Re: we should enable RFC7217 by default

Reply: Patrick M. Hausen: "Re: we should enable RFC7217 by default"
Reply: Marek Zarychta : "Re: we should enable RFC7217 by default"
Reply: Guido Falsi : "Re: we should enable RFC7217 by default"
In reply to: Marek Zarychta : "Re: we should enable RFC7217 by default"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Patrick M. Hausen <pmh_at_hausen.com>
Date: Tue, 27 Jan 2026 20:55:07 UTC

HI all,

Am 27.01.2026 um 21:46 schrieb Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>:

> To narrow the impact, I suggest switching to the MAC address as the default key source instead of the interface name.

If I read the relevant RFC correctly the main argument for stable addresses in contrast to
traditional EUI-64 is the narrowing of the search space in sweep scan attacks.
Because the OUIs which make up half of the order of magnitude are well known.

Isn't that the case, too, if we start with the MAC address and the hash algorithm
by which the final address is generated is public?

Kind regards,
Patrick