Re: Rate of growth on IPv6 not fast enough?

[Jim Burwell <jimb () jsbc cc>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
On 4/22/2010 22:00, Owen DeLong wrote:
> On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> >
> > On 4/22/2010 05:34, Simon Perreault wrote:
> > > On 2010-04-22 07:18, William Herrin wrote:
> > > > On the other hand, I could swear I've seen a draft where the
> > > > PC picks up random unused addresses in the lower 64 for each
> > > > new outbound connection for anonymity purposes.
> > >
> > > That's probably RFC 4941. It's available in pretty much all
> > > operating systems. I don't think there's any IPR issue to be
> > > afraid of.
> > >
> > > Simon
> > I think this is different.  They're talking about using a new
> > IPv6 for each connection.  RFC4941 just changes it over time
> > IIRC.  IMHO that's still pretty good privacy, at least on par
> > with a NATed IPv4 from the outside perspective, especially if you
> > rotated through temporary IPv6s fairly frequently.
>
> 4941 specified changing over time as one possibility.  It does
> allow for per flow or any other host based determination of when it
> needs a new address.
>
> Owen
K.  Can't say I've read the RFC all the way through (skimmed it).
Current implementations do the time thing.  XP, Vista, and 7 seem to
have it turned on by default.  *nix has support via the
"net.ipv6.conf.all.use_tempaddr=2" variable, typically not on by default.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iEYEARECAAYFAkvRLkUACgkQ2fXFxl4S7sQ2YgCg3uSkp1GNxcgjCDVc1jxnDv7s
DtoAniXH8nND7+r6xEFJXGHrRJ77CBkZ
=eSHI
-----END PGP SIGNATURE-----