[systemd-devel] Secret machine-id for RFC 7217 stable addresses
Lubomir Rintel
lkundrak at v3.sk
Mon Sep 7 10:49:43 PDT 2015
Hello,
the RFC 7217 specifies an algorithm for generating an IPv6 host address
that stays stable in a particular network but changes when the machine
enters another network to prevent tracking [1]. It works by hashing a
tuple of various parameters one of which is "secret_key" -- a secret
value specific to a particular machine.
[1] https://tools.ietf.org/html/rfc7217#section-5
This sounds a bit like machine-id, unfortunately given it's world
readable and available via DBus (and possibly on a network?) it doesn'tseem to be secret enough.
I'm wondering if it would make sense to reuse some of the tooling?
Would it make sense to extend systemd-machine-id-setup(1) to generate
one more identifier or maybe add another tool to set up the secret id?
Thoughts?
Thanks,
Lubo
More information about the systemd-devel
mailing list