Rémi Després wrote:
>> My desire to have privacy is, in itself, something I may want to keep
>> private.
> I am not sure I see the practical consequences.
> If my source address says "I am someone but you will not know who I
> am", isn't this sufficient?
You're not thinking this through.
Think of the case where there are 1000 users on a LAN, and one of them
desires to use the address privacy option for all the normal reasons.
Then think about the policeman / bad guy / secret agent / mafioso with a
trace of all traffic from that LAN - he can immediately say that the 999
were using non-privacy-enhanced addresses, and the resulting trace will
show him immediately what the 1000th was up to, no matter how many times
he changed his address.
>
>
>> If what you want to know is indeed "which site is at the other end",
>> wildcards at the /64 level will achieve that with no changes to
>> existing code.
>
> I am not familiar enough with wildcard operation in the DNS.
> If it provides for queries that concern only site prefixes, then you
> are right: no need for an agreed "wildcard IID".
> The result is the same with existing mechanisms, which is clearly better.
Read RFC 1034 - or perhaps better, RFC 4592. They've been around for a
while (although their behaviour still surprises many).
Harald
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
http://www.ietf.org/mailman/listinfo/ietf