RE: 3484bis and privacy addresses
Dave Thaler <dthaler@microsoft.com> Tue, 10 April 2012 00:08 UTC
Return-Path: <dthaler@microsoft.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 277D321F8758 for <ipv6@ietfa.amsl.com>; Mon, 9 Apr 2012 17:08:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.659
X-Spam-Level:
X-Spam-Status: No, score=-103.659 tagged_above=-999 required=5 tests=[AWL=-0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q5rgzwRmROwY for <ipv6@ietfa.amsl.com>; Mon, 9 Apr 2012 17:08:50 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe004.messaging.microsoft.com [216.32.180.14]) by ietfa.amsl.com (Postfix) with ESMTP id 79E2121F8757 for <ipv6@ietf.org>; Mon, 9 Apr 2012 17:08:50 -0700 (PDT)
Received: from mail105-va3-R.bigfish.com (10.7.14.246) by VA3EHSOBE008.bigfish.com (10.7.40.28) with Microsoft SMTP Server id 14.1.225.23; Tue, 10 Apr 2012 00:08:49 +0000
Received: from mail105-va3 (localhost [127.0.0.1]) by mail105-va3-R.bigfish.com (Postfix) with ESMTP id 2F1D5A04AD; Tue, 10 Apr 2012 00:08:49 +0000 (UTC)
X-SpamScore: -12
X-BigFish: VS-12(zz936eK1432N98dKzz1202hzzz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC106.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail105-va3: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=dthaler@microsoft.com; helo=TK5EX14HUBC106.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail105-va3 (localhost.localdomain [127.0.0.1]) by mail105-va3 (MessageSwitch) id 1334016526628864_22868; Tue, 10 Apr 2012 00:08:46 +0000 (UTC)
Received: from VA3EHSMHS017.bigfish.com (unknown [10.7.14.250]) by mail105-va3.bigfish.com (Postfix) with ESMTP id 94118260071; Tue, 10 Apr 2012 00:08:46 +0000 (UTC)
Received: from TK5EX14HUBC106.redmond.corp.microsoft.com (131.107.125.8) by VA3EHSMHS017.bigfish.com (10.7.99.27) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 10 Apr 2012 00:08:46 +0000
Received: from TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) by TK5EX14HUBC106.redmond.corp.microsoft.com (157.54.80.61) with Microsoft SMTP Server (TLS) id 14.2.283.4; Tue, 10 Apr 2012 00:08:45 +0000
Received: from TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com (157.54.71.39) by TK5EX14MLTW652.wingroup.windeploy.ntdev.microsoft.com (157.54.71.68) with Microsoft SMTP Server (TLS) id 14.2.283.4; Mon, 9 Apr 2012 17:08:45 -0700
Received: from TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com ([169.254.4.253]) by TK5EX14MLTW651.wingroup.windeploy.ntdev.microsoft.com ([157.54.71.39]) with mapi id 14.02.0283.004; Mon, 9 Apr 2012 17:08:45 -0700
From: Dave Thaler <dthaler@microsoft.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>
Subject: RE: 3484bis and privacy addresses
Thread-Topic: 3484bis and privacy addresses
Thread-Index: AQHNC+wBSVlewb1jE0uYOWOUBxq41JZ/ZbAAgBPdqEA=
Date: Tue, 10 Apr 2012 00:08:45 +0000
Message-ID: <9B57C850BB53634CACEC56EF4853FF653B5054C1@TK5EX14MBXW604.wingroup.windeploy.ntdev.microsoft.com>
References: <4F716D5C.40402@innovationslab.net> <4F726C9E.50107@gmail.com>
In-Reply-To: <4F726C9E.50107@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.90]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "ipv6@ietf.org" <ipv6@ietf.org>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipv6>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2012 00:08:51 -0000
