we should enable RFC7217 by default

Reply: Olivier_Cochard-Labbé : "Re: we should enable RFC7217 by default"
Reply: Guido Falsi : "Re: we should enable RFC7217 by default"
Reply: Shawn Webb : "Re: we should enable RFC7217 by default"
Reply: Brooks Davis : "Re: we should enable RFC7217 by default"
Reply: Ronald Klop : "Re: we should enable RFC7217 by default"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Pouria Mousavizadeh Tehrani <pouria_at_FreeBSD.org>
Date: Tue, 27 Jan 2026 00:05:16 UTC

Hi everyone,

With `net.inet6.ip6.use_stableaddr` now available, I believe we should 
enable it by default in CURRENT at least.
As you may already know, we currently use the EUI64 method for 
generating stable IPv6 addresses, which has serious privacy issues.

IMHO, trying to maintain backward compatibility defeats the purpose of a 
privacy RFC.

To be clear, we don't want to change the ip addresses of existing 
servers. However, it's reasonable for users to expect changes during a 
major upgrade (15 -> 16), a fresh install of a new major release, or 
living on CURRENT.
So, for obvious reasons, changing the default value would not be MFCed.

What do you think?

-- 
Pouria