Bug#1007150: ifupdown: for IPv6 drop RFC4291 EUI-64 generation in favor of RFC7217 stable privacy addressing

[Santiago Ruano Rincón]

Hi,

El 26/01/23 a las 13:34, Martin-Éric Racine escribió:
> Package: ifupdown
> Version: 0.8.41
> Followup-For: Bug #1007150
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Greetings,
> 
> Any progress on this?
> 

None for the moment. But thanks for the ping. I acknowledge this is an
important bug.

I see what I can do ASAP.

Cheers,

 -- Santiago


signature.asc
Description: PGP signature

Bug#1007150: ifupdown: for IPv6 drop RFC4291 EUI-64 generation in favor of RFC7217 stable privacy addressing

[Martin-Éric Racine]

Package: ifupdown
Version: 0.8.41
Followup-For: Bug #1007150

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Greetings,

Any progress on this?

Martin-Éric

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmPSZTUACgkQrh+Cd8S0
17Z8vQ//aToLt6QNZt/Lpu+rViZ9XBSzpu6Jqi9GXIVEtnCLCnK1WuRJxyF6AEK0
v5r2+fl6nEAH/IlRPSNFBnJh0ywjqvBtVT0e3gLuy30cmIstY29TGyEd76fpuxyY
9CxfDToH/rjWu9vbiIBHtsbkg2suu56DPJbJggEatpzAShzG84i4/veZtCCMCpz7
RazIrD/O0UcUD63+a1BwSkLgl86WxWH0uvgVoFaW0ii47OtP6/k9aoy144YU0dka
wUjCgl6+tV1yInfwrebArFN6rIcTx3HfRxYwpIf8pKnjbb0V8KuIknAs/PmmvAku
tTmv/qYlCTbYd8I6c0Hl5waD5AWJY1AING3tbsvbEooAoVgqkhvnauuUoITZWsg1
xQ7M2FwrHN10uoFID1FcWI5f9TAa+tZt/qh4WJHZlvO8HCf9UQXFPqlsmdgQIuub
EcFXbbYyyFGCOktR4bXXxB094bE8wYzHzxwEcdpkg3bZWPU+nS7Q+oPzmptsp1qY
zvdazBMaDJX5zfkpShiKO0aa1xtL7ILEYfOh9MnirF6MASiNtI5Bzq5rv36dYnCS
DhZmM3LtZHG9tG6cEGRY2IKYohU8h9zURyvzU3+nkVInlRmQasIARbqmD5FHpHs9
BcL1IWaikmkuxJKEkV2jOq4cUYXbVcBMQIpxkXghFwmxKYBo5ew=
=CmNm
-END PGP SIGNATURE-

Bug#1007150: ifupdown: for IPv6 drop RFC4291 EUI-64 generation in favor of RFC7217 stable privacy addressing

[Martin-Éric Racine]

Package: ifupdown
Version: 0.8.36
Severity: important
Tags: ipv6

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On IPv6-enabled hosts, ifupdown generates an EUI-64 address for the interface. 
This is a major privacy issue, because EUI-64 can be reverse-mapped to a 
specific MAC address and therefore to a specific physical host. Setting 
privext=2 doesn't solve the issue, since it merely makes the kernel prefer the 
privacy address.

RFC4291 EUI-64 generation is deprecated. What's instead favored is RFC7217 
stable privacy addressing. It would be a good idea for ifupdown to implement 
this. The current upstream for dhcpcd (not yet packaged for Debian, but waiting 
in Mentors) contains a good implementation of this RFC.

- -- System Information:
Debian Release: 11.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-12-amd64 (SMP w/8 CPU threads)
Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ifupdown depends on:
ii  adduser   3.118
ii  iproute2  5.10.0-4
ii  libc6 2.31-13+deb11u2
ii  lsb-base  11.1.0

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.4.1-2.3

Versions of packages ifupdown suggests:
ii  ppp 2.4.9-1+1
pn  rdnssd  

- -- no debconf information

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmIsTSIACgkQrh+Cd8S0
17bMmhAArd5O0KO79zlKbLb9KJw8Jg+YSpRLnYVMVDWl3j1lDq2o1CKmw2cL5T/B
NmMXJ+9FvZQpGyibldXssMVFfkcDOUhyc4AkNhdvXfmap2YY8mpvdaerZF5jec89
BuYe04tvRmMUJylN0ABdu1mOFSUAGdRzLz2Bspcc3sSVRqrAFCejFi5cUaW7lLDF
zuZNvVOLu/fMhOyeHF11DGfv8xLr9q6hNYg2SNhrSWLcUc1+ax2xiYCa2E2JX3Od
S/efxI2oGwSGpbRZWlm1nHKQCHmay88A4GVARBRzGQno+yuiUuQW7hsqhmEO6HH1
AQ1qBCbFacsrO9duHmhohUBRDGnkdMH2CKak2fdJoP2NogliNF0KHlfI29hUBp2c
7L1rQ0UNMtrozm3bIILOWS1wNqWtc5Zs+Rri520R0japILCgTw6oKof59Sv258un
q6XmwUPsuq48A3CvDBwqITfIO3i+moIUZtZrDNCP9qdzQE4aLPun8woFzUncXsTg
0A2X1oYy3VQoOLCWQ9FEvYegvGR/k3Ntezx/jqGH8bzMy7/wugf4T4gya8Zcln5f
Nec3A/RnD9ZS7qVRpv8lLUHpsM9cjm/7mIAtyUdXCJ/DKnErjSNTrAtbYCMS8v4c
EOV9OB6V+DoL3OtgBV8Ls4lJsd6rzvcF4SuiX4iv9mjNvZtHpiw=
=jMxm
-END PGP SIGNATURE-