		    Consulting, Training, Projects

Benedikt Stockebrand, Dipl.-Inform.        http://www.stepladder-it.com/



More information about the ipv6-ops mailing list