autoconf temporary ipv6 address
My mac machine has been assigned two public ipv6 addresses with same prefix. One is autoconf temporary and the other is autoconf secured. I know about secured one but what is the purpose of autoconf temporary address?
Thanks
Solution 1:
Short answer: because the "secured" address is not secure enough (or, more accurately, doesn't protect your privacy well enough). Specifically, it's still a long-term identifier for your computer until/unless you move it to a different network.
Long answer: When a host is configured via SLAAC, that provides a 64-bit prefix for the host's public IPv6 address(es); the host then has three main ways to choose suffix(es) to use in its public address(es):
-
It can derive its suffix from the interface's hardware (MAC) address using the modified EUI-64 format. Problem: any host you communicate with can trivially figure out your hardware address, which gives some info about your computer's manufacturer and maybe type. It also allows them to uniquely identify your computer not only over time but also as it moves around the Internet, since when you move to a different net the prefix will change, but your suffix will stay the same.
-
It can use a cryptographically generated ("secured") suffix. This does not leak information about your hardware, and will be different for each different network you use (removing your trackability between locations/networks), but still allows your computer to be uniquely identified within each of the networks it uses.
-
It can use a sequence of temporary addresses. Like secure addresses, these hide your hardware information and avoid trackability between locations, and also limits your identifiability while you're on a particular network.
For example, if a website gets hit from several different addresses from the same network on Monday, and then again on Tuesday, it can't tell (at least by the addresses) if it's the same or different computers on Monday vs. Tuesday, and if it's the same ones it can't tell which of Monday's client IPs corresponds to which of Tuesday's client IPs.
Note: I've listed these address types by security (/privacy) level, not chronologically. Apple started using temporary addresses in v10.7 (Mac OS X Lion), and cryptographically generated addresses replaced modified-EUI-64 in v10.12 (macOS Sierra).
Currently, macOS uses both cryptographically generated and temporary addresses, but prefers the temporary address for outgoing connections.