macos Sierra with CGA address?

Tim Chown Tim.Chown at
Wed Dec 14 12:31:55 CET 2016


> On 14 Dec 2016, at 11:08, Jeroen Massar <jeroen at> wrote:
> On 2016-12-14 11:55, Holger Zuleger wrote:
>> Hi,
>> I just realized that the permanent interface identifier of my MAC has
>> changed after upgrading to OS 10.12 (I guess).
>> The output of ifconfig shows a new "secured" flag at the permanent address.
>> $ ifconfig en0 | grep inet6 | \
>>>      sed "s/2[^:]*:[^:]*:[^:]*:[^:]*:/<prfx48>:/"
>> inet6 fe80::c54:6333:ac12:c67b%en0 prefixlen 64 secured scopeid 0x4
>> inet6 <prfx48>:20e3:84f6:6794:5ace prefixlen 64 autoconf secured
>> inet6 <prfx48>:8822:a8a3:b6ec:a79b prefixlen 64 autoconf temporary
>> I found two or three posts in the internet, all mentioning (or hoping)
>> that this is related to a change to RFC7217 as default IID mechanism.
>> But one guy sad, that the source code (of 10.11) shows, that this is a
>> cryptographic generated interface identifier for SeND (RFC3971).
>> I tend to believe that the latter is true.
> Seeing how Apple implemented things like "Happy Eyeballs" it likely is
> neither. And in the case of "Happy Eyeballs" there is no way to turn it
> off either. Filing radar bugs clearly does not help as they never get
> addressed or marked as 'dupe' at which point you do not know the status
> of the 'original' problem and well, nothing happens...

Interesting - I’d also assumed the new form of address was RFC 7217 support. I don’t think any other common OS implements SeND, does it?


More information about the ipv6-ops mailing list