[dhcwg] Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt
Christian Huitema <huitema@microsoft.com> Fri, 22 May 2015 18:51 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF8FF1A001C for <dhcwg@ietfa.amsl.com>; Fri, 22 May 2015 11:51:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id veR26J_Nu2cT for <dhcwg@ietfa.amsl.com>; Fri, 22 May 2015 11:51:22 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0136.outbound.protection.outlook.com [65.55.169.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 75FE11A0019 for <dhcwg@ietf.org>; Fri, 22 May 2015 11:51:22 -0700 (PDT)
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.172.22; Fri, 22 May 2015 18:51:20 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0172.012; Fri, 22 May 2015 18:51:20 +0000
From: Christian Huitema <huitema@microsoft.com>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt
Thread-Index: AdCUwEYiujGdpbl8S6K9GK5kpiyG3g==
Date: Fri, 22 May 2015 18:51:20 +0000
Message-ID: <DM2PR0301MB065599852DBFADF0C2882D9AA8C00@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=huitema@microsoft.com;
x-originating-ip: [131.107.159.254]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0654; 3:csLXc3BmlMQ8UvYllmA7kwhkgZrZjnwMMeQEoeKsNHODDbn+yZry8DzzNi9d8rrC+2U0W9xmvnN3CkkCLWnSOBdr6/TL9cZxpLQtLM2QjHGRgCJJ+rK6Zy5/onbJcGcZshjnQ6Cx420/Xf2fvJslMA==; 10:QWODgumEoc/+sxdUZ0Buwu5hwd9fLti9g3K0zN73CqzjjxkebqhoA6l+ZaogBNHagcdneITyjyAYz3r+EvAQ6qOv24D/fiW5hmDRP3rJdmI=; 6:3cgWO92vDQO2NqkPkmLjW5L7sZU4g2F6+zpbTQh/RQhmshXSqjVAn8A+fI8biB9Q
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0654;
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
x-microsoft-antispam-prvs: <DM2PR0301MB065408C94225BEE2F0952397A8C00@DM2PR0301MB0654.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(520002)(3002001); SRVR:DM2PR0301MB0654; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654;
x-forefront-prvs: 058441C12A
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(199003)(46102003)(99286002)(230783001)(76576001)(2501003)(105586002)(229853001)(2351001)(106356001)(450100001)(68736005)(40100003)(74316001)(2900100001)(62966003)(122556002)(77156002)(77096005)(54356999)(102836002)(50986999)(86612001)(33656002)(92566002)(87936001)(101416001)(189998001)(81156007)(4001540100001)(97736004)(107886002)(66066001)(86362001)(5001830100001)(110136002)(64706001)(5001960100002)(5001860100001)(2656002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 May 2015 18:51:20.4793 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0654
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/29AhqzMSd96ZPgbMglN5ok3rfqQ>
Subject: [dhcwg] Hostname randomization issue in draft-ietf-dhc-anonymity-profile-00.txt
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2015 18:51:23 -0000
Reviewing that document, we found a small issue in section 3.5, "hostname option". The text says: When obfuscating the host name, DHCP clients SHOULD set the host name value to a hexadecimal representation of the link layer address that will be used in the underlying connection. They MAY choose another convention in rare cases, for example in multi-homed scenarios. It turns out that sending an hexadecimal representation of the MAC address is a potential privacy leak. Some DHCP servers will publish the client name in the DNS. Third parties can then read that name, and retrieve the MAC address. It is probably better to use a random value. For example, the DHCP client could compute the hash of the MAC address and a local secret, and then publish an ASCII representation of the first 48 or 64 bits of that hash. -- Christian Huitema
- [dhcwg] Hostname randomization issue in draft-iet… Christian Huitema
- Re: [dhcwg] Hostname randomization issue in draft… Bernie Volz (volz)
- Re: [dhcwg] Hostname randomization issue in draft… Christian Huitema