On Thu, 13 Jun 2002, Alain Durand wrote: > On Wednesday, June 12, 2002, at 01:13 PM, Thomas Narten wrote: > > > The default-addr-select document isn't mandating the use of temporary > > addresses. So what is being requested here is that *if* temporary > > addresses have been implemented and are being used, *then* give them > > preference over public addresses. > > The problem I have with this is, if I decide to implement temporary > addresses to enable something like Netscape to use it, with the IESG > suggestion, I will also have to revisit at the same time rlogin and many > other applications that rather like to use permanent addresses. [...]
I cannot see anything application-specific at least in the above quote from Thomas. I expect using temporary addresses would be a system-level toggle which might be fine-tunable via some API. ... The user can always shoot himself in the foot. If there are concerns (most of them valid, I think) with applications not working properly with temporary addresses this should result in something equivalent to: 1) temporary addresses SHOULD(/MUST) be off by default 2) develop a better mechanism for privacy, temp-addr v2 (v3? :-) or describe the issues with applications and how to avoid them 3) revisit decision 1) when 2) is analyzed and/or implemented IMO, "temporary addresses" should only be randomized when: 1) (re)starting the OS, or 2) when there are no open sockets (basically 1), or 3) manually requested (users would be dissatisfied if they couldn't shoot themselves in the foot) In consequence, I think in many cases, a sufficient amount of privacy would be gained in client systems without all that many drawbacks. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
