Re: [dhcwg] Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt
"Bernie Volz (volz)" <volz@cisco.com> Wed, 27 May 2015 20:16 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 243321A92BA for <dhcwg@ietfa.amsl.com>; Wed, 27 May 2015 13:16:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id waByl3lNVRmQ for <dhcwg@ietfa.amsl.com>; Wed, 27 May 2015 13:16:01 -0700 (PDT)
Received: from alln-iport-4.cisco.com (alln-iport-4.cisco.com [173.37.142.91]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EBF31A92B4 for <dhcwg@ietf.org>; Wed, 27 May 2015 13:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1927; q=dns/txt; s=iport; t=1432757761; x=1433967361; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=LVXpgKcNepegiQz1yJUa7gyTp5FT+XLNym5WiAlLB8c=; b=iU0FzdHTDH+JAY4toHC7r2thKxNzKbS3rxDJikaWT68cnPL0CsaW4P5H DdCXejfooZC94z3iVGI4CvjSlOhlHqjEiDzEpWjO2Xu8xtIu8WsGiERlT PDunhMEu8+5EJAQdgTVHmwjNw1qhZVrUvg2M49WQOwQ173j0IaffbrY2p Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AcBAArJWZV/51dJa1cgxBUXgbBXgmBTwqFdwKBQzgUAQEBAQEBAYEKhCIBAQEEAQEBNzQXBAIBCBEEAQELFAkHJwsUCQgBAQQBEgiIJQ3SMQEBAQEBAQEBAQEBAQEBAQEBAQEBARMEijiBAoQ6GjgGgxGBFgEEi1WHM4w4hnCPFiOCCR2BUm+BRoEBAQEB
X-IronPort-AV: E=Sophos;i="5.13,507,1427760000"; d="scan'208";a="153960437"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by alln-iport-4.cisco.com with ESMTP; 27 May 2015 20:16:00 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t4RKG0cO023121 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 27 May 2015 20:16:00 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.169]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.03.0195.001; Wed, 27 May 2015 15:16:00 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: Christian Huitema <huitema@microsoft.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt
Thread-Index: AdCUwEYiujGdpbl8S6K9GK5kpiyG3gD+PbZw
Date: Wed, 27 May 2015 20:15:59 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1CAF492F@xmb-rcd-x04.cisco.com>
References: <DM2PR0301MB065599852DBFADF0C2882D9AA8C00@DM2PR0301MB0655.namprd03.prod.outlook.com>
In-Reply-To: <DM2PR0301MB065599852DBFADF0C2882D9AA8C00@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.131.40.233]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/0skBax9pYZikA5k-AMbc12pBJXU>
Subject: Re: [dhcwg] Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 20:16:03 -0000
Christian: I think the reason for this was that this assumed that the mac address was also a 'privacy' address. But you are correct that this may not be as wise an idea because this could potentially publish this mac-address in the global DNS. I wonder whether just leaving out the host name option would be best. If a server wanted to assign a name, it could always generate it itself using some technique (such as an ASCII form of the assigned IP address)? RFC 4702 (DHCPv4 FQDN) and 4704 (DHCPv6 FQDN) allow the client to leave the domain name field empty (if the client desires the server to provide a name). - Bernie -----Original Message----- From: dhcwg [mailto:dhcwg-bounces@ietf.org] On Behalf Of Christian Huitema Sent: Friday, May 22, 2015 2:51 PM To: dhcwg@ietf.org Subject: [dhcwg] Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt Reviewing that document, we found a small issue in section 3.5, "hostname option". The text says: When obfuscating the host name, DHCP clients SHOULD set the host name value to a hexadecimal representation of the link layer address that will be used in the underlying connection. They MAY choose another convention in rare cases, for example in multi-homed scenarios. It turns out that sending an hexadecimal representation of the MAC address is a potential privacy leak. Some DHCP servers will publish the client name in the DNS. Third parties can then read that name, and retrieve the MAC address. It is probably better to use a random value. For example, the DHCP client could compute the hash of the MAC address and a local secret, and then publish an ASCII representation of the first 48 or 64 bits of that hash. -- Christian Huitema _______________________________________________ dhcwg mailing list dhcwg@ietf.org https://www.ietf.org/mailman/listinfo/dhcwg
- [dhcwg] Hostname randomization issue in draft-iet… Christian Huitema
- Re: [dhcwg] Hostname randomization issue in draft… Bernie Volz (volz)
- Re: [dhcwg] Hostname randomization issue in draft… Christian Huitema