Re: we should enable RFC7217 by default

On 1/27/26 01:05, Pouria Mousavizadeh Tehrani wrote:
> Hi everyone,

Hi!

> 
> With `net.inet6.ip6.use_stableaddr` now available, I believe we should 
> enable it by default in CURRENT at least.
> As you may already know, we currently use the EUI64 method for 
> generating stable IPv6 addresses, which has serious privacy issues.
> 
> IMHO, trying to maintain backward compatibility defeats the purpose of a 
> privacy RFC.
> 
> To be clear, we don't want to change the ip addresses of existing 
> servers. However, it's reasonable for users to expect changes during a 
> major upgrade (15 -> 16), a fresh install of a new major release, or 
> living on CURRENT.
> So, for obvious reasons, changing the default value would not be MFCed.
> 
> What do you think?
> 

I'm happy my contribution spurred this kind of interest.

I would like to enable it by default on head, but I'd rather have a good 
consensus on this before actually doing it.

it has already been noted that this shouldn't be a big problem for 
servers, which usually get manually assigned addresses for various 
reasons, so I would not worry much about that scenario.

So I'm obviously in favor of this proposal.

BTW I'm also proposing MFCing this to stable/15 [1]. But the feature 
would remain off by default there. If any source committer would feel 
like approving me committing this MFC it would really be appreciated.

(I don't have a src commit bit, and, as far as I understand our rules, I 
need explicit approval to commit any change there)


[1] https://reviews.freebsd.org/D54382

-- 
Guido Falsi <madpilot@FreeBSD.org>