Hi, SM, On 04/22/2013 12:53 PM, SM wrote: > > From Section 1: > > 'The "Privacy Extensions for Stateless Address Autoconfiguration in > IPv6" [RFC4941] were introduced to complicate the task of > eavesdroppers and other information collectors to correlate the > activities of a node, and basically result in temporary (and random) > Interface Identifiers that are typically more difficult to leverage > than those based on IEEE identifiers.' > > There are some warnings in RFC 4941 about correlation. I don't see any > notes about that in this draft. PLease see the Appendix. > My reading of this proposal is that it > is to mitigate address scanning. I could not find any guidance on > whether to use RFC 4941 or this draft for "privacy addresses". Privacy addresses are employed in addition to traditional SLAAC addresses -- hence they don't mitigate address scanning. FWIW, this is all discussed in the I-D. > "Implementations conforming to this specification SHOULD provide the > means for a system administrator to enable or disable the use of this > algorithm for generating Interface Identifiers." > > If the implementation does not provide the means for the administrator > to enable or disable the use of the algorithm, does it conform to this > specification? It'd be "conditionally-compliant", but not fully-compliant. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@xxxxxxxxxxxxxxx PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492