[ipv6hackers] Security/Privacy Improvements to stable SLAAC addresses
Fernando Gont
fgont at si6networks.com
Thu Jun 29 06:53:19 CEST 2017
Folks,
It looks like somehow I forgot to send a heads-up to this list regarding
the following:
Earlier this year RFC8064 as published, recommending use of RFC7217 fr
the generation of stable addresses with SLAAC, and recommending
*against* the generation of stable addresses by embedding MAC addresses
in the Interface-ID
At the time of this writing, at least two OSes already ship with RFC7217
enabled by default:
* Fedora
* Mac OS
I've written two articles on this topic for TechTarget, which provide
both background/context info on the topic, and also discuss practical
considerations.
* Part #1:
<http://searchsecurity.techtarget.com/tip/IPv6-update-A-look-at-the-security-and-privacy-improvements>
* Part #2:
<http://searchsecurity.techtarget.com/tip/How-to-use-an-interface-identifier-to-check-for-IPv6-network-updates>
Thanks!
Best regards,
--
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
More information about the Ipv6hackers
mailing list