On 05/10/09 18:35 -0400, Valdis.Kletnieks@vt.edu wrote:
On Mon, 05 Oct 2009 16:13:37 CDT, Dan White said:
a publicly routeable stateless auto configured address is no less secure than a publicly routeable address assigned by DHCP. Security is, and should be, handled by other means.
The problem is user tracking and privacy.
<cut>
Or phrased differently - if I DCHP my laptop in a Starbuck's, on Comcast, at work, at a hotel, and a few other places, you'll get a whole raft of answers which will be very hard to cross-corrolate. But if all those places did IPv6 autoconfig, the correlation would be easy, because my address would always end in 215:c5ff:fec8:334e - and no other users should have those last 64 bits.
All of the items in the above list are true of DHCP. The only difference is how long that correlation will be taking place. You're likely to keep using the same addresses at each site (unless the DHCP server is configured not to). DHCP servers themselves tend to re-hand out addresses based on seeing the same MAC address. Is it really a secure approach to depend on how often you go mobile? Random address assignment *is* auto configuration (well, a modified form of it). That seems to be much better. -- Dan White BTC Broadband