lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 13 Apr 2020 03:04:29 -0300
From:   Fernando Gont <>
To:     Stephen Hemminger <>
Cc:, David Miller <>
Subject: Re: [PATCH net-next] Implement draft-ietf-6man-rfc4941bis

On 13/4/20 02:22, Stephen Hemminger wrote:
> On Wed, 8 Apr 2020 07:44:58 -0300
> Fernando Gont <> wrote:
>> Implement the upcoming rev of RFC4941 (IPv6 temporary addresses):
>>   temp_valid_lft - INTEGER
>>   	valid lifetime (in seconds) for temporary addresses.
>> -	Default: 604800 (7 days)
>> +	Default: 172800 (2 days)
> You can't change defaults for existing users without a really good
> argument.

The number of extra addresses you get when the Valid Lifetime is 7 days 
tends to exacerbate the stress caused on network elements/devices. There 
are references in the I-D.

Additionally, the motivation of temporary addresses is indeed privacy 
and reduced exposure. With a default VL of 7 days, and address that 
becomes revealed is reachable for one whole week. That's not very 
"temporary" as the name would imply.

The only use case for a VL of 7 days could be some application that is 
expecting to have long lived connections. But if you want to have a long 
lived connections, you probably shouldn't be using a temporary address.

And even more in the era of mobile devices, I'd argue that general 
applications should be prepared and robust to address changes (nodes 
swaps wifi <-> 4G, etc.)

This is, of the top of my head, the reason why we decided to modify the 
default valid lifetime in the upcoming revision of the standard.


Fernando Gont
SI6 Networks
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

Powered by blists - more mailing lists