RFC7217 (stable privacy addresses) implementation in Ubuntu 16.10

I'm the author of IETF RFC7217, and I'm trying to figure out whether Ubuntu 16.10 implement support for RFC7217.

It seems that there is no support in the version of NetworkManager Ubuntu is using, or such support is disabled.

Can you confirm this?

Besides, are there any plans to change the default IPv6 address generation algorithm from the Modified EUI-64 format (that embeds MAC addresses) to the privacy-enhanced RFC7217 scheme?


I could be missing something but I don't see anything in the changelog that indicates to me that the RFC7217 support integrated into the network-manager for Xenial has been removed in Yakkety.

On 16.04 I get.

sudo sysctl -a | grep stable_secret
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.eth0.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"

On 16.10 I get:

sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.enp0s3.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"

since the only difference I see here is a change in the naming for the NIC and furthermore there doesn't appear to be any change at /proc/sys/net/ipv6/conf/all/stable_secret I think it's logical to say Ubuntu 16.10 still implements support for RFC7217. While this is unset by default according to the kernel documentation

stable_secret - IPv6 address
    This IPv6 address will be used as a secret to generate IPv6
    addresses for link-local addresses and autoconfigured
    ones. All addresses generated after setting this secret will
    be stable privacy ones by default. This can be changed via the
    addrgenmode ip-link. conf/default/stable_secret is used as the
    secret for the namespace, the interface specific ones can
    overwrite that. Writes to conf/all/stable_secret are refused.

    It is recommended to generate this secret during installation
    of a system and keep it stable after that.

Further research indicates that since the release NetworkManager 1.0.4. the privacy extensions are turned on by default and you can control them with ipv6.ip6-privacy property.

You can confirm that the version of your installed network-manager meets or exceeds that with the command dpkg -l network-manager

If anyone has found information to the contrary, drop me a comment as I'd be interested in seeing it!

Sources:

https://unix.stackexchange.com/questions/251401/cannot-read-key-net-ipv6-conf-all-stable-secret-in-sysctl/255955#255955

https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

https://blogs.gnome.org/lkundrak/2015/12/03/networkmanager-and-privacy-in-the-ipv6-internet/

http://changelogs.ubuntu.com/changelogs/pool/main/n/network-manager/network-manager_1.2.6-0ubuntu1/changelog