[ipv6hackers] Security/Privacy Improvements to stable SLAAC addresses

Fernando Gont fgont at si6networks.com
Thu Jun 29 06:53:19 CEST 2017


It looks like somehow I forgot to send a heads-up to this list regarding
the following:

Earlier this year RFC8064 as published, recommending use of RFC7217 fr
the generation of stable addresses with SLAAC, and recommending
*against* the generation of stable addresses by embedding MAC addresses
in the Interface-ID

At the time of this writing, at least two OSes already ship with RFC7217
enabled by default:

* Fedora
* Mac OS

I've written two articles on this topic for TechTarget, which provide
both background/context info on the topic, and also discuss practical

* Part #1:

* Part #2:


Best regards,
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

More information about the Ipv6hackers mailing list