-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 4/22/2010 22:00, Owen DeLong wrote:
On Apr 22, 2010, at 5:55 AM, Jim Burwell wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 4/22/2010 05:34, Simon Perreault wrote:
On 2010-04-22 07:18, William Herrin wrote:
On the other hand, I could swear I've seen a draft where the PC picks up random unused addresses in the lower 64 for each new outbound connection for anonymity purposes.
That's probably RFC 4941. It's available in pretty much all operating systems. I don't think there's any IPR issue to be afraid of.
Simon I think this is different. They're talking about using a new IPv6 for each connection. RFC4941 just changes it over time IIRC. IMHO that's still pretty good privacy, at least on par with a NATed IPv4 from the outside perspective, especially if you rotated through temporary IPv6s fairly frequently.
4941 specified changing over time as one possibility. It does allow for per flow or any other host based determination of when it needs a new address.
Owen
K. Can't say I've read the RFC all the way through (skimmed it). Current implementations do the time thing. XP, Vista, and 7 seem to have it turned on by default. *nix has support via the "net.ipv6.conf.all.use_tempaddr=2" variable, typically not on by default. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvRLkUACgkQ2fXFxl4S7sQ2YgCg3uSkp1GNxcgjCDVc1jxnDv7s DtoAniXH8nND7+r6xEFJXGHrRJ77CBkZ =eSHI -----END PGP SIGNATURE-----