lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 May 2020 00:54:09 -0300 From: Fernando Gont <fgont@...networks.com> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org Subject: Re: [PATCH v2 net-next] ipv6: Implement draft-ietf-6man-rfc4941bis On 1/5/20 00:23, David Miller wrote: > From: Fernando Gont <fgont@...networks.com> > Date: Sun, 26 Apr 2020 12:41:40 -0300 > >> Implement the upcoming rev of RFC4941 (IPv6 temporary addresses): >> https://tools.ietf.org/html/draft-ietf-6man-rfc4941bis-09 >> >> * Reduces the default Valid Lifetime to 2 days >> The number of extra addresses employed when Valid Lifetime was >> 7 days exacerbated the stress caused on network >> elements/devices. Additionally, the motivation for temporary >> addresses is indeed privacy and reduced exposure. With a >> default Valid Lifetime of 7 days, an address that becomes >> revealed by active communication is reachable and exposed for >> one whole week. The only use case for a Valid Lifetime of 7 >> days could be some application that is expecting to have long >> lived connections. But if you want to have a long lived >> connections, you shouldn't be using a temporary address in the >> first place. Additionally, in the era of mobile devices, general >> applications should nevertheless be prepared and robust to >> address changes (e.g. nodes swap wifi <-> 4G, etc.) >> >> * Employs different IIDs for different prefixes >> To avoid network activity correlation among addresses configured >> for different prefixes >> >> * Uses a simpler algorithm for IID generation >> No need to store "history" anywhere >> >> Signed-off-by: Fernando Gont <fgont@...networks.com> > > Please respin this patch as it no longer applies cleanly. It should > be easy, it's just because of the ReST conversion of ip-sysctl.txt Just did, as [PATCH v3 net-next]. No code changes. Just rebased the patch on origin/master. Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@...networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
Powered by blists - more mailing lists