Re: Address privacy (was: Re: RFC4941bis: consequences of many addresses for the network)

[Fernando Gont <fgont@si6networks.com>]

On 26/1/20 13:16, Jared Mauch wrote:
> The systems rotate them away over the course of a week. You may not see 
> this in a environment where you use many different networks. If your 
> network is stable, such as an enterprise you will see this.
> 
> Call it a bug if you want to dismiss the design principle but the 
> privacy folks have it wrong here when you break the user with forced 
> rotation for the sake of a principle that may not apply in an enterprise 
> (you generally have no right to privacy here).

The problem here is not necessarily the rotating addresses (in this 
respect), but the lack of a proper API fo the ssh client to signal the 
lower layers what properties it expects from the address. (local vs 
global? stable vs temporary? etc.) Please see: 
draft-gont-6man-address-usage-recommendations

To some extent, we have produced a lot of features in IPv6 addressing, 
with not much of a means for apps to leverage them. This, at times, 
turns those features into actual problems.

Regarding the number of addresses, I believe that you should be able to 
convey network configuration policy when deemed necessary. As of today, 
this would likely mean "be able to use DHCPv6" on your network. I 
realize that it's quite unfortunate that the religious war between the 
slaac and dhcpv6 camps have prevented you from having that option.

At least some years ago, folks were against conveying policy in slaac, 
as per: draft-gont-6man-managing-slaac-policy.

This, in away, boils down to your only options being anarchy or turning 
stuff off.

Thanks,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont@si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492