[LACNIC/Seguridad] Fwd: Re: macos Sierra with CGA address?

Fernando Gont fgont en si6networks.com
Mie Dic 14 21:30:10 BRST 2016


Estimados,

Alguno con MacOS Sierra puede cmprobar que:

Can anyone verify that:

1) As you disconnect and subsequently reconnect to the same network, the
IPv6 address is formed with the same IID?

2) When multiple IPv6 prefixes are advertised on the same network, each
resulting address (for each different prefix) employs a different IID?

3) If multiple interfaces (NICs) are connected to the same subnet, each
obtains a different address, plus "1)" and "2)" above are true?



P.S.: Parece que los muchachos de la manzanita habilitaron send como
implementacion heavyweight the RFC7217... :-(

Slds, y gracias!
Fernando




-------- Forwarded Message --------
To: Tim Chown <Tim.Chown en jisc.ac.uk>, Jeroen Massar <jeroen en massar.ch>
References: <f46f5f7b-70ba-35b6-06b6-b75f03dee460 en hznet.de>
<e9ecb763-2e58-258b-6e3b-4e66b1bda629 en massar.ch>
<2BAEFBF2-A68E-48E5-9D44-79EB64F2ACCA en jisc.ac.uk>
Cc: ipv6-ops en lists.cluenet.de <ipv6-ops en lists.cluenet.de>
From: Fernando Gont <fernando en gont.com.ar>
Message-ID: <12b61a26-4097-68b6-4e0c-55a626ddde8b en gont.com.ar>
Date: Wed, 14 Dec 2016 19:42:07 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <2BAEFBF2-A68E-48E5-9D44-79EB64F2ACCA en jisc.ac.uk>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

On 12/14/2016 08:31 AM, Tim Chown wrote:
> Hi,
> 
>> On 14 Dec 2016, at 11:08, Jeroen Massar <jeroen en massar.ch> wrote:
>>
>> On 2016-12-14 11:55, Holger Zuleger wrote:
>>> Hi,
>>>
>>> I just realized that the permanent interface identifier of my MAC has
>>> changed after upgrading to OS 10.12 (I guess).
>>>
>>> The output of ifconfig shows a new "secured" flag at the permanent address.
>>> $ ifconfig en0 | grep inet6 | \
>>>>      sed "s/2[^:]*:[^:]*:[^:]*:[^:]*:/<prfx48>:/"
>>> inet6 fe80::c54:6333:ac12:c67b%en0 prefixlen 64 secured scopeid 0x4
>>> inet6 <prfx48>:20e3:84f6:6794:5ace prefixlen 64 autoconf secured
>>> inet6 <prfx48>:8822:a8a3:b6ec:a79b prefixlen 64 autoconf temporary
>>>
>>> I found two or three posts in the internet, all mentioning (or hoping)
>>> that this is related to a change to RFC7217 as default IID mechanism.
>>>
>>> But one guy sad, that the source code (of 10.11) shows, that this is a
>>> cryptographic generated interface identifier for SeND (RFC3971).
>>>
>>> I tend to believe that the latter is true.
>>
>> Seeing how Apple implemented things like "Happy Eyeballs" it likely is
>> neither. And in the case of "Happy Eyeballs" there is no way to turn it
>> off either. Filing radar bugs clearly does not help as they never get
>> addressed or marked as 'dupe' at which point you do not know the status
>> of the 'original' problem and well, nothing happens...
> 
> Interesting - I’d also assumed the new form of address was RFC 7217 support. I don’t think any other common OS implements SeND, does it?

Can anyone verify that:

1) As you disconnect and subsequently reconnect to the same network, the
address is formed with the same IID?

2) When multiple prefixes ad advertised on the same network, each
resulting address (for each different prefix) employs a different IID?

3) If multiple interfaces (NICs) are connected to the same subnet, each
obtains a different address, plus "1)" and "2)" above are true?

Thanks!

Cheers,
-- 
Fernando Gont
e-mail: fernando en gont.com.ar || fgont en si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1






Más información sobre la lista de distribución Seguridad