On Fri, 20 Apr 2012, Fernando Gont wrote:
Hi, Mohacsi,
On 04/20/2012 10:09 AM, Mohacsi Janos wrote:
I support to have a semi stable private address. But very much
against the idea of replacing EUI-64 addresses.
You mean "against replacing addresses embedding IEEE identifiers"?
yes.
The client application
based on the policy should pick pivate or EUI-64 addresses.
Just curious: Is there a specific use case for IEEE-derived addresses
that cannot be satisfied with draft-gont-6man-stable-privacy-addresses?
The existing implementations. The most important factor of introduction of
new standards to interoperate the existing ones. I think this
should be documented in your draft. Furthermore there are
several firewalls and monitoring tools which is generating warning in case
of IEEE-derived address and MAC mismatch. This has to be investigated and
documented in the draft.
Note: - Nothing stops me to pick MAC addresses from no longer existing
vendor e.g DEC
Why would you want to do it?
I think the proper implementation of RFC 3041 or/and 4941 can solve your
problem
I don't follow. RFC 4941 generates addresses in addition to the stable
ones, so.. how could they possibly fix the scanning problem?
I think the stablity/network supervisor ability to track devices is enough
justification for stable privacy addresses. Scanning is not so important.
I know there are several new techniques - I am warning about the possible
methods for several years in my presentations.
http://www2.garr.it/conf_05_slides/j_mohacsi-IPv6_sec.pdf
Best Regards,
Janos Mohacsi
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: [email protected]
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
