Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Proposal: Enable IPv6 Privacy Extensions (RFCs 3041/4941) by default

82 views
Skip to first unread message

Doug Barton

unread,
Jun 10, 2008, 1:07:20 AM6/10/08
to freeb...@freebsd.org, s...@freebsd.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

By default, IPv6 stateless autoconfiguration creates a 64 bit hostid
for each interface based on the mac address (for ethernet, but for us
that's the common case). This is convenient since if you're using RA
neither the user nor the admin has to do anything to get the node on
line, it "just works." There is a privacy issue with this however,
because this identifier is created in such a way as to make it
globally unique, the machine (and therefore in almost all cases the
user) can be tracked by third parties such as web sites, even if they
move from one network prefix to another, such as with a laptop.

To address those privacy concerns RFC 3041 was written, and eventually
obsoleted by RFC 4941. ftp://ftp.rfc-editor.org/in-notes/rfc4941.txt
Our IPv6 implementation comes with the code to enable this feature,
but by default it is turned off. My proposal is to enable it by
default, and give the user a knob in rc.conf to turn it off. I'm
interested in any arguments y'all might have for or against. To test
this is pretty simple, add the following to /etc/sysctl.conf:
net.inet6.ip6.use_tempaddr=1
net.inet6.ip6.prefer_tempaddr=1

The "normal" EUI-64-based address will still be configured, but there
will also be a random identifier added to the interface as an alias,
and outgoing traffic will go out from that address.

In way of comparison, windows starting with XP enables this feature by
default for clients, and has a knob to enable it for servers. I'd be
interested to hear what other systems do.


Thoughts?

Doug

- --

~ This .signature sanitized for your protection

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)

iEYEAREDAAYFAkhODAcACgkQyIakK9Wy8PumNgCg8Gi+sa0OYanbVcY1IgGu0S3i
64sAn2edBnEh1YkEeqvKPHrAZnOQAbsr
=PNXz
-----END PGP SIGNATURE-----

Randy Bush

unread,
Jun 10, 2008, 3:45:29 AM6/10/08
to Doug Barton, freeb...@freebsd.org, s...@freebsd.org
> To address those privacy concerns RFC 3041 was written, and eventually
> obsoleted by RFC 4941. ftp://ftp.rfc-editor.org/in-notes/rfc4941.txt
> Our IPv6 implementation comes with the code to enable this feature,
> but by default it is turned off. My proposal is to enable it by
> default, and give the user a knob in rc.conf to turn it off.

the only drawback is that forward and reverse dns would not be easily
filled. but anyone who relies on a mac address for dns hacking is
asking for trouble; use dhcpv6 or hard code the host's ip address in
/etc/rc.conf.

so i have no problem with the change. thanks for asking.

randy

Steve Bertrand

unread,
Jun 10, 2008, 8:44:08 AM6/10/08
to Randy Bush, freeb...@freebsd.org, Doug Barton, s...@freebsd.org
Randy Bush wrote:
>> To address those privacy concerns RFC 3041 was written, and eventually
>> obsoleted by RFC 4941. ftp://ftp.rfc-editor.org/in-notes/rfc4941.txt
>> Our IPv6 implementation comes with the code to enable this feature,
>> but by default it is turned off. My proposal is to enable it by
>> default, and give the user a knob in rc.conf to turn it off.
>
> the only drawback is that forward and reverse dns would not be easily
> filled. but anyone who relies on a mac address for dns hacking is
> asking for trouble; use dhcpv6 or hard code the host's ip address in
> /etc/rc.conf.

DNS in this context is really of least concern, and there are simple
ways around that as Randy states.

I would think that enabling IPv6 Privacy Extensions by default would
have no worse effect on a host in regards to DNS than a similar
situation with IPv4 Auto Configuration.

> so i have no problem with the change. thanks for asking.

I also support following the specification by default.

Steve

Max Laier

unread,
Jun 10, 2008, 8:52:29 AM6/10/08
to Doug Barton, freeb...@freebsd.org, s...@freebsd.org

All for it. Are you, however, sure that we implement RFC 4941 fully? I
think there are some configuration parameters missing. Also, I seem to
recall that our DAD wasn't quite state-of-the-art, yet. Finally, any
chance I can get you to implement the socket options in RFC 5014, so that
programs have can force a temp/static address if they so choose -
independent of the global setting.

--
/"\ Best regards, | mla...@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News

Rui Paulo

unread,
Jun 10, 2008, 12:01:40 PM6/10/08
to Doug Barton, freeb...@freebsd.org, s...@freebsd.org

+1. I'm okay with it.

Regards,
--
Rui Paulo

Lapo Luchini

unread,
Aug 1, 2008, 5:30:22 AM8/1/08
to freeb...@freebsd.org
Doug Barton wrote:
> The "normal" EUI-64-based address will still be configured, but there
> will also be a random identifier added to the interface as an alias,
> and outgoing traffic will go out from that address.

Be prepared to question about it, though ;-)
http://www.sixxs.net/faq/connectivity/?faq=rfc3041

--
Lapo Luchini - http://lapo.it/

0 new messages