On 1/27/26 01:05, Pouria Mousavizadeh Tehrani wrote:
Hi everyone,
Hi!
With `net.inet6.ip6.use_stableaddr` now available, I believe we should
enable it by default in CURRENT at least.
As you may already know, we currently use the EUI64 method for
generating stable IPv6 addresses, which has serious privacy issues.
IMHO, trying to maintain backward compatibility defeats the purpose of a
privacy RFC.
To be clear, we don't want to change the ip addresses of existing
servers. However, it's reasonable for users to expect changes during a
major upgrade (15 -> 16), a fresh install of a new major release, or
living on CURRENT.
So, for obvious reasons, changing the default value would not be MFCed.
What do you think?
I'm happy my contribution spurred this kind of interest.
I would like to enable it by default on head, but I'd rather have a good
consensus on this before actually doing it.
it has already been noted that this shouldn't be a big problem for
servers, which usually get manually assigned addresses for various
reasons, so I would not worry much about that scenario.
So I'm obviously in favor of this proposal.
BTW I'm also proposing MFCing this to stable/15 [1]. But the feature
would remain off by default there. If any source committer would feel
like approving me committing this MFC it would really be appreciated.
(I don't have a src commit bit, and, as far as I understand our rules, I
need explicit approval to commit any change there)
[1] https://reviews.freebsd.org/D54382
--
Guido Falsi <[email protected]>
