Hi, Brian, On 11/28/2012 10:19 AM, Brian E Carpenter wrote: >> 2.1.4. Privacy Extension Addresses > > I think it is better to use the correct terminology from > RFC 4941: "Temporary Addresses". > >> Since MAC addresses for specific >> vendor equipment can be know, it may be easy for a potential attacker >> to perform a more directed intelligent scan to try and ascertain >> specific vendor device reachability for exploitation. Privacy >> extensions attempts to mitigate this threat. > > That is misleading. This mitigation is a side-effect of temporary > addresses; the design motivation was to protect user privacy.
Well, actually, privacy/temporary addresses do not provide any mitigation for address scanning attacks, since they are employed *in addition* to traditional SLAAC addresses. -- e.g., see the appendix in draft-ietf-6man-stable-privacy-addresses Cheers, -- Fernando Gont SI6 Networks e-mail: [email protected] PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 _______________________________________________ OPSEC mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsec
