Re: IPv6 Stable Private Addresses RFC 7217

[Michael Richardson <mcr%sandelman.ca@localhost>]

Greg Troxel <gdt%ir.bbn.com@localhost> wrote:
    >>> It's intended by the IETF to be a replacement.  The address is meant
    >>> to be stable, so you don't need some other stable address for
    >>> receiving connections, the way you would with temporary addresses.
    >>
    >> In that case, enabling it by default would certainly violate POLA.

    > It might, but the automatic MAC-derived addresses can be viewed as a
    > bug (that seems to be how the privacy extensions people view them), and
    > turning them off can be viewed as a bug fix.  I think the key question
    > is whether current IETF standards-track documents say that the RFC7217
    > addresses SHOULD be the default.

The stable private addresses SHOULD be configured on the interface by
default.  The SLAAC addresses MAY be configured on an interface by sysctl,
and I think that for a major release, this shoud be on by default.
Privacy Extensions addresses should also be easily turned on.

The question of which address shoud be used for outgoing connections is
really the question that we are discussing.  I'm not even sure how that is
determined these days.  And the choice of SLAAC, 7217, privacy extensions,
should probably be settable on a per-application and/or per-user basis.
(Probably, on a process session basis)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr%sandelman.ca@localhost  http://www.sandelman.ca/        |   ruby on 
rails    [