Brian Carpenter writes: > On 2012-03-27 20:33, Brian Haberman wrote: > ... > > > > A. Prefer public addresses over privacy addresses > > > > B. Prefer privacy addresses over public addresses > > In terms of a general default in shipped IPv6 stacks, I prefer B, but it has to be qualified: > > There MUST be a user option to change this preference. That wording would be confusing, as there's a distinction between an (unprivileged) user and a (privileged) admin. It would be a security vulnerability if an unprivileged user could change a system-wide setting. > There SHOULD be a network manager option to change this preference. Similarly, the term "network manager" is also confusing. It would be a security vulnerability if an untrusted user on the network could change a system-wide setting locally. > The rationale for this is that we need privacy by default in shipped products, with the > ability for the person deploying the product to override this. I (and I gather from the +1's that many others) agree with having a config knob to reverse the preference. The doc already has text about that on a *per-app* basis, but not system-wide. The wording I propose to add is: "There SHOULD be an administrative option to change this preference, if the implementation supports privacy addresses. If there is no such option, there MUST be an administrative option to disable privacy addresses." -Dave
- Re: 3484bis and privacy addresses Jong-Hyouk Lee
- 3484bis and privacy addresses Brian Haberman
- Re: 3484bis and privacy addresses JORDI PALET MARTINEZ
- Re: 3484bis and privacy addresses Arifumi Matsumoto
- Re: 3484bis and privacy addresses Basavaraj.Patil
- Re: 3484bis and privacy addresses Tassos Chatzithomaoglou
- Re: 3484bis and privacy addresses Teemu Savolainen
- Re: 3484bis and privacy addresses Francis Dupont
- Re: 3484bis and privacy addresses JORDI PALET MARTINEZ
- Re: 3484bis and privacy addresses Mohacsi Janos
- Re: 3484bis and privacy addresses Tim Chown
- Re: 3484bis and privacy addresses Roland Bless
- RE: 3484bis and privacy addresses Samita Chakrabarti
- RE: 3484bis and privacy addresses Eric Vyncke (evyncke)
- Re: 3484bis and privacy addresses Simon Perreault
- Re: 3484bis and privacy addresses Alex Abrahams
- Re: 3484bis and privacy addresses Tina TSOU
- RE: 3484bis and privacy addresses Wuyts Carl
- Re: 3484bis and privacy addresses Karl Auer
- Re: 3484bis and privacy addresses Karl Auer
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Francis Dupont
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Brian Haberman
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses Fernando Gont
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Manfredi, Albert E
- Re: 3484bis and privacy addresses Sander Steffann
- Re: 3484bis and privacy addresses Dominik Elsbroek
- Re: 3484bis and privacy addresses Karl Auer
- RE: 3484bis and privacy addresses STARK, BARBARA H
- RE: 3484bis and privacy addresses Karl Auer
- Re: 3484bis and privacy addresses Brian E Carpenter
- Re: 3484bis and privacy addresses Roger Jørgensen
- Re: 3484bis and privacy addresses Francis Dupont
- Re: 3484bis and privacy addresses jonne.soininen
- Re: Re: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses Doug Barton
- Re: 3484bis and privacy addresses t.petch
- Re: 3484bis and privacy addresses Alex Abrahams
- Re: 3484bis and privacy addresses Doug Barton
- Re: 3484bis and privacy addresses Mark Andrews
- Re: 3484bis and privacy addresses Fernando Gont
- RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses JINMEI Tatuya / 神明達哉
- Re: 3484bis and privacy addresses james woodyatt
- RE: 3484bis and privacy addresses Tirumaleswar Reddy (tireddy)
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Brian E Carpenter
- RE: 3484bis and privacy addresses Dave Thaler
- Re: RE: 3484bis and privacy addresses Ray Hunter
- RE: RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Dave Thaler
- Re: 3484bis and privacy addresses Ray Hunter
- RE: 3484bis and privacy addresses Dave Thaler
- RE: 3484bis and privacy addresses Dave Thaler
- Re: RE: 3484bis and privacy addresses Ray Hunter
- Re: 3484bis and privacy addresses Arifumi Matsumoto