Re: we should enable RFC7217 by default

In reply to: Patrick M. Hausen: "Re: we should enable RFC7217 by default"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Patrick M. Hausen <pmh_at_hausen.com>
Date: Tue, 27 Jan 2026 21:08:14 UTC

Hi!

> Am 27.01.2026 um 21:55 schrieb Patrick M. Hausen <pmh@hausen.com>:
> 
> HI all,
> 
> Am 27.01.2026 um 21:46 schrieb Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>:
> 
>> To narrow the impact, I suggest switching to the MAC address as the default key source instead of the interface name.
> 
> If I read the relevant RFC correctly the main argument for stable addresses in contrast to
> traditional EUI-64 is the narrowing of the search space in sweep scan attacks.
> Because the OUIs which make up half of the order of magnitude are well known.
> 
> Isn't that the case, too, if we start with the MAC address and the hash algorithm
> by which the final address is generated is public?

I was probably jumping to conclusions to quickly - interface names are also quite
predictable. So what kind of "real entropy" is intended to bring into the hash?
Host UUID probably?

Kind regards,
Patrick