IETF Logo Mail Archive

Re: [v6ops] Same interface ID under several prefixes

tom petch <ietfc@btconnect.com> Mon, 14 November 2022 11:32 UTC

Return-Path: <ietfc@btconnect.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39765C1524B4 for <v6ops@ietfa.amsl.com>; Mon, 14 Nov 2022 03:32:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWmlEQc8Pu1Y for <v6ops@ietfa.amsl.com>; Mon, 14 Nov 2022 03:32:29 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2071b.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::71b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83F94C1524BB for <v6ops@ietf.org>; Mon, 14 Nov 2022 03:32:29 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BQAuA1ULf+DLNQHtLCaX4EfFIYul8FW4sXhm0zUR4vP8ia4q8KzPMIVE5SQ07zE64nIQ8SQwiTCtcn25dF7BxQ7r2AXD3Q8wQDtT/icM7CSSNv4zimKDi8hx8DH0Jj/zjHer9Mm6i2/gMXbFVyFWFOKhjlYEO2J2Ba7u6m/KPtFa3tfY5+6GNj52qzgiZzujBDE8/Ltu4CbrqjLtfI/+eemMa72HmJZDKfNMdOGxQpDA8CZSdrzIUjBjMdr9txinbruQlj0122M7ZujqvObHY4j4k1q4yDbwzINXVxxCzG6oaO2BkY0+T8IDt+Rt9CiWZMHO1tTmSsBGV1TK07/4Ow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TCl3P+xvqE8NrVbavhaN2NXNyA4m39lbperUefKWWfU=; b=kVJSlh/xB0myvSfsds7yiuXdzj1sgQwBrRTDMAsZmUpV7t48NEr/fqw1vk21RQ2GLlv4FWHi4XjGn3RP/F7UiWPW2cJEsUGuDRPGUPUYR/3yO2A1NKx5e22vuxN81kautzX7SHFECrwg5oPLtPFp/P8bDFeDVDv9n56cv5oV79P1pKiI5Lu8fwyJYKn3PrdQ3Pv7Nk+HSRL9k+TKxXqbJ1X2wd/NujtCpe5RKG3N/okC/3lN1coZs/SEXFVBIAXpEl+h/anJvzIBzPqLnkQ1resCMRUYG7rgTThpUCALdToN0vNZGWP0Hna+GXwT7dd25WC54waxGD1/WKS4eEWT3A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TCl3P+xvqE8NrVbavhaN2NXNyA4m39lbperUefKWWfU=; b=Jg3yFYN4FpT3FDe1GgodaFZ/2Ro+/Zca3V1N1mN2GnnfHy6B7orHTGPdzyTtmW3e8v7Lkp/xK/YoAWtUzgr8RWKNl0VxtSiGfFwkm8sEXU1QtOUcMm/Ub+X5E8EEIKn8+0nNPd4413QGpEC2xF0e/+YEZxBy3yBCKMXP4rCh5WA=
Received: from DB8PR07MB6249.eurprd07.prod.outlook.com (2603:10a6:10:140::7) by AM7PR07MB6835.eurprd07.prod.outlook.com (2603:10a6:20b:1b7::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5813.17; Mon, 14 Nov 2022 11:32:25 +0000
Received: from DB8PR07MB6249.eurprd07.prod.outlook.com ([fe80::3b6c:eb54:7974:c110]) by DB8PR07MB6249.eurprd07.prod.outlook.com ([fe80::3b6c:eb54:7974:c110%4]) with mapi id 15.20.5813.017; Mon, 14 Nov 2022 11:32:24 +0000
From: tom petch <ietfc@btconnect.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, Alexandre Petrescu <alexandre.petrescu@gmail.com>, "v6ops@ietf.org" <v6ops@ietf.org>
