From nobody Tue Jan 27 18:09:58 2026 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f0tjN56q2z6QCTk for ; Tue, 27 Jan 2026 18:10:00 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f0tjN4Qs4z3cWX; Tue, 27 Jan 2026 18:10:00 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769537400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=lyLaKN0bUO0KnjTnLoz6xJR5jMS/vXEMXWGZcoIzQwQ=; b=Zd1oPF/FJjCEJ05RHuAzsrxhZug2CxfxThQ39oyYkHV4AA+PhBQviLHU4AXrH1jy7WImBA vh0yp68JuAipiMDWzHrVWt1yDYprpM5Gkgq5TUNVATAIpnm/69R0/aARAbKqX3mhvx3fx1 y8AgxuIT/23IJoCAakTDDgosck2HgGlyQjm4ZpxfdN++W88Ml5rN6D+eJ6S0xUbYreMOQJ z4pyct3OZpwFzfB+ra/XXscmsoltFftVy+G3Hsc2AqhfrBRMYkzamUEw1dYMKuXCQMrFkE azZUNtzWsDvX2KatVfoLyCajOfXUzWmNQyQuYHBHSoEjrLo8nkLqRvSDajDfbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769537400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=lyLaKN0bUO0KnjTnLoz6xJR5jMS/vXEMXWGZcoIzQwQ=; b=ojEH3zgPjbBfUSCRwTnHLpLEtm+998BrRKIdIRuNP+GAhDEVd+LSTtH1Ruqu5umpaVj3BC BaT245ItyiwYqyg/YrQ3AMzgQ93sHhB1WSnuQUDs9Da45dEESu1pLpR/etyv61vmKUC6Nj RLy4CGGHML4Vt9XQGGZ70+wYIKB48qeaVhv4XYwwU8ojnePCvn1z0p6UEtoHk5NePjTYVv 70Em8EaLrj3kAtaBASGB8ojFAyi3tGBGJ0ujm9XQ9HX2MkXIgObuIewcaIUBNt9/ZIsu6q ejsYDDQEUe80zwoPpyE0tHeZSseNLQK12/J5BwED9cj2dXLfDjgGZi4ohapr8A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769537400; a=rsa-sha256; cv=none; b=ERzxsPXk7qhlM0YUi8zmInUf+y7HHk6bKJTfxkyWGpr4ZxN8Jbs9I5LdmCD5Tp7BabbGMk vHbZlfuVA/Ql4FiOWSdGDo5cEmVAddjCXbYlux82qDmHikr0Ig3QgaU8A9+sekFFwWFq9c wRdc9/dsov+wCNlNl1+W3rduVwfFknw+forNDqyqkDdDO30bLdyR7fhG9NSFpWzQ/iPQ/N RIuyr8vhX3zYjUefl0BScwwyRz4fXirrVrWM9wRT0vfAxuoTUy5ZBUGscKngA8yQwgjyT6 nh3vRMYSek0DQi++CrXwYSGmLyUQyV/2BDO+Cehxmq/pI/1NQuRbKG4g+PIe5Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from [IPV6:2a01:e11:2002:4280:ab9b:8bf1:ec36:413a] (unknown [IPv6:2a01:e11:2002:4280:ab9b:8bf1:ec36:413a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: madpilot/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4f0tjN0qCmzHNN; Tue, 27 Jan 2026 18:09:59 +0000 (UTC) (envelope-from madpilot@FreeBSD.org) Message-ID: <1c328ef9-0efe-4a80-8912-920ee4905e5f@FreeBSD.org> Date: Tue, 27 Jan 2026 19:09:58 +0100 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Guido Falsi Subject: Re: we should enable RFC7217 by default To: Pouria Mousavizadeh Tehrani , freebsd-current@freebsd.org References: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> Content-Language: en-US Autocrypt: addr=madpilot@FreeBSD.org; keydata= xsBNBE+G+l0BCADi/WBQ0aRJfnE7LBPsM0G3m/m3Yx7OPu4iYFvS84xawmRHtCNjWIntsxuX fptkmEo3Rsw816WUrek8dxoUAYdHd+EcpBcnnDzfDH5LW/TZ4gbrFezrHPdRp7wdxi23GN80 qPwHEwXuF0X4Wy5V0OO8B6VT/nA0ADYnBDhXS52HGIJ/GCUjgqJn+phDTdCFLvrSFdmgx4Wl c0W5Z1p5cmDF9l8L/hc959AeyNf7I9dXnjekGM9gVv7UDUYzCifR3U8T0fnfdMmS8NeI9NC+ wuREpRO4lKOkTnj9TtQJRiptlhcHQiAlG1cFqs7EQo57Tqq6cxD1FycZJLuC32bGbgalABEB AAHNIkd1aWRvIEZhbHNpIDxtYWRwaWxvdEBGcmVlQlNELm9yZz7CwHgEEwECACIFAk+G+3MC GwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEBrmhg5Wy9KT2uIIAIrawQ89TnqEhi2C OEQAhx3uqWZuNoS6NyiSgsRCmtSnT2GOgH4Ucbr/I37SkV1B3K6HkoL6lwN8Gjf5KOgLqmTi