IPv6 temporary addresses with random interface IDs

RFC 4941 addresses a potential security concern that can occur when you are using stateless address autoconfiguration. You can use IPv6 temporary addresses with random interface IDs to mitigate this security issue.

An autoconfigured address contains an embedded static interface identifier. The static interface ID makes it possible to correlate independent transactions to and from the system using the adapter, even if the overall IPv6 address changes.

RFC 4941, Privacy Extensions for Stateless Address Autoconfiguration in IPv6, defines a mechanism to generate a random interface ID that changes over time. Temporary autoconfigured addresses are then generated from the random interface ID. A short-lived client application can use temporary addresses with changing embedded interface IDs to make it more difficult to correlate activity.

A history value is used as part of the algorithm that generates the random interface ID. The first time that an interface is started, a random number generator generates the history value. If cryptographic hardware is available, then the Integrated Cryptographic Service Facility (ICSF) callable service CSNBRNG is used to generate the history value. If cryptographic hardware is not available, then a software random number generator generates the history value. Message number EZD0043I indicates the source of the history value. See z/OS Cryptographic Services ICSF Application Programmer's Guide for more information about the CSNBRNG callable service.