SLAAC and Privacy Addresses

Erik Kline

I frequently hear discussions about SLAAC addresses versus privacy concerns about exposing a host's MAC address to the world. These concerns also have some intersection with management desires in a managed environment.

(1) All hosts should use SLAAC.

This address should be computable by software given a hosts

MAC and /64 prefix, and should go into DNS.

All services listening on the host should listen on

"[::]:<port>", and as such be reachable over the host's SLAAC address.

(2) All hosts should enable *and prefer* 3041 / privacy /

temporary addresses.

These addresses should be used by the host for external

connections, keeping the privacy folks happy.

[I say enable and prefer separately because they are two

different setting values in Linux,

/proc/sys/net/ipv6/conf/$interface/use_tempaddr]

Now, this does raise at least two concerns:

1. Some applications and OSes may accumulate a large number of

addresses. Apps will need to properly learn how to skip over

interfaces that are deprecated. In one case we had Kerberos

authentication failures because the address list presented to the KDC

was too huge.

2. Sysadmins/security folks need to realize that if you want to

track your users access publicly then you can't do that by IP address

anymore. Even if you try to force folks to use DHCPv6, J. Random Evildoer

can still use a ton of random addresses, one per socket if he likes.

Tracking has to be done in a different way.