Re: [dhcwg] A few points about draft-huitema-dhc-anonymity-profile-01.txt
Marcin Siodelski <msiodelski@gmail.com> Tue, 24 March 2015 20:46 UTC
Return-Path: <msiodelski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5E541A037B for <dhcwg@ietfa.amsl.com>; Tue, 24 Mar 2015 13:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juJwOU-VOZzt for <dhcwg@ietfa.amsl.com>; Tue, 24 Mar 2015 13:46:30 -0700 (PDT)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27C1B1A0395 for <dhcwg@ietf.org>; Tue, 24 Mar 2015 13:46:30 -0700 (PDT)
Received: by wibg7 with SMTP id g7so85160750wib.1 for <dhcwg@ietf.org>; Tue, 24 Mar 2015 13:46:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=5kyl2xaxogkTCTeeU/Owa0DuA2Mch3ujxino8Sg3O2w=; b=Q7G4Of83OnLqwQ4gGoandTPbpGJURsoEYGYCimK3MJWoTSxjkVPUPZexhfTEL8/p6A baxo/tZG0gSkcMkWRs1f8QpeuabqyVss5hyrq80HU7c/wJUKIeJjQHG6fz6+6L+chcFq goVv1YKBy0VcLX4t/OR7N1oYEt/xUnf4MU034XTD2eNoYbH1ojHceFKtyCXE6nqK070v GEpStGfhLljcJfNe0FXDotxP7D9Wp33SSRiUXJHOshu9tlVE+GReBvbuy/cVDkWAL48v k/4xegR1wtEtSm0ATb2TJmM7eIvyMymFUNroTChz9QfMIGIulqzWfvslQP544Jf/tYQC zAVw==
X-Received: by 10.194.200.229 with SMTP id jv5mr11506906wjc.59.1427229988969; Tue, 24 Mar 2015 13:46:28 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:176:d8c2:6b51:f4ff:5c2b? ([2001:67c:370:176:d8c2:6b51:f4ff:5c2b]) by mx.google.com with ESMTPSA id i10sm510626wja.40.2015.03.24.13.46.26 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 24 Mar 2015 13:46:28 -0700 (PDT)
Message-ID: <5511CD20.1010105@gmail.com>
Date: Tue, 24 Mar 2015 15:46:24 -0500
From: Marcin Siodelski <msiodelski@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Christian Huitema <huitema@microsoft.com>
References: <5511863B.2070908@gmail.com> <DM2PR0301MB0655DFD297D2D06B83EDDD63A80A0@DM2PR0301MB0655.namprd03.prod.outlook.com> <55119198.7080809@gmail.com>
In-Reply-To: <55119198.7080809@gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/1GavQduB3N3r4lS9N8AbieC2DVA>
Cc: "dhcwg@ietf.org" <dhcwg@ietf.org>
Subject: Re: [dhcwg] A few points about draft-huitema-dhc-anonymity-profile-01.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 20:46:32 -0000
The previous email went out of the control for some reason. So, I resend it with the more complete answers. :-) On 2015-03-24 11:32, Marcin Siodelski wrote: > > > On 2015-03-24 11:01, Christian Huitema wrote: >> On Tuesday, March 24, at 2015 10:44 AM, Marcin Siodelski wrote: >>> >>> IMHO, this draft well summarizes the privacy issues mitigation for >>> DHCPv4 and DHCPv6. I have read this top to bottom and have had a couple >>> of questions. >>> >>> I assume that since this document updates the RFC4361 the intended >>> status should be modified from "Informational" to "Standards Track"? >> >> Yes. Sorry. Blame my poor practice of XML2RFC... >> >>> Assuming that the answer to the above is "yes", I think that the use of >>> word "guidelines" is inappropriate in a few places in the text. For >>> example in the abstract: >>> >>> "The profile provides guidelines on the composition of DHCP or DHCPv6 >>> requests, designed to minimize disclosure of identifying information." >>> >>> From the overall tone of the text, if a client chooses to be anonymous >>> it must adhere to this doc rather than treat it as a guideline. No? >> >> Maybe. Do you have suggestion for better text? >> > > Perhaps something like this. > > "This document describes the behavior of the DHCP clients configured to > avoid the breach of their privacy by minimizing the amount of sensitive > information sent to the DHCP servers." > > Not sure it is perfect though. But, it avoids making the impression that > everything in here is optional. > >>> In section "3. Anonymity Profile for DHCPv4" I'd suggest revising the >>> use of MUST/SHOULD for specific options vs RF2131. For example: in most >>> cases the Parameter Request List option is something that client MAY >>> include, rather than MUST. I see no reason for this draft to mandate the >>> use of PRL. >> >> The issue there is "implementation profiling." It would be better if >> all