9. Security Considerations

This document has no direct impact on Internet infrastructure security.

Note that most source address selection algorithms, including the one specified in this document, expose a potential privacy concern. An unfriendly node can infer correlations among a target node's addresses by probing the target node with request packets that force the target host to choose its source address for the reply packets (perhaps because the request packets are sent to an anycast or multicast address or perhaps because the upper-layer protocol chosen for the attack does not specify a particular source address for its reply packets). By using different addresses for itself, the unfriendly node can cause the target node to expose the target's own addresses. The source address selection default preference for temporary addresses helps mitigate this concern.

Similarly, most source and destination address selection algorithms, including the one specified in this document, influence the choice of network path taken (as do routing algorithms that are orthogonal to, but used together with, such algorithms) and hence whether data might be sent over a path or network that might be more or less trusted than other paths or networks. Administrators should consider the security impact of the rows they configure in the prefix policy table, just as they should consider the security impact of the interface metrics used in the routing algorithms.

In addition, some address selection rules might be administratively configurable. Care must be taken to make sure that all administrative options are secured against illicit modification, or else an attacker could redirect and/or block traffic.