John,
I would like the capability to have an interface construct a link-
local
address via some mechanism (EUI-64 from MAC, as an example) as normal,
then configure a privacy address, all without autoconfiguring a
global-scope address from the RA being sent on the subnet (there would
be no valid or preferred global-scope addresses containing the MAC).
This interface would be harder to scan for from off-link, since the
only
valid global-scope address would be a privacy address - no
autoconfigured address embedding FFFE or a small set of OUIs (there
are
probably only a few hundred OUIs really in wide deployment) would be
configured on the interface.
First of all, even with the auto-configured addresses, it still very
hard to do any kind of scanning. The IEEE mac based interface IDs
are very sparse.
I don't think anything new is required to do what you want. A node
can create auto-configured address and privacy addresses. Which
addresses it uses for what purposes is completely under it's
control. It doesn't have to use the auto-configured address for
communication if it doesn't want to. It could only use the privacy
based address if it choose to.
This is not supported today, I do not believe, but I think it would
be a
valuable tool for administrators to have. What is your opinion?
I personally don't think this is very useful, but it is allowed under
the current specifications. Implementors and/or vendor could easily
build in this type of address usage policy if they saw a need or
customer requirement.
Bob
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------