No. EUI-64 requires 64 bit host id's. 48 bits is from the MAC. How
would you plan to squeeze blood out of the proverbial turnip?
perhaps going back and reading thomas's message would help dispel this
odd religion.
http://www.ietf.org/mail-archive/web/ipv6/current/msg13461.html
randy
From: TJ
Sent: Thursday, March 03, 2011 9:59 AM
To: huabing yu
Subject: Re: draft-yhb-6man-ra-privacy-flag-01
Questions:
* 2.3(3.1) - Concern over an attacker forcing a host to drop it's active
privacy addresses?
Reply: It is possible, but the threat is not so serious, so don't worry about
Some of my clients operate pretty large enterprise networks.
Within those networks, they want to avoid using the so-called
privacy IPv6 addresses because of requirements (e.g. the US
HIPAA law) to be able to audit their network, including
auditing precisely which devices are present.
IPv6 SLAAC
On Fri, 4 Mar 2011, Sander Steffann wrote:
Hi,
And on that note, let me hereby register my opposition to the adoption of this
draft as a working group item on the grounds that this change is not
sufficiently useful to justify such a late change to the core protocol
specification.
On 04 Mar 2011, at 11:01 , Sander Steffann wrote:
And existing hosts/implementations will ignore the new flag anyway,
so how can an enterprise 'guarantee' that privacy extensions
will not be used?
As with any proposed change/addition to existing IPv6 specs,
implementation support appears
Mikael Abrahamsson wrote:
% The proposed solution doesn't solve the problem described.
Hmm.
IPv6 addresses formed using any MAC address belonging to a given
node (i.e. in modified EUI-64 form per the RFCs) does entirely
meet the user audit needs for the users I am aware of (and
previously
On Fri, 4 Mar 2011, RJ Atkinson wrote:
IPv6 addresses formed using any MAC address belonging to a given node
(i.e. in modified EUI-64 form per the RFCs) does entirely meet the user
audit needs for the users I am aware of (and previously summarised).
And how do you know the host didn't make
- Original Message -
From: Mikael Abrahamsson swm...@swm.pp.se
To: 6MAN ipv6@ietf.org
Sent: Friday, March 04, 2011 5:23 PM
On Fri, 4 Mar 2011, Sander Steffann wrote:
Hi,
And on that note, let me hereby register my opposition to the adoption of
this draft as a working group item on
On 04 Mar 2011, at 13:10 , Mikael Abrahamsson wrote:
SLAAC is by definion host-controlled.
Existing RA flags control whether SLAAC is allowed
or DHCP is required, so this proposal is not a significant
architectural change either to IPv6 or to RA flag use.
Any proposal to the WG might or
On Fri, 4 Mar 2011, RJ Atkinson wrote:
I hope the situation is more clear now. Thanks for your follow-up
questions and comments.
Well, I still oppose it. Either we have SLAAC and then the host is allowed
to choose any address it sees fit, or we don't.
If an organisation wants to disallow
On Fri, 2011-03-04 at 10:32 -0500, RJ Atkinson wrote:
So at least some of my enterprise network clients would be
very interested in seeing a SLAAC flag be created to inform
end systems that the so-called IPv6 privacy addresses
are NOT to be used with a given routing-prefix advertised
via
On Fri, 2011-03-04 at 17:23 +0100, Mikael Abrahamsson wrote:
I also agree. Let's not change RA more than is absolutely needed. The
problem description sounds exactly like what DHCPv6 was designed to solve.
If you need to track what IPs are used at a given time and by whom, SLAAC
is not the
On Fri, 2011-03-04 at 13:55 -0500, RJ Atkinson wrote:
Existing RA flags control whether SLAAC is allowed
or DHCP is required
I don't think they do. They inform the host about whether SLAAC *should*
be done, or whether DHCP *could* be done, but do not *control* the host
in any way.
If a
On Mar 4, 2011, at 10:55 AM, RJ Atkinson wrote:
As with audits of financial records, perfection is not required,
but a certain confidence interval IS desired/required/needed.
It seems to me that proper accounting of which hosts are using what IPv6
addresses is probably better achieved by
On Mar 4, 2011, at 6:03 PM, james woodyatt wrote:
On Mar 4, 2011, at 10:55 AM, RJ Atkinson wrote:
As with audits of financial records, perfection is not required,
but a certain confidence interval IS desired/required/needed.
It seems to me that proper accounting of which hosts are using
I stand corrected.
That said, updating the specs to allow a site to use stateless address
autoconfiguration with prefix lengths other than /64 would almost
certainly require updating both specs.
The stateless autoconfig spec would need to be tweaked to convert the
IID produced by the specific
This could probably all be defined in a way that is an optional
extension to stateless address autoconfig. So it wouldn't necessarily
cause confusion or delay getting IPv6 deployed.
I agree.
Yu Hua bing
IETF IPv6 working
RJ Atkinson wrote:
I'm told that some users already are using implementation-specific
configuration mechanisms (e.g. apparently a MS-Windows Registry
setting) that allow SLAAC, but disallow the privacy extension.
I'm further told that when configured to disable privacy-mode,
such hosts then
RFC4291
Link-Local addresses are for use on a single link. Link-Local
addresses have the following format:
| 10 |
| bits| 54 bits | 64 bits |
+--+-++
|111010|
Date: Fri, 4 Mar 2011 19:10:36 +0100 (CET)
From: Mikael Abrahamsson swm...@swm.pp.se
SLAAC is by definion host-controlled. You use the term audit in a way I
don't really understand (though I am not a native english speaker so I
could very well be wrong).
If you want to be sure who did what
On Sat, 5 Mar 2011, Yu Hua bing wrote:
IPv6 address hand-out (DHCPv6 is the only one I am aware of for IPv6) plus
something that makes sure user can't source any other traffic, such as the
SAVI-WG functionality IP/MAC address verification schemes.
On Mar 4, 2011, at 6:59 PM, Yu Hua bing wrote:
RFC4291
Link-Local addresses are for use on a single link. Link-Local
addresses have the following format:
| 10 |
| bits| 54 bits | 64 bits |
On Fri, 2011-03-04 at 21:42 -0800, Fred Baker wrote:
I have a question: If the front 10 bits of one
IPv6 address is FE80 and the middle 54 bits is
not zero, is it link-local address?
http://tools.ietf.org/html/rfc4291#section-2.5.6
That section contains the exact text that Yu Hua bing
23 matches
Mail list logo
