On 3/27/2012 2:43 PM, Karl Auer wrote: > On Tue, 2012-03-27 at 21:05 +0200, Ray Hunter wrote: >> IMHO the proper *default* behavior is still "off" = option A. In other >> words, default = IPv4-like behavior, at least until we really figure >> out how to operate all of these fancy new features of IPv6. > > The question is not whether the use of privacy addresses (temporary > addresses) should be enabled by default. Though some OSes do that, I > believe. > > The question is, where a host *does* have both a temporary and a > non-temporary addresses, which one it should prefer by default. "Prefer > by default" in this case means "select as the source address for new > outbound connections in the absence of specific instructions to do > otherwise".
Thanks for clarifying this Karl, I thought I was confused about the question when I saw the answers that people were giving. :) FWIW, my personal preference is for 4941 addresses *both* on by default, *and* chosen first by default. But I definitely think that if 4941 addresses are enabled, they should be used by default. (So, my answer to Brian H's question is B.) Longer, but hopefully useful answer from an implementor ... Some time ago I looked at changing the default for both on FreeBSD to "On" with the thinking that if it's good enough for Uncle Bill, it's good enough for us. (Well, really with the thinking that it would be the right thing to do, help protect FreeBSD users' privacy, etc.) I even floated a trial-balloon about making the change, and got generally positive responses. Eventually I lost interest because of a non-zero number of replies to the effect that "The RFC says use should be off by default, so we shouldn't enable it by default." Given that I only have so much time to push so many rocks up so many hills, I took a different approach. Rather than enabling it by default, I made it much easier to enable at all by adding a knob to the default rc.conf file: ipv6_privacy="NO" # Use privacy address on RA-receiving IFs (RFC 4941) When implementing the guts to make that knob effective I turned on both the sysctls to create the addresses, and to prefer them, without giving users a knob to turn off the latter. That was 2 years ago in HEAD (our bleeding edge development branch) and no one has ever complained. That knob shipped in our 9.0-RELEASE (January 2012). Regarding the topic of privacy generally, I agree with the sentiments that just because we're losing the war doesn't mean that we shouldn't fight the battles that we can. However, if you want to get really depressed about browser privacy, take a look at these 2 sites. The first one is sort of scary, the second one should really terrify you: http://www.b2knet.com/ https://panopticlick.eff.org/ Regarding the second one, I am ULTRA paranoid about my browser privacy ... I have numerous firefox plugins to enhance it, including cookies off by default and selectively enabled with CookieMonster, super-tight whitelist settings for RequestPolicy, BetterPrivacy, wipe out everything when the browser exits, etc. And I still get the result that my fingerprint is unique (out of over 2 million users). and so it goes, Doug -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
