> I'm saying the reasons people are tempted to disable RFC4941 are misplaced.
+1 Consider that if I want privacy and you won't let me use RFC4941, I might just make up a new MAC address each time I connect. Consider also the effect of unique identifiers on tracking. The MAC address follows you when you roam. By embedding it in the IPv6 address, we are effectively offering a "super cookie" to all web services. Is it really what we want? In addition to privacy issues, displaying the MAC address allows third parties to track hardware purchase, and enables other attacks by providing the data necessary for MAC spoofing. In short, it looked like a great idea at the time... but wasn't. -- Christian Huitema -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
