Re: we should enable RFC7217 by default
- In reply to: Pouria Mousavizadeh Tehrani : "we should enable RFC7217 by default"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 28 Jan 2026 11:56:02 UTC
Van: Pouria Mousavizadeh Tehrani <pouria@FreeBSD.org> Datum: dinsdag, 27 januari 2026 01:05 Aan: freebsd-current@freebsd.org CC: madpilot@freebsd.org Onderwerp: we should enable RFC7217 by default > > Hi everyone, > > With `net.inet6.ip6.use_stableaddr` now available, I believe we should enable it by default in CURRENT at least. > As you may already know, we currently use the EUI64 method for generating stable IPv6 addresses, which has serious privacy issues. > > IMHO, trying to maintain backward compatibility defeats the purpose of a privacy RFC. > > To be clear, we don't want to change the ip addresses of existing servers. However, it's reasonable for users to expect changes during a major upgrade (15 -> 16), a fresh install of a new major release, or living on CURRENT. > So, for obvious reasons, changing the default value would not be MFCed. > > What do you think? > > -- > Pouria > > > > Hi, Totally agree with your proposal. I had a similar change to if_epair in 15.0. https://cgit.freebsd.org/src/commit?id=3a2d4a1017e57f19f5a101da15acbdd861d353ae The sysctl was merged to 14, but the default was kept 0 on that branch. In 16 you can document the change in UPDATING Commit it with "Relnotes: yes" so the change of the default also ends up in the release notes when 16.0 is released. IMHO that is all the effort we can do. And as said earlier by somebody else, if an admin really needs a fixed IPv6 address the user would have configured it differently already or would do proper production testing after a major upgrade. So I think we should not make flipping the default harder than it has to be: UPDATING, Relnotes and maybe an heads-up mail on current. Regards, Ronald.