> On 19 feb 2008, at 10:02, Dan Wing wrote: > > > It would be interesting to write it down, and to see what > > would break if the IP stack acquired and provided a fresh > > v6 address to every new connection. Maybe nothing would > > break, which would be great. > > You really don't want to do that for stuff like the web where you can > easily end up setting up a dozen new TCP sessions in a second. (Web > designers use insanely wasteful techniques with multiple external > javascripts and style sheets per page, often loaded from different > domains, not to mention the persistent use of spacer images.) > Duplicate address detection takes too much time to make this useful, > and the creation of such a large number of addresses makes DAD all the > more important. > > You also don't want to do it for applications that require referrals, > such as peer-to-peer. > > Current address privacy mechanisms change addresses at certain > intervals, often 24 hours. Last time I checked this was enabled by > default on Windows (Vista and on XP if IPv6 is enabled) but not on any > other system, although I believe they all support it. > > The reason for this mechanism is not that two sessions can't be > attributed to the same host, but that when a host moves it can't be > tracked by its MAC address that would otherwise be in the lower 64 > bits of its IPv6 address when using stateless autoconfig. You also don't want to do it as you would also need massive churn in the DNS. Microsoft gets this wrong as they don't register the privacy addresses in the DNS which in turn causes services to be blocked because there is no address in the DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf