What is the rationale for using IPv6 Privacy Extensions for link-local (fe80::/64) addresses?

Some operating systems, such as Windows 7 have IPv6 Privacy Extensions enabled by default, which may prove beneficial especially on laptops and mobile devices that are often roaming so as to prevent traceability.

This makes sense for global addresses. However, on some systems Privacy Extensions extend also to link-local address. Since IPv6 packets with link-local destination address cannot leave the link (some pathological implementations left aside) and since all the devices on the same link can see the source MAC address of an incoming Ethernet frame anyway, I see no reason why link-local addresses should not be generated from a MAC address.

For physical NICs, MAC addresses are way more convenient since they are practically guaranteed to be unique so one does not have to deal with issues that RFC 4941 envisions, such as seeding the RNG when there is no persistent storage.

Is there any other reason other than being consistent and using just one mode of address autoconfiguration?

Solution 1:

The only connotation I can think of where this would be useful would be in L2 subnets where clients talk to well-known servers but are otherwise not supposed to directly communicate. In this case the various clients wouldn't be able to track on one another based on previously observed hardware addresses. At best it's pretty much a corner case, though, as there are better external solutions to accomplish that kind of separation (i.e. PVLAN).

Your theory about commonality of address modes seems like the most likely.

Solution 2:

You are completely correct. Combining Link-Local addresses with privacy extensions has no benefit at all.