[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
"I guess best idea would be if some (recognised) IPv6 expert spoke up on this topic." Well, Ron Broersma did chime in :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
My enterprise is a large research university in North America. We control University owned machines, but student-owned machines are a different matter. I'm not certain that filtering privacy addresses at the border is sufficient. I'd need to check with our security office, but I suspect we'd also need to block them for internal connections, which means blocking them at the edge. I doubt that all of our network equipment can filter based on specific bits in an IPv6 address. Like many large organizations, we have a large installed base of equipment from multiple vendors on various lifecycles. Some of this equipment is managed centrally, but a significant portion is managed by other units (colleges, departments, etc). I couldn't even begin to guess what percentage of our routers, switches, and firewalls have this sort of filtering ability. We have thousands of networks at the university. It's not practical to install NDPmon on each of them, as much as I might wish it were done. I think if you were to poll the Internet2 IPv6 community, you'd find many similar environments. Let me flip the question around -- how many respondents manage networks at large institutions ? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
I frankly couldn't care less if someone knows my MAC address. The MAC address of the laptop I'm typing on right now is 00:1e:c2:c0:52:e3. What does that get you? Not much. If you're concerned about being tracked across the Internet, your IP address is probably the least of your concerns. Have you read the articles about browser fingerprinting? Even if you disable cookies and don't install Flash, you can still be identified pretty well. I find that much more concerning that someone knowing if I'm on Wifi or wired Ethernet, and the manufacturer of my NIC. Privacy addresses provide no protection against tracking cookies or other spyware. Privacy addresses don't deliver much security (or privacy, frankly), and they make life much harder for enterprise admins. There's a significant difference between chasing down a few power users who enable privacy addresses -vs- having to reconfigure every machine (often manually). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
Erik, the issue isn't access control. It's logging and compliance. If someone uses our network to break the law, we need to be able to identify the responsible person. Privacy addresses are directly at odds with this requirement. Leaving them off by default isn't a 100% solution, but it helps a lot. Defaults matter. Mathieu, why do you assume that enterprises will use DHCPv6? Some might for some of their networks, but it doesn't make sense for all use cases. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
Philipp, That's not what I said (that's what tonfa said in reply to my note). At many higher education institutions, we have policies that we need to know who is using any given IP address at any point in time. Privacy addresses make this much, much harder. Yes, we can disable them on managed machines, but not all machines on our network are managed. For example, student laptops on wireless networks. So, the default setting matters. Microsoft enables privacy addresses by default on Vista and 7, and it is already creating problems for us. I've heard similar complaints from several colleagues at other universities. Frankly, privacy addresses do very little to enhance privacy and create significant headaches for network administrators. Please, leave them disabled by default. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/176125 Title: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 176125] Re: Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr)
RFC 4941, Section 3.6, says that temporary addresses should be disabled by default. Speaking from an enterprise network perspective, I very much do *not* want to see privacy addresses enabled by default, as they can make complying with our network security policies much more difficult. -- Ubuntu should activate the IPv6 privacy extension by default (echo 2 >/proc/sys/net/ipv6/conf/all/use_tempaddr) https://bugs.launchpad.net/bugs/176125 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 158582] Re: ifup will fail if IPv6 has been compiled in the kernel
Malte - your patch seemed to work for me. -- ifup will fail if IPv6 has been compiled in the kernel https://bugs.launchpad.net/bugs/158582 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs