Re: [dhcwg] Order of options for DHCP Anonymity profile

Sten Carlsen <> Tue, 01 September 2015 07:08 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5A5911B7BD7 for <>; Tue, 1 Sep 2015 00:08:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.59
X-Spam-Status: No, score=-1.59 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DK=1.009, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Sb_DLTIQbqmX for <>; Tue, 1 Sep 2015 00:08:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C93931B4D92 for <>; Tue, 1 Sep 2015 00:08:35 -0700 (PDT)
Received: from (unknown []) by (Postfix) with ESMTP id C96B9BFBC9 for <>; Tue, 1 Sep 2015 09:08:34 +0200 (CEST)
Received: from (unknown [IPv6:2001:16d8:dd00:81ac:aa66:7fff:fe0b:47ba]) by (Postfix) with ESMTPA id 61BCC1C08A for <>; Tue, 1 Sep 2015 09:08:31 +0200 (CEST)
References: <> <> <> <> <>
From: Sten Carlsen <>
Message-ID: <>
Date: Tue, 01 Sep 2015 09:08:31 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------080406090005050402090105"
Archived-At: <>
Subject: Re: [dhcwg] Order of options for DHCP Anonymity profile
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Sep 2015 07:08:39 -0000

On 01/09/15 03:32, Christian Huitema wrote:
> On Monday, August 31, 2015 11:57 AM, Tomek Mrugalski wrote:
>> ...
>> On 31.08.2015 16:20, Bernie Volz (volz) wrote:
>>> Ordering by option number seems a fine (and simpler) approach. The
>>> differences in options requested might still make fingerprinting
>>> possible (especially for clients that ask for more unusual options).
>> By sending options ordered you would disclose the desire for anonymity.
>> It is obvious from the first packet intercepted.
> We have four goals:
>  * don't break stuff, don't do something that will cause interop issues.
>  * hide the identity of the device and the user. I think we achieve that.
>  * escape software fingerprinting, avoid identifying the platform being used.
>  * hide the fact that we are using randomization
I think the first two goals are achievable, I doubt the last two are. We
probably do the best possible with reasonable effort, maybe hiding as
one in the crowd is just as effective.
> The draft currently does well on the first two goals -- we don't disclose identifiers beyond the MAC address, and we tested interop with a variety of servers.
> The draft does an OK job at avoiding fingerprinting, if implementers just require the minimum set of options. The server may be able to find that the client is seeking anonymity, but it will have a hard time finding the client's platform.
> The draft does poorly at hiding the desire for randomization, because there are some marked differences with "normal" operations, e.g., not including the host name or the vendor options. The problem there is that in order to really hide, the client would have to lie. It would have for example to manufacture a random host name that looks like something users could have set. It would have to add some vendor options. It would have to present the parameters in pretty much the same way as a "normal" implementation. 
> But then, lying can very well have interop consequences, and inventing options can very well facilitate fingerprinting.
>> Sten said that the randomization function might be recognizable. That's
>> technically true, but for all reasonably good randomizations it would require
>> gathering large number of packets before you could draw any statistically
>> significant conclusions.
> As Bernie and Sten commented, in practice you can only do that if you use crypto-grade randomization. If you just call RAND(), then you are recognized in a single packet. But by using that type of randomization, you also signal that you are trying to hide, since your order is very different from what Windows or Android or IOS do.
>> Christian said that the order of options comes from how the software processes
>> the packet. I understand that. But I think the conclusion coming out of it is
>> somewhat weak. You say that it's doable to order options by option code but it's
>> too much effort to randomly reshuffle them? In both cases that would likely be
>> a step conducted at the final steps of packet processing, shortly before sending it
>> over the wire.
> Ordering the ORO/PRL codes is trivial. In our implementation, that's just a constant list.
> Ordering the actual options is harder. The code has logic like "encode the options common to all message types, then encode the options requested for this specific message."
>> I still think that randomizing the order of both options and option codes in
>> PRL/ORO is the way to go. If you strongly object to that, perhaps the text could
>> say that the client SHOULD randomize, but if it's not possible for whatever
>> reason, it MAY send options/option codes ordered by option number.
> I could live with that if that enables consensus.
> -- Christian Huitema
> _______________________________________________
> dhcwg mailing list

Best regards

Sten Carlsen

No improvements come from shouting: