lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1449225712.287884.457895729.21AD000E@webmail.messagingengine.com>
Date:	Fri, 04 Dec 2015 11:41:52 +0100
From:	Hannes Frederic Sowa <hannes@...essinduktion.org>
To:	Bjørn Mork <bjorn@...k.no>
Cc:	netdev@...r.kernel.org
Subject: Re: [RFC] ipv6: use a random ifid for headerless devices

Hello,

On Thu, Dec 3, 2015, at 20:29, Bjørn Mork wrote:
> Hannes Frederic Sowa <hannes@...essinduktion.org> writes:
> 
> > I see no problem with the patch as it eases operating those devices. I
> > would also suggest storing the ifid in the inet6_dev so it does only
> > change during device creation and destruction. Otherwise I would
> > recommend to use stable privacy addresses to generate the link local
> > addresses. EUI-48 based LL creation should hopefully not be used anymore
> > soon.
> 
> Thanks for commenting on this. Yes, the stable privacy addresses looks
> like they will solve this and other problems.  But enabling them require
> an adminstrator action.
> 
> After looking more at addrconf, I started wondering if we couldn't abuse
> ipv6_generate_stable_address() for this purpose?  We could add a new
> addr_gen_mode which would trigger automatic generation of a secret if
> stable_secret is uninitialized.  This would be good enough to ensure
> stability until the interface is destroyed.  And it would still allow
> the adminstrator to select IN6_ADDR_GEN_MODE_STABLE_PRIVACY by entering
> a new secret.

I am fine with your proposal but I would really like to see it only
happen on the per-interface stable_secret instance.

Thanks,
Hannes
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