Mac OS X 10.7, still no DHCPv6

Joe Abley jabley at hopcount.ca
Mon Feb 28 09:04:23 CST 2011


On 2011-02-28, at 09:53, Brian Johnson wrote:

> Can someone explain what exactly the security threat is?

The threat model relates to the ability for a third party to be able to identify what subnets a single device has moved between, which is possible with MAC-embedded IPv6 addresses but not possible with addresses without embedded local identifiers. It's analogous to someone tracking credit card use and being able to infer from the vendor crumbs where an individual has been.

I don't think this has ever been cited as a global, general threat that must be eliminated (just as people are generally happy to use the same credit card as they move around the planet and don't generally stress about the implications). However, I think it's reasonable that it's a concern for some. There is no global, fixed value of "acceptable" when it comes to privacy.


Joe





More information about the NANOG mailing list