Linux violates RFC 8064 and has privacy concerns

PG currently recommends several Linux distributions.
However, the Linux kernel generates IPv6 addresses from MAC addresses by default and publishes MAC addresses to the Internet.
This is in violation of RFC 8064.
Many Linux distributions have also failed to correct this Linux kernel issue, leaving it in a privacy problematic state.

I do not believe that Linux distributions should be removed from the recommendation. But I think a warning needs to be added.

Distros should enable privacy addresses by default, eg:

Linux has additionally supported rfc4941bis since 5.8: ipv6: Implement draft-ietf-6man-rfc4941bis · torvalds/linux@969c546 · GitHub

Related, GrapheneOS and DivestOS are the only ones that actually ensure rfc4941bis across supported devices.

1 Like

It should not be enabled by default; you will need to enable it manually from sysctl.