[Dnsmasq-discuss] Switching from ISC dhcpd and IPv6 DNS
Freddie Witherden
freddie at witherden.org
Thu Apr 21 21:29:23 BST 2011
On 21/04/11 21:13, /dev/rob0 wrote:
> On Thu, Apr 21, 2011 at 08:06:50PM +0100, Freddie Witherden wrote:
>> On 21/04/11 19:49, Bill C Riemers wrote:
>>> Strange why would you want use_tempaddr=1? If you use_tempaddr=0,
>>> you addresses will be assigned based on the radvd network prefix
>>> and the mac address of the device. You IPv6 addresses will be the
>>> same everytime, unless your network prefix changes, or you change
>>> a mac address of a device.
>>
>> I consider it to be a very serious privacy concern. Advertising
>> ones MAC address to the public internet makes tracing cookies look
>> like Swiss Banking laws. I may well be wrong but I think that
>> Windows may even enable such tempaddr mischief by default.
>
> I don't understand. A MAC address is only relevant in a physical
> network segment. You simply *must* give a MAC address to hosts on
> your segment in order to have networking. But beyond that segment,
> there's no meaning to a MAC.
>
> Sure, someone can look it up and find out what kind of NIC or
> embedded device you bought. But no, I don't see a "serious privacy
> concern" here. Am I missing something, or are you?
MAC addresses are persistent. Hence, if I use my laptop on an IPv6
network any sites which I connect to through IPv6 get my MAC address.
Later, if I then use an IPv6 network down at my local coffee shop my MAC
address leaks through again to those sites.
This provides a means for websites to identify me and my laptop whenever
I am on an IPv6 network. It is hence as much of a privacy concern as a
tracing cookie.
use_tempaddr solves this problem as per RFC 4941 ("privacy extensions
for stateless address autoconfiguration in IPv6").
Regards, Freddie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
Url : http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20110421/d09a186c/attachment.pgp
More information about the Dnsmasq-discuss
mailing list