The document currently says: > 5.7.3. Privacy Extensions for Address Configuration in IPv6 - RFC 4941 > > Privacy Extensions for Stateless Address Autoconfiguration [RFC4941] > SHOULD be supported. It is recommended that this behavior be > configurable on a connection basis within each application when > available. It is noted that a number of applications do not work > with addresses generated with this method, while other applications > work quite well with them.
IMO, additional context is needed. As 4941 itself states, RFC 4941 is only useful for mobile devices -- devices that actually move around within the network. Servers generally do not do that. Plus, servers are by definition visible (so folk can access them). Thus, in the case of servers, a blanket SHOULD is not appropriate. I'd like to propose the following replacement text: Privacy Extensions for Stateless Address Autoconfiguration [RFC4941] addresses a specific problem involving a mobile device that regularly changes its point of attachment to the Internet. When using Stateless Address Autoconfiguration [RFC 4862], the Interface Identifier portion of formed addresses stays constant and is globally unique. Thus, although a node's global IPv6 address will change as it changes its point of attachment, the Interface Identifier portion of those addresses remain the same, making it possible for servers to track the location of an individual device as it moves around. This may raise privacy concerns as described in [RFC 4862]. That said, the problem addressed by Privacy Extensions only happen when a device regularly changes its point of attachment (i.e., for mobile devices) and where the mobile device is associated with a single (or small number) of users In such sitatuations, privacy may be a concern and RFC4941 SHOULD be implemented. In other cases, RFC4941 provides limited or no benefit. In particular, RFC4941 provide little benefit to servers. Note also that I propose dropping: It is recommended that this behavior be configurable on a connection basis within each application when available. It is noted that a number of applications do not work with addresses generated with this method, while other applications work quite well with them. The above recommendation is not in RFC 4941, and I do not believe it is appropriate for an AS to be adding a requirement that 4941 itself does not mention. Comments? Thomas -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
