RFC 4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6", September 2007
Note: This RFC has been obsoleted by RFC 8981Source of RFC: ipv6 (int)
Errata ID: 4594
Publication Format(s) : TEXT
Reported By: Johanna Ullrich
Date Reported: 2016-01-14
Rejected by: Brian Haberman
Date Rejected: 2016-01-15
Section 3.2 says:
The algorithm for interface identifier generation is flawed: An adversary is able to infer a client's history value from a sequence of observed addresses and is able to infer all future interface identifiers of this certain client annihilating the extension's intended purpose of privacy protection.
For a detailed explanation on the algorithm's drawbacks, please see my paper:
The issue raised goes beyond a fix via the errata system. This should be raised in the appropriate working group within the IETF.