lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20200430.202334.573859461451348083.davem@davemloft.net>
Date:   Thu, 30 Apr 2020 20:23:34 -0700 (PDT)
From:   David Miller <davem@...emloft.net>
To:     fgont@...networks.com
Cc:     netdev@...r.kernel.org
Subject: Re: [PATCH v2 net-next] ipv6: Implement draft-ietf-6man-rfc4941bis

From: Fernando Gont <fgont@...networks.com>
Date: Sun, 26 Apr 2020 12:41:40 -0300

> Implement the upcoming rev of RFC4941 (IPv6 temporary addresses):
> https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis-09
> 
> * Reduces the default Valid Lifetime to 2 days
>   The number of extra addresses employed when Valid Lifetime was
>   7 days exacerbated the stress caused on network
>   elements/devices. Additionally, the motivation for temporary
>   addresses is indeed privacy and reduced exposure. With a
>   default Valid Lifetime of 7 days, an address that becomes
>   revealed by active communication is reachable and exposed for
>   one whole week. The only use case for a Valid Lifetime of 7
>   days could be some application that is expecting to have long
>   lived connections. But if you want to have a long lived
>   connections, you shouldn't be using a temporary address in the
>   first place. Additionally, in the era of mobile devices, general
>   applications should nevertheless be prepared and robust to
>   address changes (e.g. nodes swap wifi <-> 4G, etc.)
> 
> * Employs different IIDs for different prefixes
>   To avoid network activity correlation among addresses configured
>   for different prefixes
> 
> * Uses a simpler algorithm for IID generation
>   No need to store "history" anywhere
> 
> Signed-off-by: Fernando Gont <fgont@...networks.com>

Please respin this patch as it no longer applies cleanly.  It should
be easy, it's just because of the ReST conversion of ip-sysctl.txt

Thanks.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