|
This is a retransmission with a source address accepted on this
discussion list. Apologies to those who received it already. If you respond, please use preferably this copy. RD Harald Alvestrand wrote: One approach to achieve it could be ias follows:Mark Andrews skrev:You also don't want to do it as you would also need massive churn in the DNS. - An IPv6 link where some privacy source addresses may be used would have in the DNS a record for a "generic privacy address". - This address would be the /64 of the link followed by an agreed "joker IID" (0:0:0:0 or some other to be agreed on, e.g. FFFF:0:0:0). - Resolvers, if they recognize a privacy remote address, would query the reverse DNS with this "generic privacy address" of the remote link. - They could also do this type of queries after failures of full address queries. Problem: Privacy addresses, as specified today, cannot be distinguished with 100% certainety from addresses obtained with stateful DHCPv6. A proposal would be an addition to the privacy extension spec (rfc 4941). - A variant of privacy addresses would be defined for "dsitinguishable privacy addresses". - These addresses would, for example, have FF00::/8 at the beginning of their IID (no currently specified IPv6 IID begins that way; randomness on 58 bits is good enough). - Then resolvers could recognize such privacy addresses for sure, and could query the reverse DNS with the generic privacy address only when this is appropriate. IMHO, this is a feasible step to reconcile: (1) privacy requirements of individuals; (2) desire to know which site is at the other end where and when such a desire exists. RD |
_______________________________________________ IETF mailing list [email protected] http://www.ietf.org/mailman/listinfo/ietf
