Re: we should enable RFC7217 by default
- Reply: Marek Zarychta : "Re: we should enable RFC7217 by default"
- In reply to: Pouria Mousavizadeh Tehrani : "we should enable RFC7217 by default"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 28 Jan 2026 10:00:42 UTC
On Tue, Jan 27, 2026 at 03:35:16AM +0330, Pouria Mousavizadeh Tehrani wrote: > Hi everyone, > > With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable > it by default in CURRENT at least. > As you may already know, we currently use the EUI64 method for generating > stable IPv6 addresses, which has serious privacy issues. > > IMHO, trying to maintain backward compatibility defeats the purpose of a > privacy RFC. > > To be clear, we don't want to change the ip addresses of existing servers. > However, it's reasonable for users to expect changes during a major upgrade > (15 -> 16), a fresh install of a new major release, or living on CURRENT. > So, for obvious reasons, changing the default value would not be MFCed. > > What do you think? I wonder if we should ship an update to 15 (landing in 15.1) explicitly adding net.inet6.ip6.use_stableaddr=1 and a suitable comment to /etc/sysctl.conf so people who later upgrade to 16 aren't painfully surprised when their server disappears. New installs of 16 would get the new default, but upgrades would keep the old default. The downside would be that people who have edited sysctl.conf would have a merge conflict to resolve, but that's a fairly normal thing. -- Brooks