Thread-Topic: [v6ops] Same interface ID under several prefixes
Thread-Index: AQHYgn+HOeI8tBFa/UWrtyZtdhuYR61af2r9gAFt8QCA3AncgIABgwkhgAAKaICAASeygIACn/iAgAHnBYU=
Date: Mon, 14 Nov 2022 11:32:24 +0000
Message-ID: <DB8PR07MB6249286A15043643006E7DA9A0059@DB8PR07MB6249.eurprd07.prod.outlook.com>
References: <1f96f6d6-1c9a-0b18-acf2-dc7d0041ee3b@gmail.com> <78898acb-70b4-7e2d-a8ef-c47efde962e6@si6networks.com> <4821e89b-d64c-5e98-b2d7-a72437325045@gmail.com> <8c208ed1-5bcb-85f8-4b13-2465e160e655@gont.com.ar> <b25f3308-821e-4562-791a-2c2e44cde68c@gmail.com> <effd590f-93a3-c593-3e4e-2c6456ce8c4d@si6networks.com> <87acb67f-7751-aeec-f63f-58b47e628df9@gmail.com> <f407f68f-cd3b-b8af-2c80-ff827e865b11@gmail.com> <c7fb2f5b-2224-d83e-1da8-a74967ce829c@gmail.com> <226e81c8-3e71-d573-851e-e5caaa164167@gmail.com> <8ee1a79a-d4ab-3a29-7869-8ab28e7add08@gmail.com> <a62d65e7-e738-3723-03ca-570122ebffd1@gmail.com>
In-Reply-To: <a62d65e7-e738-3723-03ca-570122ebffd1@gmail.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB8PR07MB6249:EE_|AM7PR07MB6835:EE_
x-ms-office365-filtering-correlation-id: 8503c6b5-6faf-4597-6e6c-08dac633e718
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: INIwBlbrKD+dKcmsSlP4drlkNHLR40KXCOjtmvgeN13y4WwlMFcnD5QtNNc3+G3fv0xDPufzw9K8THIEgj+ykbjPwD7YdYNBwWKtg0m7tBHquXaXAsjhGqjdm7d3lq/5SIffYMhH61YXQyQD6rnhYA083BDsuNd5/Kt4Kffw2d7szWazGsZ5xPe6zHTgaiyp1kl+IfV8N55QiZ5v9499XHcKjgCCVh+50gfDJoIgQDDIdb23zERHpIqfIfARezwfVWeyMf1cGsaCT+IJOE6bkyL2xM2ITotsvgbQu+Rsn7DJiyhf4CUhk3TfXPFOkFhkjX7fFW3L5sEuACR6grIcp20a9mpXRvdfQIOxA+VoJb/akJn+abrs//6xQTNgVG+6XxeHuI7QkVF3t9mautsrMQoxg7XIuDU5refdUD7WZL8lCF34LmpGS2ejnzhRxKcF1qDiZ5x7IRV5m8ZcBBM0+L1b8v60bd9hdPfju4OADfJsMtLGtMIHNRL6KDvzRz0uyNGpTAH1y+jD3d2tiSOKEwK9WomRrt9IunoRb2aHridLNXk/00i/5G3vli7Ug6m/9rGUPNRpr0vwJXESw+1CkG61lchC/LzFA4r9XGADK+yHvEsEK2hwwGa2+eAZFeE1E6sJsgKwv1zDFaoGxBiyYu98/BitkJlwZcIQDP5lVHldxhKq/XaD6snxH9xa1YXUzzBl488wDo/vTEbrefpt30IqCGpMYG/u0QyN50uDr0joTIpL7aYVsxR7Vg2Kx3V+N2ZyagPzPulI0WpWncBQ9dHUC8yrc3cyPin7xFRncFU=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB8PR07MB6249.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(39860400002)(396003)(376002)(366004)(346002)(451199015)(7696005)(6506007)(53546011)(316002)(41300700001)(186003)(52536014)(8936002)(55016003)(76116006)(66476007)(66946007)(66446008)(66556008)(64756008)(66574015)(2906002)(26005)(5660300002)(33656002)(9686003)(8676002)(66899015)(91956017)(478600001)(966005)(