<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Thanks, I didn't think that they'd something that interfered with
AAA. Using a MAC address as authentication seems sort of sketch to
me in the first place.<br>
</p>
<p>Mike<br>
</p>
<div class="moz-cite-prefix">On 3/19/22 4:14 PM, Tom Beecher wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAL9Qcx6pri3DJw9vQZDiK3PbSD4DjhLKtRyeFp-9jZ-=oOHrgA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Primarily
the ability to end-to-end authenticate end devices. The<br>
primary and largest glaring issue is that DHCPv6 from the
client does<br>
not include the MAC address, it includes the (I believe) UUID.<br>
</blockquote>
<div><br>
</div>
<div>DHCPv6 Option 79</div>
<div><br>
</div>
<div><a href="https://datatracker.ietf.org/doc/html/rfc6939"
moz-do-not-send="true" class="moz-txt-link-freetext">https://datatracker.ietf.org/doc/html/rfc6939</a><br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
</blockquote>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sat, Mar 19, 2022 at 6:58
PM Matt Hoppes <<a
href="mailto:mattlists@rivervalleyinternet.net"
moz-do-not-send="true" class="moz-txt-link-freetext">mattlists@rivervalleyinternet.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
<br>
On 3/19/22 6:50 PM, Michael Thomas wrote:<br>
> <br>
> On 3/19/22 3:47 PM, Matt Hoppes wrote:<br>
>> It has "features" which are at a minimum problematic
and at a maximum <br>
>> show stoppers for network operators.<br>
>><br>
>> IPv6 seems like it was designed to be a private
network communication <br>
>> stack, and how an ISP would use and distribute it was
a second though.<br>
> <br>
> What might those be? And it doesn't seem to be a show
stopper for a lot <br>
> of very large carriers.<br>
<br>
Primarily the ability to end-to-end authenticate end devices.
The <br>
primary and largest glaring issue is that DHCPv6 from the
client does <br>
not include the MAC address, it includes the (I believe) UUID.<br>
<br>
We have to sniff the packets to figure out the MAC so that we
can <br>
authenticate the client and/or assign an IP address to the
client properly.<br>
<br>
It depends how you're managing the network. If you're running
PPPoE you <br>
can encapsulate in that. But PPPoE is very 1990 and has its
own set of <br>
problems. For those running encapsulated traffic,
authentication to the <br>
modem MAC via DHCP that becomes broken. And thus far, I have
not seen a <br>
solution offered to it.<br>
<br>
<br>
Secondly - and less importantly to deployment, IPv6 also
provides a <br>
layer of problematic tracking for advertisers. Where as
before many <br>
devices were behind a PAT, now every device has a unique ID --
probably <br>
for the life of the device. Marketers can now pinpoint down
not just to <br>
an IP address that identifies a single NAT interface, but each
<br>
individual device. This is problematic from a data collection
standpoint.<br>
<br>
</blockquote>
</div>
</blockquote>
</body>
</html>