First, I don't believe in arguments such as "this is not worse than what
we did in the past" when it comes to security and privacy. We should be
on a path to improvement, not a soft descent into complacency. Second,
having a unique 64 bit identifier in the addresses is actually worse
than the current situation in either IPv4 or IPv6.
The current IPv6 practice is to have the 64 bit identifier be either an IEEE 802 identifier (default) or a random number (temporary addresses, SEND). When a host is multi-homed through several interfaces, the different identifiers are used on different interfaces. When a host configures addresses from multiple prefixes on the same interface, the 802 identifier will often be the same, but the random identifiers will be different. The current ND spec allows for using the same identifier with different prefixes, but it certainly does not mandate it.
Right. I believe "does not mandate same interface identifier" part should be our guideline in multi6 too.
(I think we heard an argument here a while back that while privacy is good to have, it should not be mandatory and managers should be able to choose whether they use the same or different interface identifier. But on the other hand, if we choose a multi6 mechanism that mandates the same interface ID to be used, then that choice is taken away from the managers: they can either give up multihoming or privacy.)