E1W3RTwS7l8PSvdnjM9i7g351R4mTijtxawB/JcQf/Kge3Yqr1V4g6H+wQXHUStmHThbupuN trzRphvR/e5ekT0FTyVfPmpcbm68i2bwZnKUex/TNIECBykYh8b+SYMLhENf2ayRjCIWS2Ad 7tnTKhMtnS5jtW6qjBy4RoTpQD6oR1xIgkTRlQ49roVCUfdHb+Y/kh+U9G1IcoNy4vkg9IfP dwpSfnP+a8j0AZ1hMnOLZ1fYoQrs+4gVLy8Fs7TOwU0EUxB7QQEQAKFhrDceoPdK/IHDSmoj 6SQYisvM7VdhcleS7E9DoEAVt7yMbf6HbbMVTTY6ckvwTWQssywLBXNVqxgc4WLJjzfUhgef +WE75M3+WFYlOVQLGZY/zEVgma1raYnOHNAOzeHLDmEXjbZP6vGAeDyBbGfQPpE7qGYZ7ube T3XwQO+PklcCrvOPj2ZPcAxGNS2xVU/LzONqCrJqLMJSIcCdsbiSP4G5PnDFHtMokaTY6OEr 8OEQfOAerhcHUa/z7Uu8YtmaqKH+QGkE/WEgaRqSiTnv0JOTD+DxehaqvoKPPZ++2NpCZMHB 2i6A/xifmQwEiIjEXtcueBRzkNUQkxhqZyS13SrhocL9ydtaVPBzZatAEjUDDEJmAMLVFs45 qfyhMiNapHJo2n3MW/E5omqCvEkDdWX/en3P7CK2TemeaDghMsgkNKax/z0wNo5UZCkOPOz0 xpNiUilOVbkuezZZNg65741qee2lfXhQIaZ66yT7hphc/N/z3PIAtLeze4u1VR2EXAuZ2sWA dlKCNTlJMsaU/x70BV11Wd/ypnVzM68dfdQIIAj1iMFAD/lXGlEUmKXg5Ov2VQDlTntQoanC YrAg+8CttPzjrydgLZFq3hrtQmfc0se5yv1WHS69+BsUOG09RvvawUDZxUjW19kyeN9THaNR gow3kSuArUp6zSmJABEBAAHCwF8EGAEIAAkFAlMQe0ECGwwACgkQGuaGDlbL0pMN5wgA4bCk X/qwEVC06ToeR6C2putmSWQMgpDaqrv65Hubo+QGmg2P4ewTYQQ4g6oYWS03qHxqVVWhKz7F jfrV+dH8qbCLfSgIcvdBha7ayGZVrsiuMLKGbw36fcmkZPpSDOfHcP0XH8Z+u9CWj0xUkTxA lZ/7i6gYSUpG2JWNtdmE/X8VVEyXusCLwy0K0BI60A/4dRTIX3C4QKrJ3ZbUXegz70ynjHf+ lQMZ9IZKASoRMuS5FozPQh6abvmwZEPdf5I9riUElzvHrqJ8Bx0t3Pujdoth+yNHpnBxrtO8 LkQdrQ58P0SwcaIX33T2U9pG8bhu5YVR88FQ8OQ0cEsPBpDncg== In-Reply-To: <9cda2fbc-b8fb-44d1-8c1f-88395d741af7@FreeBSD.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit On 1/27/26 01:05, Pouria Mousavizadeh Tehrani wrote: > Hi everyone, Hi! > > With `net.inet6.ip6.use_stableaddr` now available, I believe we should > enable it by default in CURRENT at least. > As you may already know, we currently use the EUI64 method for > generating stable IPv6 addresses, which has serious privacy issues. > > IMHO, trying to maintain backward compatibility defeats the purpose of a > privacy RFC. > > To be clear, we don't want to change the ip addresses of existing > servers. However, it's reasonable for users to expect changes during a > major upgrade (15 -> 16), a fresh install of a new major release, or > living on CURRENT. > So, for obvious reasons, changing the default value would not be MFCed. > > What do you think? > I'm happy my contribution spurred this kind of interest. I would like to enable it by default on head, but I'd rather have a good consensus on this before actually doing it. it has already been noted that this shouldn't be a big problem for servers, which usually get manually assigned addresses for various reasons, so I would not worry much about that scenario. So I'm obviously in favor of this proposal. BTW I'm also proposing MFCing this to stable/15 [1]. But the feature would remain off by default there. If any source committer would feel like approving me committing this MFC it would really be appreciated. (I don't have a src commit bit, and, as far as I understand our rules, I need explicit approval to commit any change there) [1] https://reviews.freebsd.org/D54382 -- Guido Falsi