[ipv6hackers] RFC7217 in Mac OS? (Fwd: "secured" IPv6 addresses)

Fernando Gont fgont at si6networks.com
Mon Aug 29 16:18:25 CEST 2016


Can anyone confirm that this is the result of implementing RFC7217?

(This would be good news, btw).



-------- Forwarded Message --------
Subject: 	"secured" IPv6 addresses
Date: 	Sun, 28 Aug 2016 20:59:20 +0200
From: 	Iljitsch van Beijnum <iljitsch at muada.com>
To: 	ipv6-dev at lists.apple.com

Hi all,

I've installed the most recent public beta, and I see something interesting:

        ether 40:6c:8f:32:4b:c3         inet6
fe80::8f:b474:a9dc:4174%en4 prefixlen 64 secured scopeid 0x9
inet netmask 0xffffff00 broadcast
        inet6 2001:470:1f15:8b5:df:900f:a6a3:715c prefixlen 64 autoconf
secured         inet6 2001:470:1f15:8b5:f54c:e5dc:fb28:ddca prefixlen 64
autoconf temporary         nd6 options=201<PERFORMNUD,DAD>
        media: autoselect (1000baseT
        status: active

Previously, the link local address as well as the stateless autoconfig
non-temporary address were derived from the Ethernet MAC address. That
is no longer the case, the system now seems to create persistent link
local and stateless autoconfig addresses that are not directly derived
from the MAC address. I believe Windows also does this.

These addresses survive reboots but not a clean reinstall of the system.

I can't find any documentation on how this works, though. Is there an
RFC or something else that describes these secured addresses? How are
they generated?

More information about the Ipv6hackers mailing list