Rate of growth on IPv6 not fast enough?

Jim Burwell jimb at jsbc.cc
Fri Apr 23 05:21:09 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 4/22/2010 22:00, Owen DeLong wrote:
>
> On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 4/22/2010 05:34, Simon Perreault wrote:
>>> On 2010-04-22 07:18, William Herrin wrote:
>>>> On the other hand, I could swear I've seen a draft where the
>>>> PC picks up random unused addresses in the lower 64 for each
>>>> new outbound connection for anonymity purposes.
>>>
>>> That's probably RFC 4941. It's available in pretty much all
>>> operating systems. I don't think there's any IPR issue to be
>>> afraid of.
>>>
>>> Simon
>> I think this is different.  They're talking about using a new
>> IPv6 for each connection.  RFC4941 just changes it over time
>> IIRC.  IMHO that's still pretty good privacy, at least on par
>> with a NATed IPv4 from the outside perspective, especially if you
>> rotated through temporary IPv6s fairly frequently.
>
> 4941 specified changing over time as one possibility.  It does
> allow for per flow or any other host based determination of when it
> needs a new address.
>
> Owen
K.  Can't say I've read the RFC all the way through (skimmed it).
Current implementations do the time thing.  XP, Vista, and 7 seem to
have it turned on by default.  *nix has support via the
"net.ipv6.conf.all.use_tempaddr=2" variable, typically not on by default.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iEYEARECAAYFAkvRLkUACgkQ2fXFxl4S7sQ2YgCg3uSkp1GNxcgjCDVc1jxnDv7s
DtoAniXH8nND7+r6xEFJXGHrRJ77CBkZ
=eSHI
-----END PGP SIGNATURE-----






More information about the NANOG mailing list