[tahoe-dev] [tahoe-lafs] #867: use ipv6

Eugen Leitl eugen at leitl.org
Sat Feb 16 21:05:41 UTC 2013 

On Sat, Feb 16, 2013 at 03:14:54PM +0200, Randall Mason wrote:
> On Fri, Feb 15, 2013 at 9:06 PM, Greg Troxel <gdt at ir.bbn.com> wrote:
> 
> > Also, fe80:: addresses should probably be ignored, as they are meant to
> > be used only on a single link.

Please do not forget http://en.wikipedia.org/wiki/Cjdns and related, which

cjdns addresses are the first 16 bytes (128 bits) of the SHA-512 of the public key. All addresses must begin with the byte 0xFC, which in IPv6 resolution, is a private address (so there is no collision with any external Internet addresses).

> Would you be able to elaborate about this?  Specifically about my use case
> of two hosts on tunnel brokers, but link-local.  I feel it's important, and
> nobody's going to be typing in the furls manually, so who does it benefit
> to have less capability than more?
> 
> Other advantages are that they are not routed, so that they can be more
> "secret" than other addresses.  If you didn't want the world to know that
> you were using Tahoe, preferring more local over more remote addresses
> could be better.
> 
> If you bring up a host, or set of hosts, in an environment without a DHCP
> server, and no IPv6 router, and don't run Avahi/Bonjour the only address
> that you'll come up with is the fe80 address.  With them included, your
> tahoe cluster can be brought up and connected to without any configuration,
> without any infrastructure, it would even work with only a crossover cable.
> 
> If everything is totally mis-configured, and you end up on different
> subnets, with static IPs and a bunch of different network partitions, your
> Tahoe cluster would still work, and surely not route there and back again
> like a Hobbit.  You can have two different radvd instances advertising
> different routers and address spaces on the same network.  Same with DHCP.
> You can easily send your data to Germany, the CIA, and China and be on the
> same link-local network because one DHCP server had your MAC set up to be
> ignored, and the other DHCP server has your friend's MAC set up to be
> ignored.
> 
> There is still the little voice in the back of my head that says "those are
> weired and you hate it when you only have a 169.254.x.x address in v4, why
> would you use the same thing in v6"?  And the idea about them leaking MAC
> addresses doesn't speak well for them being required, but I don't know if I
> want them off by default.  I don't care a whole bunch if the world knows my
> MAC address because I can randomize it when I want and not end up with
> giving up my identity or a paper trail to my house.  If you really want
> privacy then you should already be randomizing all your MAC addresses on
> boot and every day or so.  But I still want people to be able to disable
> this if they really want.  I used Microsoft Word for years after knowing
> that they save my MAC address in EVERY document.

More information about the tahoe-dev mailing list