On 18-Jul-12 08:48, Saku Ytti wrote: > On (2012-07-18 08:37 -0500), Stephen Sprunk wrote: >> There is no need for [RFC2777 verifiability], since your failure to use a >> good source of randomness hurts nobody except yourself. > > I think you're making fact out of opinion. Maybe SP is generating ULAs for > their customers.
Why would they do that? SPs should only be assigning (and routing) GUAs. ULAs are for /local/ use within the customer site, so customers can and should generate their own locally. An SP should never see those addresses and can safely ignore their existence, aside from a generic filter on the entire ULA range. > Maybe this is not practical enough concern, but I'm wondering, what is the > downside? What is the benefit of recommending method which is not > testable/provable. Those were not considered requirements for the algorithm in RFC 4193 since there is no scenario /where RFC 4193 addresses are a valid solution in the first place/ for which testability or provability of the algorithm's results are important or even useful. S -- Stephen Sprunk "God does not play dice." --Albert Einstein CCIE #3723 "God is an inveterate gambler, and He throws the K5SSS dice at every possible opportunity." --Stephen Hawking
smime.p7s
Description: S/MIME Cryptographic Signature