Re: 3484bis and privacy addresses

james woodyatt <jhw@apple.com> Tue, 03 April 2012 22:50 UTC

Return-Path: <jhw@apple.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 712E011E809D for <ipv6@ietfa.amsl.com>; Tue, 3 Apr 2012 15:50:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.203
X-Spam-Level:
X-Spam-Status: No, score=-109.203 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lFjie36AD+g0 for <ipv6@ietfa.amsl.com>; Tue, 3 Apr 2012 15:50:29 -0700 (PDT)
Received: from mail-out.apple.com (honeycrisp.apple.com [17.151.62.51]) by ietfa.amsl.com (Postfix) with ESMTP id DFDC711E8086 for <ipv6@ietf.org>; Tue, 3 Apr 2012 15:50:29 -0700 (PDT)
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Received: from relay15.apple.com ([17.128.113.54]) by mail-out.apple.com (Oracle Communications Messaging Server 7u4-23.01 (7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTP id <0M1X00MRNE3XBU01@mail-out.apple.com> for ipv6@ietf.org; Tue, 03 Apr 2012 15:50:29 -0700 (PDT)
X-AuditID: 11807136-b7f376d000001394-02-4f7b7eb5f518
Received: from [17.151.73.147] (Unknown_Domain [17.151.73.147]) (using TLS with cipher AES128-SHA (AES128-SHA/128 bits)) (Client did not present a certificate) by relay15.apple.com (Apple SCV relay) with SMTP id 5A.89.05012.5BE7B7F4; Tue, 03 Apr 2012 15:50:29 -0700 (PDT)
Subject: Re: 3484bis and privacy addresses
From: james woodyatt <jhw@apple.com>
In-reply-to: <m2wr5wu2v0.wl%jinmei@isc.org>
Date: Tue, 03 Apr 2012 15:50:28 -0700
Content-transfer-encoding: quoted-printable
Message-id: <BB8D5374-EEC5-4C76-9376-ED1FAAC8056C@apple.com>
References: <4F716D5C.40402@innovationslab.net> <4F71F217.7000209@globis.net> <9B57C850BB53634CACEC56EF4853FF653B4F1217@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com> <m2wr5wu2v0.wl%jinmei@isc.org>
To: ipv6@ietf.org
X-Mailer: Apple Mail (2.1444)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupjluLIzCtJLcpLzFFi42IRnO45WXdrXbW/wbF33BYvz75ncmD0WLLk J1MAYxSXTUpqTmZZapG+XQJXxqyzTYwFK/kq2n6eZGpg3MDdxcjJISFgInH6wjJ2CFtM4sK9 9WxdjFwcQgJTmSQu3LjJCJJgFlCX+DPvEjOIzSugJ3H82lsmEFtYQEti6aqTYDabgIrEt8t3 wWxOAW2JZ7OOs3YxcnCwAMU3tCpAjNGWWLbwNdQYG4kT61uZIHadZZQ4e/c1C0hCREBQYvuD HywQB8lKnD16gnECI98sJGfMQnLGLCRzFzAyr2IULErNSaw0NNVLLCjISdVLzs/dxAgKpYZC sx2MO/7KHWIU4GBU4uFddarSX4g1say4MvcQowQHs5IIb29Qtb8Qb0piZVVqUX58UWlOavEh RmkOFiVx3nDtKn8hgfTEktTs1NSC1CKYLBMHp1QDY+XGR6xfjz/SaT50oWSJ2K0SQ9kfC9f8 tv3mHLHVPuxz9sZJzaax9k2TTLzZm+Kb9395ka95YWeaX+tk1SOvnk3wt3rl7v9G8lCOZsvO mVFZlrc3le2RFSsq2rVqWeiuLv39MqaFnl7bDd4zpO8rnF7ilG25RelHwDL53MIruV1OaUnT +892KrEUZyQaajEXFScCAGXK2pQhAgAA
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2012 22:50:30 -0000

On Apr 3, 2012, at 10:44 , JINMEI Tatuya / 神明達哉 <jinmei@isc.org> wrote:
> At Mon, 2 Apr 2012 23:43:57 +0000, Dave Thaler <dthaler@microsoft.com> wrote:
>> 
>> I prefer B, and this is what most existing implementations of RFC 3484 seem to already do (i.e., they follow the MAY not the SHOULD) whenever privacy addresses are enabled.  I have yet to hear of an implementation of RFC 3484 that actually follows the SHOULD (A) rather than the MAY (B), but maybe someone on this list knows of one.
> 
> When we first implemented RFC3484 for BSD variants at the KAME project
> we followed the SHOULD and preferred public (non temporary) addresses
> by default.  From a quick look it doesn't change, e.g., in the most
> recent version of FreeBSD:
> http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/in6_src.c?rev=1.87;content-type=text%2Fx-cvsweb-markup
> 		 /*
> 		 * Rule 7: Prefer public addresses.
> 		 * We allow users to reverse the logic by configuring
> 		 * a sysctl variable, so that privacy conscious users can
> 		 * always prefer temporary addresses.
> 		 */


It may be worth noting here what I see on my Mac OS X 10.7 system at home (which exhibits basically the same behavior as recent iOS releases do):

    zeece ~ 508$ sysctl net.inet6.ip6 | egrep tempaddr
    net.inet6.ip6.use_tempaddr: 1
    net.inet6.ip6.prefer_tempaddr: 1

In other words, it deliberately diverges from the "SHOULD" recommendation here in RFC 3484, despite having been derived from the KAME stack which had zeroes as the default values here, not ones.  I have yet to see a persuasive reason to conform strictly to the recommended behavior.


--
james woodyatt <jhw@apple.com>
member of technical staff, core os networking