On Thu, Aug 29, 2002 at 10:10:32PM +0300, Pekka Savola wrote: > On Thu, 29 Aug 2002, Steve Deering wrote: > > This issue was addressed a *long* time ago -- please see > > http://playground.sun.com/ipv6/specs/ipv6-address-privacy.html > > from November of 1999. Your source has either a very shallow > > or out-of-date understanding of IPv6, or some reason to want to > > propagate misinformation. Thanks for checking here. > > Only parts of "this issue" were properly fixed. Indeed, some (mostly > related to user tracking) seem to be unfixable. > > Thanks for checking the rfc3041 considered harmful draft.
Interesting read. A few points -- The idea that attackers could use privacy addresses to obscure the source of attacks is interesting, but that's really an artifact of the /64 prefix per link; conversely, uRPF checks should be enough to quickly locate an administrative contact for the site in question at least -- spoofed packets are a problem when you cannot identify the source at all. It would be nice to see CPE routers perhaps track ethernet addresses and map privacy addresses to local interfaces and log that information to a local host for perusal later during a security incident analysis, but otherwise I don't see how 3041 isn't an adequate answer to the specific problem of "privacy in IPv6 as related to using EUI-64", not the wider problem of "general privacy in IPv6." That's a much harder problem to solve. -- David Terrell | "... a grandiose, wasteful drug war that will never [EMAIL PROTECTED] | be won as long as so many Americans need to Nebcorp Prime Minister | anesthetize themselves to get through the day." http://wwn.nebcorp.com/ | -Camille Paglia -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
