<div dir="ltr"><div dir="ltr"><div>The idea behind that paper is essentially that if one device on your network uses an EUI-64 address, you can defeat prefix rotation. If you have a probe that's listed as public it's mostly moot, since one could just look up your probe ID from the IPv6 it has - there is an API endpoint to list all probes - and use that as a persistent reference.</div><div><br></div><div>That being said, switching to using
Semantically Opaque Interface Identifiers should prevent what the paper describes, while still keeping the addresses of the probes relatively consistent, which someone might rely on. (Unlike regular privacy extensions, it would not rotate over time, but rather only if the prefix changes)<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 3, 2022 at 2:48 AM Alexander Burke via ripe-atlas <<a href="mailto:ripe-atlas@ripe.net">ripe-atlas@ripe.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="en">
<div style="font-family:sans-serif"> <span dir="ltr" style="margin-top:0px;margin-bottom:0px">Hello all,</span>
<br>
<br> <span dir="ltr" style="margin-top:0px;margin-bottom:0px">I couldn't help but notice that my Atlas probe is using an EUI-64 IPv6 address.</span>
<br>
<br> <span dir="ltr" style="margin-top:0px;margin-bottom:0px">It has come to light that the presence of even one device using an EUI-64 address on a network has a negative effect on privacy for the whole network:</span>
<br>
<br> <span dir="ltr" style="margin-top:0px;margin-bottom:0px"><a href="https://arxiv.org/abs/2203.08946" target="_blank">https://arxiv.org/abs/2203.08946</a></span>
<br>
<br> <span dir="ltr" style="margin-top:0px;margin-bottom:0px">Thoughts?</span>
<br>
<br> <span dir="ltr" style="margin-top:0px;margin-bottom:0px">Cheers and thanks in advance,</span>
<br> <span dir="ltr" style="margin-top:0px;margin-bottom:0px">Alex</span>
<br>
</div>
</div>
-- <br>
ripe-atlas mailing list<br>
<a href="mailto:ripe-atlas@ripe.net" target="_blank">ripe-atlas@ripe.net</a><br>
<a href="https://mailman.ripe.net/" rel="noreferrer" target="_blank">https://mailman.ripe.net/</a><br>
</blockquote></div></div>