Subject: Re: random ip_id must be configurable
To: Jun-ichiro itojun Hagino <>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-net
Date: 09/11/2003 14:44:29

>	randomizing IP fragment ID field is independent from attacks against
>	DNS ID field.  therefore the discussion on DNS ID field has nothing
>	with randomizing IP fragment field.

what, then,  is the justification for this change?

>	as long as the default is to use ip_randomid(), i'm okay with having
>	sysctl for it.  (our prefence to ship things secure by default)

Our preference is to Do Things Right. Our preference is for No Code
Before Its Time.  Last time this topic came up, there was a clear
consensus that simply copying OpenBSD was *not* the right thing for

Based solely on the details and discussion available on public NetBSD
to date -- it would seem the correct default is nonrandom IDs.