In your previous mail you wrote: Even if the adversary somehow knows there is only one machine per subnet, I think RFC 3041 still enhances privacy. => I agree but I still have two major concerns about RFC 3041: - one could believe the privacy benefits of RFC 3041 are much higher than they are (the I-D/rfc3041bis(*) is very frank about the limitations). - RFC 3041 (or any random IID scheme) makes the "in-prefix" source address spoofing very easy. Perhaps this is not an important issue but IMHO this must be described in the security considerations.
First, it hides the manufacturer of your network card. => if I need this I'll just use the IID ::1... Second, it prevents the adversary from tracking usage of the network card across multiple subnets. This is important for mobile devices. => this is the second case: I tried to make clear this works only when the subnet prefix(es) *and* the interface ID are changed at the same time. Thanks [EMAIL PROTECTED] PS (*): draft-ietf-ipngwg-temp-addresses-v2-00.txt is fine but is expired. IMHO we really need a revision of RFC 3041! -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
