Rémi Després wrote:
My desire to have privacy is, in itself, something I may want to keep
private.
I am not sure I see the practical consequences.
If my source address says "I am someone but you will not know who I
am", isn't this sufficient?
You're not thinking this through.
Think of the case where there are 1000 users on a LAN, and one of them
desires to use the address privacy option for all the normal reasons.
Then think about the policeman / bad guy / secret agent / mafioso with a
trace of all traffic from that LAN - he can immediately say that the 999
were using non-privacy-enhanced addresses, and the resulting trace will
show him immediately what the 1000th was up to, no matter how many times
he changed his address.
If what you want to know is indeed "which site is at the other end",
wildcards at the /64 level will achieve that with no changes to
existing code.
I am not familiar enough with wildcard operation in the DNS.
If it provides for queries that concern only site prefixes, then you
are right: no need for an agreed "wildcard IID".
The result is the same with existing mechanisms, which is clearly better.
Read RFC 1034 - or perhaps better, RFC 4592. They've been around for a
while (although their behaviour still surprises many).
Harald
_______________________________________________
IETF mailing list
IETF(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf