Hi Tim, >Can you clarify, succinctly, what your proposal adds that you cannot achieve by a combination of http://datatracker.ietf.org/doc/draft-ietf-6man-stable-privacy-addresses/ and RFC4941?
I do not want to open up the old discussion here again. If you use RFC 4941 or in other word you enable the current implementations of RFC 4941 with any other documents, you did not address the problems explained in my draft about RFC 4941. You just used the current implementations with their current problems. The reason that I wrote this draft was that the "stable addresses" wanted to keep its IID within the same network and not assign several IIDs within the same networks, in contrary with RFC 4941. In my opinion, there is problems of leakage of users' private information such as bank accounts, names, pictures, etc during the time that the node has the same IID. This problem is more remarkable when the time the node is in the same network for a long time or permanently. RFC 4941 could better handle the privacy consideration but It also has some problems such as: - still the IID generated based on the MAC might be valid - cutting the connections to other nodes when the lifetime of the IID is expired. -etc >It seems a key point is that 4941 "only" says SHOULD for the IID regeneration when the prefix changes. Yet afaics all implementations do this? Yes because many of them did not choose the best option for IID generation and there might be a correlation between their generated IID which helps the attacker understand this is the same node. Thanks, Hosnieh -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
