On Thu, 10 Mar 2011 07:41:48 +1300 Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
> On 2011-03-09 22:18, Mark Smith wrote: > ... > > I think you'll be more successful at achieving your fundamental goal by > > observing and recording their IPv6 address use rather than trying to > > control it with mechanisms they have the ability to disable. > > Since we defined privacy addresses specifically so that individual > hosts could reduce their traceability, it seems very controversial > to do anything that harms that ability. > > We did this, people will recall, as a direct result of public concern > about traceability based on CPU serial numbers and/or MAC addresses. > > That refers to traceability on the open Internet, not traceability > on the LAN. So indeed, as Mark says, this can be solved locally > by MAC logging (from DHCP or ND). That will not remove the ability > to use privacy addresses beyond the LAN. > Actually, one of the reasons I've been thinking about this "ND logging" recently, before these privacy proposals came up, is because of the criticisms about both stateless and stateful addressing methods existing in IPv6. The common argument from the "stateful-only crowd" seems to be that they need to have a log of IPv6 address/MAC addresses for audit purposes, and therefore think they need to have stateful, database driven addressing to do that, probably because that is how it has been done in IPv4. I've thought that SLAAC with more detailed ND state logging, triggered by NUD state changes, would provide them with what they need, without requiring the additional software infrastructure and state maintenance that stateful DHCPv6 addressing involves. Although stateful DHCPv6 clients are becoming far more widely available, all IPv6 end-nodes are at minimum going to support SLAAC. Regards, Mark. -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------