83380400001)(110136005)(122000001)(82960400001)(71200400001)(86362001)(38070700005)(38100700002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +AzH6Hp5nQ2y/XECF+NQ2xxA8VtJa/qgudl8o5Qc1Tqo2Kr2tgtXPV5Chyeu8iPCnIdgtgqPozk1sCkqwiktT7H40mKnrGTvqYvenSJ/8piD1AJ6qUrchpDJHm56lCZD15vjC/krsIJxtJv1hc5YSD4JG8qRYmp1gFCagPEL3zi6rspGJ9YI22Gcfl32C6cZ9QW0pMdq7O4Lkh7hG7vUa95vDo6yS3dH8qvx4tBnjJX7G1G8lWZO8kgjNfqfs+f10a7R6LdGcs6VpZvWy5K/B694NkxEqEo2zZsGPtZgg60OoH7G6gzA/LWdSONE4B1pMFGf5Ps3Buu6alrHUJPdLWGEdSqWQrtRRaPtOZWMkoQLh1WTueUP5DeGWw3IneNf8DkFsqsn+v1FRMtctWeBqIe7GucnnE1po05VlFCs35V65lXi3swlAw8h/H7YgsuFUhXFIvDDOhA3jhTnAgE+I4ms3JpHIyx/yPlE6sEl9La3GzztQEsK7EpK2fVa7NhUeIUTo6I/7VlkASLCqTiOPuOvp5KykIJD2ALmZXxbejAS4hoPagyACnRfPCXovclMXy33ndVTD9QwCXld1hAxgvqqUUrFbsy2DdkmuTDoEYh1UXfuMlnU6Xj6E92qqJaYsfzmyku3Td1TW0/KpIhwA6sUEQhhY77o2y87xz/fj2k79rhPKo5R6MT2N9YaQIJsFUNvJke9vESbDd8sD1FwrxCukHsvGV85Dh3dUbxX7RuXxSu3Df51RAQ0E0TATa75XzLMi1Zx8lPgslquzYwWmEsx5fWSR7tevbS8lD76DPISqNiz+IFmL/9AyhmwC6JgwIHnXE707/CjaZglYDExukvcRHT2CxD0ckSk1pdidMxvfyFTTeQ6AMofCF6gV99xfUJRzS3Kk4sAvxXtSZZBMrbr5aQ89FWY44e3TfFG5d1fUdo5N0mcl+Q0xy6VLZ/KvtrroM1nFpeLFJWQ5UFEOMxOwpywXbdM6x4vIF2OcBJHTnlYCMvLAWPVENKhVbFqdNKIjntNnwUnMmFf6VJMPg/mcX5Kd4QBMylf4/s1kI+kZnkXFX8UUb33/IrHOJI4mrybr4+rCHz1VB7tTK0A2kbZhlWvM6s3B9PcYJppTR2GN4CMcsh/6/fhO2kmabCCnXK0Nx1jliBHp33AUWunnO4TDWl1gOv2aqw4NuP6bWXPdK+VDo6YaJleVBeGf/z4VrBKvrZw4SqvXgIumBnK51Gh2GtLChDRuJQ+jvigKHTvvf9nYMZc8w5Cvw1AWXM+CH7Nj2LRIxnGFoKPQw4334Pj7FgKo+dSDFW4Mz5dRklAEk41CbgEWH8Xrqob7aXIUtBAtV4Egx2mIGDv89xjAPIXHOoQzTkmY/JI0FFqQxpzOBO2wJKSyJZitcMmBtRSq9Fjm9wyomPZq17nZkuZAeD80UmZAyDGQ7rj2lq7hlohtncp8ufsOzDZAIPdDS0e/rAdYw+mqSyhEHY2EJozMd+TNRNhPbpsKBJfcnayIcdQHJEB5WO6ZQ16tZd63j2mZ+HcVTd9xlVI+XBaMn9D73nWAfm8QU9k5Jlz+ganctiWG6DT0hJjQTV+g1ArcPwg
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB8PR07MB6249.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8503c6b5-6faf-4597-6e6c-08dac633e718
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2022 11:32:24.8803 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oA0JUk+y7ninsg9PxTOzz1P+Lo8CTyQB2wW7Q5Z/JhxGRn4mXBxvu94kM/Y9vahIxpuGSZDuAZ4K5icGN+ZS6w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR07MB6835
Archived-At: <https://mailarchive.ietf.org/arch/msg/v6ops/S_g3J4E9Dh3VXlBbkZdrgQNCozc>
Subject: Re: [v6ops] Same interface ID under several prefixes
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2022 11:32:34 -0000

