> > And I would > > observe that the DAD problem cannot be solved ina reliable way. > > Could you please elaborate?
(Moving to the ipv6 mailing list, as this is way too detailed for the main IETF list.) The goal is to use the same address when repeatedly visiting the same network. However, since we are using random numbers, we do not have guarantees that these addresses will not collide. Suppose that two hosts, A and B, want to use the same "colliding" addresses. If A connects first, B will have to use a fallback address. If B connects first, it will be A's turn to use a fallback address. That means that, given collisions, we fundamentally cannot guarantee that "the same host will always have the same address on the same network." Your draft attempts to make the fallback predictable, by incorporating a DAD counter in the seeds of your nominal algorithm. But that means redefining the solution a only a guarantee that "the visiting host will have one of the same 2 or 3 addresses on the visited network." I am not sure it is worth the additional complexity, by opposition to just saying, "in case of collision, pick a new number." By the way, there are many issues relate to privacy and mobility, and I am not sure that we can address them. Suppose that, as an attacker, I want to know the correspondence between a visiting host, identified by a particular MAC address, and the IPv6 address that this host use when "at home." I can somehow get control of a hot spot that the target host will visit. Then I can instruct the hot spot to announce in RA the very same prefix as the target's home network. Voila, the host will start doing DAD with their home network IPv6 address... -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
