> -----Original Message----- > From: ipv6-boun...@ietf.org [mailto:ipv6-boun...@ietf.org] On Behalf Of > Brian E Carpenter > Sent: Wednesday, March 09, 2011 10:49 AM > To: Mikael Abrahamsson > Cc: ipv6@ietf.org; Ran Atkinson > Subject: Re: draft-gont-6man-managing-privacy-extensions-00.txt > > On 2011-03-10 00:17, Mikael Abrahamsson wrote: > > On Wed, 9 Mar 2011, Ran Atkinson wrote: > > > >> > >> <http://www.ietf.org/internet-drafts/draft-gont-6man-managing- > privacy-extensions-00.txt> > >> > >> > >> I recommend that folks read the above draft. I haven't seen the > >> I-D announcement get cross-posted to the IPv6 WG, perhaps due to > >> the volume of recent I-D postings, and the topic seems relevant. > > > > I don't think it solves what it thinks it solves, but if this REALLY > > should be implemented, it's my initial thinking that the H flag > should > > be a MUST demand to only have ONE and only one MAC-based IPv6 address > > according to EUI64. I would appreciate some reasoning in the draft > why > > this was chosen as a SHOULD option. > > For the reason I just gave against the disable-private flag: this > violates the host's right to use an untraceable address. > > It may be that in corporate deployments, that right can be removed.
Nobody wants it removed in corporate deployments, either. Consider for a moment an IPv6-enabled telephone, on the desk of a Very Important Person at a company, who is calling the CEO of some Itty Bitty Company. And then the CEO calls. Then someone on the acquisition team calls. It hardly matters what they're talking about -- just seeing that traffic with those IPv6 addresses is sufficient to decide to buy (or sell) stock in Itty Bitty Company. We should, instead, look at how a host's privacy address can be reported and recorded, so the network administrator has all the necessary ability to determine which host is using which address now or in the past. This is easily done -- without changing RA. If we don't have IPv6 privacy addresses, we will also soon see NAPT66 (with UDP and TCP port rewriting) in order to achieve the same result as privacy addresses: trying to obfuscate which host is communicating. -d > But removing it for public subscribers would be a political blunder. > > Brian > > > > > I do not like the "disable Privacy"-flag thinking at all and I really > > oppose going with that solution. > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