From: v6ops <v6ops-bounces@ietf.org> on behalf of Brian E Carpenter <brian.e.carpenter@gmail.com>
Sent: 13 November 2022 06:25

Yes, I can now confirm that Windows 11 (a new installation, so up to date)
does indeed use three different stable IIDs for GUA, ULA and LL addresses.

<tp>
Your e-mail prompted me to look at the recent  updates for Windows 10 to see what the website said and it is fairly useless. 
'The Windows 10 2022 Update (Windows 10, version 22H2) delivers a scoped set of improvements in the areas of productivity and management.'
Gee, thanks.

Tom Petch


Regards
    Brian

On 12-Nov-22 03:19, Alexandre Petrescu wrote:
> for completeness, per the original request of win11 outputs, I checked a
> win11 machine too, in addition to the 22H2 win10.
>
> the win11 IPv4 and IPv6 address formats in the ipconfig output are
> similar to that of 22H2, there seem to be no difference.
>
> Alex
>
> Le 10/11/2022 à 21:41, Alexandre Petrescu a écrit :
>>
>>
>> Le 10/11/2022 à 21:02, Brian E Carpenter a écrit :
>>> On 10-Nov-22 23:13, Alexandre Petrescu wrote:
>>>>
>>>>
>>>> Le 09/11/2022 à 21:59, Brian E Carpenter a écrit :
>>>>> Looks like some progress in this area on Windows.
>>>>>
>>>>> Yesterday I applied the latest Windows 10 update, and noticed that my
>>>>> very old IPv6 status checker was giving me an unexpected result.
>>>>>
>>>>> Why? Because as of yesterday, the stable IIDs for my GUA, ULA and LL
>>>>> addresses are different. Kudos to MS.
>>>>>
>>>>> This is Windows 10 Pro, version 21H2, OS Build 19044.2251
>>>>>
>>>>> Can somebody check this on Windows 11?
>>>>
>>>> I could check something on 22H2 Win10 (not Win 11), but not sure what to
>>>> check more precisely, what commands to issue(?)
>>>
>>> At the command prompt do:  ipconfig
>>>
>>> The output will include something like this (slightly obfuscated):
>>>
>>> Ethernet adapter Ethernet 4:
>>>
>>>      Connection-specific DNS Suffix  . : fritz.box
>>>      IPv6 Address. . . . . . . . . . . :
>>> 2406:e003:xxxx:xxxx:672e:17ef:b374:8c9d
>>>      IPv6 Address. . . . . . . . . . . :
>>> fd63:45eb:dc14:0:6a25:e384:a462:54b9
>>>      Link-local IPv6 Address . . . . . : fe80::8d0f:7f26:e5c8:780b%7
>>>      IPv4 Address. . . . . . . . . . . : 192.168.178.20
>>>      Subnet Mask . . . . . . . . . . . : 255.255.255.0
>>>      Default Gateway . . . . . . . . . : fe80::2e3a:fdff:fea6:xxxx%7
>>>                                          192.168.178.1
>>>
>>> You see three different IIDs in my GUA, ULA and LLA addresses. I have
>>> dsiabled temporary IPv6 addresses, but you might see them too. (And you
>>> can see to its shame that my FritzBox still uses modified EUI-64.)
>>
>> You see below my ipconfig on wifi on a win10 22H2 on a home network
>> which offers both IPv4 and IPv6.
>>
>> Carte réseau sans fil Wi-Fi :
>>
>>      Suffixe DNS propre à la connexion. . . :
>>      Adresse IPv6. . . . . . . . . . . . . .: 2a01:e0a:937:bc30::ec18:fe76
>>      Adresse IPv6 de liaison locale. . . . .: fe80::6f44:cfe8:261a:fbaf%3
>>      Adresse IPv4. . . . . . . . . . . . . .: 192.168.0.5
>>      Masque de sous-réseau. . . . . . . . . : 255.255.255.0
>>      Passerelle par défaut. . . . . . . . . : fe80::160c:76ff:fe8c:86f3%3
>>                                          192.168.0.254
>>
>> I have not obfuscated anything because I suppose the system generates
>> new IIDs relatively often.
>>
>> Remark the IID in the GUA seems to be 32 signficant bits.
>>
>> Alex
>>
>>>
>>>      Brian
>>>
>>>
>>>>
>>>> I am on an IPv4-only network and there is an IID in the link-local
>>>> address, and that IID is different than the MAC address.
>>>>
>>>> I have not recorded that IID in earlier days, so I cant check whether
>>>> something changed after windows updates.
>>>>
>>>> And, I am not  even sure of the MAC address being something of the
>>>> actual Ethernet interface, because the USB-Ethernet interface is Dell,
>>>> the Ethernet-less computer is HP and the MAC address on Windows says it
>>>> is of HP (first 2 bytes checked from the public oui.txt).
>>>>
>>>> And, there is something in the BIOS which tries to have a unique MAC
>>>> address for the Ethernet interface despite connecting various external
>>>> USB-Ethernet interfaces with their various MAC addresses.
>>>>
>>>> This (MAC address from BIOS) stable identifier is very necessary, even
>>>> though it does not appear in IPv6 addresses.
>>>>
