[ipv6hackers] NetworkManager and privacy in the IPv6 internet

Matej Gregr igregr at fit.vutbr.cz
Sun Dec 6 21:08:51 CET 2015 

Hi Fernando,
  thanks for response. See inline.

>> If I use the same hw and OS, but I switch from network manager to 
>> dhcpcd, the privacy address will be different. If I change a
>> software used for address configuration, it is also a different
>> end-node for you?
> 
> Could you provide a sample case for which you'd want to do that?
> 

I don't want to do that. It can just happen. Last year, Linux kernel was
responsible for IPv6 address configuration on my system. Regular system
update updated my version of dhcpcd and dhcpcd overrode the in-kernel
IPv6 autoconfiguration. Right now, the user space app is responsible for
ipv6 address config. The point is, that changes in address configuration
can happen without an user intervention. My system remains the same.
So a sample case is, that your favorite Linux distribution switches to a
different network-conf package. I will probably see it again, when my
distribution switches from openrc to systemd.

> I can only/mostly think of text-only console vs. full GUI. At which
> point yes, I consider that a different system.
> Besides, if you change that you're more of sys admin than a user.
> 

I don't think you have to be a sysadmin. It can be just a regular update.

> 
> As far as I understand: node=software+hardware.
> 
> If you reinstall the OS, and the OS doesn't care to e.g. keep the
> secret, than that's a different system.
> The software for address generation is part of the OS. For instance,
> much of what network manager does is part of the OS, rather than an "app".

Currently, Linux's in-kernel address configuration is overridden by an
"app" in several distributions. Every app uses a different secret. The
secret is not part of the Linux OS.

>> Don't get mi wrong, I don't have anything against RFC 7217. I am
>> using it on my systems. However, I had an impression from initial
>> design goals that the RFC will help me to simplify address accounting
>> in my network. It didn't happen. That's all.
> 
> It does simplify address accounting. However, RFC7217 is not about
> preventing users from changing the OS (if you allow your users to do
> that, then that's your fault. Or, if they do that, having been notified
> not to do so, then it's your fault if you don't fire them).

I don't have a control over users system and users software. I cannot
forbid them to reinstall or update their OS. However, I have to provide
them an access to a network and have a reasonable way how to account
them. I though that RFC 7217 will simplify our system for address
accounting, but it will not. Apparently because of a different
understanding on what is and what is not stable IID.

M.

More information about the Ipv6hackers mailing list