[ipv6hackers] Fwd: Re: macos Sierra with CGA address?

Fernando Gont fgont at si6networks.com
Thu Dec 15 00:04:50 CET 2016


Can anyone with MacOs Sierra verify this? (please see below)

Best regards,

-------- Forwarded Message --------
Subject: Re: macos Sierra with CGA address?
To: Tim Chown <Tim.Chown at jisc.ac.uk>, Jeroen Massar <jeroen at massar.ch>
References: <f46f5f7b-70ba-35b6-06b6-b75f03dee460 at hznet.de>
<e9ecb763-2e58-258b-6e3b-4e66b1bda629 at massar.ch>
<2BAEFBF2-A68E-48E5-9D44-79EB64F2ACCA at jisc.ac.uk>
Cc: ipv6-ops at lists.cluenet.de <ipv6-ops at lists.cluenet.de>
From: Fernando Gont <fernando at gont.com.ar>
Message-ID: <12b61a26-4097-68b6-4e0c-55a626ddde8b at gont.com.ar>
Date: Wed, 14 Dec 2016 19:42:07 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
MIME-Version: 1.0
In-Reply-To: <2BAEFBF2-A68E-48E5-9D44-79EB64F2ACCA at jisc.ac.uk>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

On 12/14/2016 08:31 AM, Tim Chown wrote:
> Hi,
>> On 14 Dec 2016, at 11:08, Jeroen Massar <jeroen at massar.ch> wrote:
>> On 2016-12-14 11:55, Holger Zuleger wrote:
>>> Hi,
>>> I just realized that the permanent interface identifier of my MAC has
>>> changed after upgrading to OS 10.12 (I guess).
>>> The output of ifconfig shows a new "secured" flag at the permanent address.
>>> $ ifconfig en0 | grep inet6 | \
>>>>      sed "s/2[^:]*:[^:]*:[^:]*:[^:]*:/<prfx48>:/"
>>> inet6 fe80::c54:6333:ac12:c67b%en0 prefixlen 64 secured scopeid 0x4
>>> inet6 <prfx48>:20e3:84f6:6794:5ace prefixlen 64 autoconf secured
>>> inet6 <prfx48>:8822:a8a3:b6ec:a79b prefixlen 64 autoconf temporary
>>> I found two or three posts in the internet, all mentioning (or hoping)
>>> that this is related to a change to RFC7217 as default IID mechanism.
>>> But one guy sad, that the source code (of 10.11) shows, that this is a
>>> cryptographic generated interface identifier for SeND (RFC3971).
>>> I tend to believe that the latter is true.
>> Seeing how Apple implemented things like "Happy Eyeballs" it likely is
>> neither. And in the case of "Happy Eyeballs" there is no way to turn it
>> off either. Filing radar bugs clearly does not help as they never get
>> addressed or marked as 'dupe' at which point you do not know the status
>> of the 'original' problem and well, nothing happens...
> Interesting - I’d also assumed the new form of address was RFC 7217 support. I don’t think any other common OS implements SeND, does it?

Can anyone verify that:

1) As you disconnect and subsequently reconnect to the same network, the
address is formed with the same IID?

2) When multiple prefixes ad advertised on the same network, each
resulting address (for each different prefix) employs a different IID?

3) If multiple interfaces (NICs) are connected to the same subnet, each
obtains a different address, plus "1)" and "2)" above are true?


Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1

More information about the Ipv6hackers mailing list