On 2011-03-10 10:11, Mark Smith wrote:
> On Thu, 10 Mar 2011 07:41:48 +1300
> Brian E Carpenter <brian.e.carpen...@gmail.com> wrote:
>
>> On 2011-03-09 22:18, Mark Smith wrote:
>> ...
>>> I think you'll be more successful at achieving your fundamental goal by
>>> observing and recording their IPv6 address use rather than trying to
>>> control it with mechanisms they have the ability to disable.
>> Since we defined privacy addresses specifically so that individual
>> hosts could reduce their traceability, it seems very controversial
>> to do anything that harms that ability.
>>
>> We did this, people will recall, as a direct result of public concern
>> about traceability based on CPU serial numbers and/or MAC addresses.
>>
>> That refers to traceability on the open Internet, not traceability
>> on the LAN. So indeed, as Mark says, this can be solved locally
>> by MAC logging (from DHCP or ND). That will not remove the ability
>> to use privacy addresses beyond the LAN.
>>
>
> Actually, one of the reasons I've been thinking about this "ND logging"
> recently, before these privacy proposals came up, is because of the
> criticisms about both stateless and stateful addressing methods
> existing in IPv6.
>
> The common argument from the "stateful-only crowd" seems to be that
> they need to have a log of IPv6 address/MAC addresses for audit
> purposes, and therefore think they need to have stateful, database
> driven addressing to do that, probably because that is how it has
> been done in IPv4. I've thought that SLAAC with more detailed ND state
> logging, triggered by NUD state changes, would provide them with what
> they need, without requiring the additional software infrastructure and
> state maintenance that stateful DHCPv6 addressing involves. Although
> stateful DHCPv6 clients are becoming far more widely available, all
> IPv6 end-nodes are at minimum going to support SLAAC.
Not to mention that such a logging mechanism will detect any hosts that
are misbehaving by simply giving themselves arbitrary addresses, which as
far as I can see can't be prevented in the general case.
Brian
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