implementations did about the same thing, so they be hard to >> recognize. >> > > For the specific case of Parameter Request List... what about the case > if the client is not interested in any options be returned? The minimum > length of this option is 1 which means that the client includes it I meant that client includes it if it desires at least one option. > >>> Isn't it to strong to say that client MUST use client identifier, as >>> opposed to only use chaddr? >> >> Again, that goes to implementation profiling. >> >>> Why is this mandated to use the Host Name? >> >> It would be OK to just not send a name at all, but I am concerned with >> side effects. >> Are we actually thinking that the clients using the techniques defined in the draft will be interested in the DNS updates? If the answer is maybe, maybe that could be optional whether the client does it or not?. I am also afraid that if the clients are going to derive the hostnames from the HW addresses we better define a common way for doing it. Otherwise, if different implementations use different encoding for the hostnames derived from HW addresses it may make it easy to identify what DHCP client implementation they are. >>> For the DHCPREQUEST case the use of Requested IP address option is a >>> MUST for certain client states. These cases should be explicitly listed >>> here and the use of Requested IP address option should not be >>> discouraged. >> >> That is the case when the client already have an IP address >> provisioned on the same network, correct? I thought that was covered. >> One the client sends the DHCPDISCOVER and it is offered an address, it puts the Requested IP Address option to ask for the offered address with the DHCPREQUEST. >>> In section: "4.3. Address assignment options" it is explicitly said that >>> IA_NA or IA_TA can be used for obtaining addresses and there is no >>> mention of IA_PD. The document should probably have a line or two about >>> the applicability of this method to prefix delegation. Personally, I >>> don't see many of the use cases here, but probably worth to clarify? >> >> I did not consider this as a viable option. That would be an >> "anonymous mobile router." >> I am not advocating to use the privacy techniques in conjunction with prefix delegation. What I am saying is that the applicability of the techniques described in the draft should be clear. For example: this draft is not applicable for prefix delegation (and why) or there is nothing to preclude the use of this with prefix delegation but currently we don't see use cases. Or something like that. >>> About section "5. Management considerations". I don't know how to apply >>> this in practice: >>> >>> "Implementers should be careful to only use the anonymity profile when >>> privacy trumps management considerations." >>> >>> The implementers may have very little knowledge about the particular >>> environment where the DHCP client being implemented will be used. I also >>> assume that it is more the configuration knob on a device which turns >>> the anonymity on or off. So, I would not push this responsibility on the >>> implementers. Unless, I misunderstood who the implementers are in >>> this case. >>> >>> Similarly, the following sentence: >>> >>> "Servers dealing with clients using this profile who want to honour >>> the client’s wishes, ought minimise logging because that may assist >>> the client." >>> >>> seems to advise the impossible, because the goal is that the server is >>> NOT notified whether the clients are in the anonymity state or not. See >>> section 2.5. Does it intend to say that certain DHCP deployments (e.g. >>> public network at the airport) should assume that clients may use the >>> anonymity profile and assist the clients? >> >> Maybe I should just drop the entire section 5. Maybe... >> Marcin
- [dhcwg] A few points about draft-huitema-dhc-anon… Marcin Siodelski
- Re: [dhcwg] A few points about draft-huitema-dhc-… Christian Huitema
- Re: [dhcwg] A few points about draft-huitema-dhc-… Marcin Siodelski