|
|
|
|
|
|
by simoncion
334 days ago
|
|
|
The RFC 4941 problem statement [0] notes that an attacker who can look at outgoing traffic from a network will not be thwarted by "privacy" addresses. The background section of that document goes on to say that "privacy" addresses do little-to-nothing to thwart correlation attempts against client networks that have few hosts on them. IMO, something like what's described in RFC 7217 [1] (changing the interface identifier used for "permanent" addresses from the interface's MAC address to something that mixes in the advertised prefix) is a much better way to address the concerns described in section 2.3 of RFC 4941. [0] <https://datatracker.ietf.org/doc/html/rfc4941#section-1.2> [1] <https://datatracker.ietf.org/doc/html/rfc7217#section-4> |
|
|