>>>> This stable id is used for some protection, even though it is known that
>>>> it can be faked.
>>>>
>>>> IPv6 is still considered to not give enough protection, compared to
>>>> IPv4.
>>>>
>>>> Alex
>>>>
>>>>>
>>>>> Regards
>>>>>       Brian
>>>>>
>>>>> On 23-Jun-22 08:46, Fernando Gont wrote:
>>>>>> Hi, Brian,
>>>>>>
>>>>>> MacOS and OpenBSD also implement RFC7217/RFC8064.
>>>>>>
>>>>>> For embedded devices (e.g. printers), they are probably based on older
>>>>>> versions of the Linux kernel, and probably RFC7217 has not (and will
>>>>>> not) be back-ported to them -- so it'll take time for these devices to
>>>>>> adopt RFC7217.
>>>>>>
>>>>>> As for Android, there might be a similar issue going on -- but
>>>>>> certainly
>>>>>> Lorenzo or Erik will be in a better position to tell.
>>>>>>
>>>>>> So my "concern" would probably be just the lack of support in Windows.
>>>>>>
>>>>>> P.S.: When it comes to Linux, it's more than just the kernel -- e.g.
>>>>>> there's an implementation in dhcpcd (that's what you probably see in
>>>>>> Raspberry Pi), and an implementation in NetworkManager (and there
>>>>>> might
>>>>>> be one in systemd-networkd).
>>>>>>
>>>>>> Thanks,
>>>>>> Fernando
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 21/6/22 19:56, Brian E Carpenter wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I've done a little survey on my home network, and I don't find the
>>>>>>> results
>>>>>>> very encouraging for RFC7217/RFC8064 deployment. In summary, there is
>>>>>>> some usage of pseudorandom IDs, but only Linux deserves a gold star
>>>>>>> (the PI is also Linux):
>>>>>>>
>>>>>>> Linux 5.4.0   - 3 different IIDs for GUA, ULA, LLA
>>>>>>> Raspberry PI  - 3 different IIDs for GUA, ULA, LLA
>>>>>>> Android 7     - same IID for GUA, ULA; different for LLA (EUI64)
>>>>>>> Android 11    - same IID for GUA, ULA; different for LLA (EUI64)
>>>>>>> Windows 10*   - same IID for GUA, ULA, LLA
>>>>>>> FritzBox 7530 - same IID for GUA, ULA, LLA (EUI64)
>>>>>>> Samsung TV s6 - same IID for GUA, LLA (EUI64, but also temporary
>>>>>>> IID for
>>>>>>> GUA & ULA)
>>>>>>> Chromecast 2  - LLA only (EUI64)
>>>>>>> Canon TS5100  - LLA only (EUI64)
>>>>>>>
>>>>>>> * with temporary addresses switched off
>>>>>>>
>>>>>>> Regards
>>>>>>>        Brian Carpenter
>>>>>>>
>>>>>>> On 18-Jun-22 10:20, Fernando Gont wrote:
>>>>>>>> On 17/6/22 17:51, Brian E Carpenter wrote:
>>>>>>>> [...]
>>>>>>>>>>
>>>>>>>>>> I assume they don't claim to implement RFC7217. -- If they did,
>>>>>>>>>> then
>>>>>>>>>> yes, it would be fair to call that a bug. :-)
>>>>>>>>>
>>>>>>>>> Right, it would be fairer to call it a potential privacy
>>>>>>>>> vulnerability
>>>>>>>>> (discover one address, get another one free of charge).
>>>>>>>>
>>>>>>>> Indeed, their mechanism allows for host-tracking: i.e., once you
>>>>>>>> know
>>>>>>>> the token, you can predict what's the address that that node would
>>>>>>>> configured if it connected to a given network.
>>>>>>>>
>>>>>>>>
>>>>>>>>> I don't regard
>>>>>>>>> it as a very serious problem that an outsider can learn my ULA or
>>>>>>>>> LLA.
>>>>>>>>
>>>>>>>> The biggest problem is that once the attacker learns your token,
>>>>>>>> e.g.,
>>>>>>>> he can test whether you're connected to e.g. the IETF conference
>>>>>>>> network
>>>>>>>> by e.g. pinging PREFIX::your_token.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Kudos to MS, anyway, for having moved to pseudo-random IIDs very
>>>>>>>>> early,
>>>>>>>>> before RFC7217 in fact.
>>>>>>>>
>>>>>>>> Yes, that was the point I was trying to make!
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> v6ops mailing list
>>>>>>> v6ops@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>>>>
>>>>> _______________________________________________
>>>>> v6ops mailing list
>>>>> v6ops@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>>>
>>>> _______________________________________________
>>>> v6ops mailing list
>>>> v6ops@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/v6ops
>>
>> _______________________________________________
>> v6ops mailing list
>> v6ops@ietf.org
>> https://www.ietf.org/mailman/listinfo/v6ops
>
> _______________________________________________
> v6ops mailing list
> v6ops@ietf.org
> https://www.ietf.org/mailman/listinfo/v6ops
_______________________________________________
v6ops mailing list
v6ops@ietf.org
https://www.ietf.org/mailman/listinfo/v6ops

v2.23.0 | Report a Bug | By Email