Hi, SM,
On 04/22/2013 12:53 PM, SM wrote:
From Section 1:
'The "Privacy Extensions for Stateless Address Autoconfiguration in
IPv6" [RFC4941] were introduced to complicate the task of
eavesdroppers and other information collectors to correlate the
activities of a node, and basically result in temporary (and random)
Interface Identifiers that are typically more difficult to leverage
than those based on IEEE identifiers.'
There are some warnings in RFC 4941 about correlation. I don't see any
notes about that in this draft.
PLease see the Appendix.
My reading of this proposal is that it
is to mitigate address scanning. I could not find any guidance on
whether to use RFC 4941 or this draft for "privacy addresses".
Privacy addresses are employed in addition to traditional SLAAC
addresses -- hence they don't mitigate address scanning. FWIW, this is
all discussed in the I-D.
"Implementations conforming to this specification SHOULD provide the
means for a system administrator to enable or disable the use of this
algorithm for generating Interface Identifiers."
If the implementation does not provide the means for the administrator
to enable or disable the use of the algorithm, does it conform to this
specification?
It'd be "conditionally-compliant", but not fully-compliant.
Thanks,
--
Fernando Gont
SI6 Networks
e-mail: fgont(_at_)si6networks(_dot_)com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492