On 3/29/2012 6:13 AM, Alex Abrahams wrote: > I'm sorry, but while I agree we have to think outside > the corporate environment, I think we have to think way outside and we > need to remember the kind of reasons why privacy exists, before saying > the privacy extensions are only to keep a few hundred people happy.
I agree that the "few hundred people" thing was grating, and unfortunate. But I think there is still a bit of a misunderstanding about what problem 4941 (and its predecessor) was designed to address. If you're in a corporate environment (at least in most of the western world) you have ZERO expectation of privacy, and should act accordingly. I anticipate that corporate IT departments who are concerned about the problems presented by 4941 addresses are going to disable them as a matter of policy. Period, end of discussion. Also, if you're on a home network, it doesn't matter what the bottom 64 bits are, your network prefix is enough information for the bad guys to use as ICBM targeting coordinates. All that said, the real problem that 4941 was designed to fix was that if you take the same system (think laptop, and now mobile phones, iThing, etc.) and connect it to multiple different networks (as in, the top 64 bits of your address are different) without 4941 or a similar mechanism it is still possible to uniquely identify that host. For that particular part of the problem, 4941 does very nicely, and end-user devices don't (or shouldn't) care what address is being used for their *outbound* connections, as long as their device and its applications handle the situation correctly. hth, Doug -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
