Re: we should enable RFC7217 by default
- In reply to: Patrick M. Hausen: "Re: we should enable RFC7217 by default"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 Jan 2026 21:10:13 UTC
W dniu 27.01.2026 o 21:55, Patrick M. Hausen pisze: > HI all, > > Am 27.01.2026 um 21:46 schrieb Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>: > >> To narrow the impact, I suggest switching to the MAC address as the default key source instead of the interface name. > If I read the relevant RFC correctly the main argument for stable addresses in contrast to > traditional EUI-64 is the narrowing of the search space in sweep scan attacks. > Because the OUIs which make up half of the order of magnitude are well known. > > Isn't that the case, too, if we start with the MAC address and the hash algorithm > by which the final address is generated is public? > > Kind regards, > Patrick > As far as I know, this is not possible with current computing platforms, and it would probably require prolonged observation of the same host across different subnets. On the other hand, we still have EUI-64–based link-local addresses. Although they are not exposed to the Internet, they remain a concern. -- Marek Zarychta