Brian Carpenter writes:
> On 2012-03-27 20:33, Brian Haberman wrote:
> ...
> >
> > A. Prefer public addresses over privacy addresses
> >
> > B. Prefer privacy addresses over public addresses
>
> In terms of a general default in shipped IPv6 stacks, I prefer B, but it has
> to be qualified:
>
> There MUST be a user option to change this preference.
That wording would be confusing, as there's a distinction between an
(unprivileged) user and a (privileged) admin. It would be a security
vulnerability if an unprivileged user could change a system-wide setting.
> There SHOULD be a network manager option to change this preference.
Similarly, the term "network manager" is also confusing. It would be a
security vulnerability
if an untrusted user on the network could change a system-wide setting locally.
> The rationale for this is that we need privacy by default in shipped
> products, with the
> ability for the person deploying the product to override this.
I (and I gather from the +1's that many others) agree with having a config knob
to
reverse the preference. The doc already has text about that on a *per-app*
basis,
but not system-wide. The wording I propose to add is:
"There SHOULD be an administrative option to change this preference, if the
implementation supports privacy addresses. If there is no such option,
there
MUST be an administrative option to disable privacy addresses."
-Dave
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
