On Thu, Jul 13, 2017 at 08:30:55PM -0000, Christian Weisgerber wrote: > On 2017-07-13, Florian Obser <[email protected]> wrote: [...] > > +# Apply soiikey.conf settings. > > +soiikey_conf() { > > + stripcom /etc/soiikey.conf | > > + while read _line; do > > + sysctl -q "net.inet6.ip6.soiikey=$_line" > > + done > > +} > > I think .conf is a strange choice of name for what is not a > configuration file but effectively a private key, cf. > > /etc/{iked,isakmpd}/private/local.key > /etc/ssh/ssh_host_<algorithm>_key >
Ugh, yes, brain fart > > +SOOIs use the whole 64 bit of the host part while SLAAC addresses are > > +formed from MAC addresses and have 48 bits of entropy at most. > > 46 bits. > (The first bit of a MAC address is 0 for unicast addresses, the > second is 0 for "universally administered" addresses, i.e., those > that are uniquely assigned to a device by its manufacturer.) Yes, I know, that's why I used "at most", and yes, you cannot actually reach it. The point is to give the casual reader ball park figures: 128 bit: Yeah, I'm not going to try 64 bit: Probably fine, doesn't cost me any sleep 48 bit: Hmm... 24 bit: Hold my beer and watch this, I can send a million packets with my phone! I'm afraid if we put in 46 people will start to wonder why 46 while they might have heard that a mac is 48 bits. Anyway, I'll try to come up with wording to avoid exact numbers. > > -- > Christian "naddy" Weisgerber [email protected] > -- I'm not entirely sure you are real.
