IETF Logo Mail Archive

addrsel: privacy addresses within/out of a site

Pekka Savola <pekkas@netcore.fi> Mon, 03 January 2011 09:49 UTC

Return-Path: <pekkas@netcore.fi>
X-Original-To: ipv6@core3.amsl.com
Delivered-To: ipv6@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8F6B428C105 for <ipv6@core3.amsl.com>; Mon, 3 Jan 2011 01:49:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA4UY+J5D-IF for <ipv6@core3.amsl.com>; Mon, 3 Jan 2011 01:49:34 -0800 (PST)
Received: from netcore.fi (eunet-gw.ipv6.netcore.fi [IPv6:2001:670:86:3001::1]) by core3.amsl.com (Postfix) with ESMTP id 1AEE628C103 for <ipv6@ietf.org>; Mon, 3 Jan 2011 01:49:33 -0800 (PST)
Received: from netcore.fi (localhost [127.0.0.1]) by netcore.fi (8.13.8/8.13.8) with ESMTP id p039pckd023835 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ipv6@ietf.org>; Mon, 3 Jan 2011 11:51:38 +0200
Received: from localhost (pekkas@localhost) by netcore.fi (8.13.8/8.13.8/Submit) with ESMTP id p039pcue023831 for <ipv6@ietf.org>; Mon, 3 Jan 2011 11:51:38 +0200
Date: Mon, 03 Jan 2011 11:51:38 +0200
From: Pekka Savola <pekkas@netcore.fi>
To: ipv6@ietf.org
Subject: addrsel: privacy addresses within/out of a site
Message-ID: <alpine.LRH.2.02.1101031151250.23654@netcore.fi>
User-Agent: Alpine 2.02 (LRH 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Virus-Scanned: clamav-milter 0.96.5 at otso.netcore.fi
X-Virus-Status: Clean
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Jan 2011 09:49:35 -0000

Hi,

Operational input: when discussing the use of RFC4941 (privacy) addresses with 
our LAN/workstation admins, it seemed as if there would be great benefit from 
being able to specify an RFC3484 rule which would in essence say:

"do not use privacy addresses when communicating inside the site [a set of 
designated destination prefixes], use it by default otherwise"

I don't think this is possible today because rfc3484 policy table only allows 
matching by prefixes, not by address type.

Has this come up in discussions / has anyone else thought about this?

Btw: in draft-ietf-6man-rfc3484-revise-01, "fec::/16" should be "fec0::/10". 
fec:: would mean 0fec:: and the prefix length is also wrong.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

v2.23.0 | Report a Bug | By Email