[systemd-devel] Secret machine-id for RFC 7217 stable addresses

Lubomir Rintel lkundrak at v3.sk
Mon Sep 7 10:49:43 PDT 2015


Hello,

the RFC 7217 specifies an algorithm for generating an IPv6 host address
that stays stable in a particular network but changes when the machine
enters another network to prevent tracking [1]. It works by hashing a
tuple of various parameters one of which is "secret_key" -- a secret
value specific to a particular machine.

[1] https://tools.ietf.org/html/rfc7217#section-5

This sounds a bit like machine-id, unfortunately given it's world
readable and available via DBus (and possibly on a network?) it doesn'tseem to be secret enough.

I'm wondering if it would make sense to reuse some of the tooling?
Would it make sense to extend systemd-machine-id-setup(1) to generate
one more identifier or maybe add another tool to set up the secret id?

Thoughts?

Thanks,
Lubo


More information about the systemd-devel mailing list