RFC Errata
RFC 4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", September 2007
Note: This RFC has been obsoleted by RFC 8981
Source of RFC: ipv6 (int)
Errata ID: 4594
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Johanna Ullrich
Date Reported: 2016-01-14
Rejected by: Brian Haberman
Date Rejected: 2016-01-15
Section 3.2 says:
Notes:
The algorithm for interface identifier generation is flawed: An adversary is able to infer a client's history value from a sequence of observed addresses and is able to infer all future interface identifiers of this certain client annihilating the extension's intended purpose of privacy protection.
For a detailed explanation on the algorithm's drawbacks, please see my paper:
https://www.sba-research.org/wp-content/uploads/publications/Ullrich2015Privacy.pdf
--VERIFIER NOTES--
The issue raised goes beyond a fix via the errata system. This should be raised in the appropriate working group within the IETF.