Hi Fernando, since I got confused on the discussion in the plenary this morning: I think we have to consider that having a temporary address like defined in RFC 4941 does not prevent from or even mitigates the scanning problem mentioned this morning in discussion. Scanning MAC-address derived addresses on hosts using privacy extension keeps possible and feasible since the privacy address is only an additional address. The address derived by the MAC address is still reachable and a valid address (like a have just tested on my macbook just to be sure). Thus it is still possible to scan an IPv6 network by iterating over the changing 24 bits.
So I don't agree with the sentence: "Clearly, temporary addresses can help reduce the attack exposure window, since the lifetime of each IPv6 address is reduced when compared to that of addresses generated with the method specified in this document." in draft-gont-6man-stable-privacy-addresses-00.txt. The only goal achieved by using a temporary address (_and_ using it) is privacy in that way, a website, or any other third party service, cannot track a user also in case of prefix changes. In my opinion there is no security related reason to use privacy extension. Cheers, Dominik On Tue, Mar 27, 2012 at 14:57, Fernando Gont <fg...@si6networks.com> wrote: > Folks, > > I think that one error in which we have incurred at least in the couple > of years (myself included) is that we focus our discussion on > "mac-derived addresses vs privacy addresses" when the question should > really be about "stable addresses vs. temporary addresses". > > Clearly, we don't want any privacy issues (whether temporary or not), > and we should do something such that all addresses do not have any > privacy issues. (FWIW, this > <http://tools.ietf.org/html/draft-gont-6man-stable-privacy-addresses> is > my proposal to tackle the problem of the privacy issues arising from our > current "stable" mac-derived addresses). > > It is also clear that some folks may be arguing in favor of temporary > addresses (RFC 4941) for the wrong reasons (albeit understandable): > because we lack of stable addresses that do not have privacy issues. > > So I tend to think that our debate should probably be about "stable vs. > temporary addresses", but our discussion is kind of blinded by the fact > that we currently only have "stable but privacy-harmful addresses" on > one hand, and "temporary and privacy-improved addresses" on the other. > > *This* fact is what has turned our discussion into being about "public > versus privacy address", when it shouldn't: privacy should never be > compromised. > > Thanks, > -- > Fernando Gont > SI6 Networks > e-mail: fg...@si6networks.com > PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 > > > > -------------------------------------------------------------------- > IETF IPv6 working group mailing list > ipv6@ietf.org > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------