On 21 feb 2008, at 16:34, Harald Alvestrand wrote: > Think of the case where there are 1000 users on a LAN, and one of them > desires to use the address privacy option for all the normal reasons. > Then think about the policeman / bad guy / secret agent / mafioso > with a > trace of all traffic from that LAN - he can immediately say that the > 999 > were using non-privacy-enhanced addresses, and the resulting trace > will > show him immediately what the 1000th was up to, no matter how many > times > he changed his address. I'm assuming you mean "a trace of the activities of addresses from that LAN as seen from elsewhere", because if they can sniff the LAN they can also see the link addresses. But what the good/bad guy sees is 1099 addresses, 999 of which are used for somewhat long periods, and 100 of which are used for somewhat short periods. They don't know how many users there were on the LAN, although they can probably guess to within 10% or so based on the amount of traffic. They also don't have any way to know which user was using which privacy address at any given time unless they had a much more intimite view of the LAN in question. _______________________________________________ IETF mailing list IETF@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf