On 7/17/07, Simetrical <Simetrical+wikilist(a)gmail.com> wrote: AOL is pretty much the tiny minority there; most ISPs baldly present the outside world either a DHCPed or static IP for the customer. IPv6 will likely be similar; anyone not doing NAT or proxys right now probably won't start doing it later. And, unlike IPv4, the IPv6 addresses (if not NATed) will show us the MAC on the system involved... This doesn't help ID the person (MAC tells you manufacturer, and sometimes model, but that's all). But it does help for blocking... We'll have to maintain our existing mechanisms for AOL and other special cases, and anyone still using IPv4. But it would behoove us to look to the future a bit and plan for taking advantage of it, if possible 8-) -- -george william herbert george.herbert(a)gmail.com

Thomas Dalton wrote: However, see RFC 3041, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". If this is widely adopted, it will render MAC address blocking pointless. -- Neil

Platonides wrote: I'm not sure there's anything in the IPv6 specs to mandate the use of MAC addresses for assigning host parts: it's just one easy way to do it in a stateless way, but since it would expose the make and exact serial number of your network adapter (which is most likely built into your motherboard, these days), it's also a giant privacy hole. I think ISPs are much more likely to allocate the host part of IPv6 addresses either dynamically (and to keep logs), or to allocate a single static IPv6 address per account. Presumably, for a customer who wants to expose multiple IPv6 addresses, they would do something like allocate a /64 to each user, and let them pick their own host parts, perhaps using DHCPv6, which would then necessarily have anything to do with the actual MAC address of the hosts' own network adapters. -- Neil