Re: [dhcwg] WGLC on draft-ietf-dhc-dhcpv6-privacy-01 - Respond by Sept. 22, 2015

[神明達哉 <jinmei@wide.ad.jp>]

On Wed, Sep 2, 2015 at 2:44 PM, Bernie Volz (volz) <volz@cisco.com> wrote:

> This message starts the DHC Working Group Last Call to advance
> draft-ietf-dhc-dhcpv6-privacy-01, Privacy considerations for DHCPv6,
> http://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-privacy-01. This document’s
> intended status is Informational. At present, there is no IPR file against
> this document.
[...]
> Please send your comments by September 22th, 2015. If you do not feel this
> document should advance, please state your reasons why.

I don't have a strong opinion on whether to advance it, but I
personally think it's premature to be published.  There are several
confusing points in the draft (see below for specific points), and if
I were to decide I'd first clarify these before sending it to the
IESG.

Also, as someone who is not a privacy expert, I don't know for sure if
there are missing important points (while I can make comments on
what's currently written).  It would be nice if someone with this
expertise can explicitly comment on that point (rather than interpret
silence as acceptance).

Specific comments on the draft:

- Section 3.1

   Even if the administrator enables privacy extensions
   (see [RFC4941]) and its equivalent for link-layer address
   randomization, it is likely that those privacy mechanisms were
   disabled during the first device boot.

I don't understand how RFC4941 is relevant in this context (I
understand the relevance of LL addr randomization).  Elaboration? (or
if it's not really relevant I suggest just removing it).

- Section 3.2

   Client ID is an example of DUID.

I don't understand this sentence.  First off, RFC3315 barely defines
"Client ID(entifier)" while it defines "DUID" or "Client ID Option".
If you mean the DUID field value of client ID option by "Client ID",
this sentence sounds too obvious to me.  It's not a big deal, but I
suggest just removing this sentence as I don't think it helps readers
and can rather confuse them.

- Section 3.11.2

   it is often a text string that includes the
   relay agent name followed by interface name.

What does "often" mean?  Does this mean the vast majority of relay
implementations behave this way?  If so, is it based on a survey of
implementations?

- Section 4.1

   Many client implementations
   renew those addresses during a renewal procedure initiated by other
   resources (non-temporary addresses or prefixes), thus forfeiting
   shortliveness.

What does this 'many' mean?  Specifically how many implementation out
of which behave this way?  Regardless of exactly how many, this
behavior rather seems to be an implementation bug, since, as the draft
itself states, it would forfeit the point of temporary addresses.  If
that's what this draft tries to point out, I think it should state
it's an implementation defect to be fixed more clearly.  Right now it
could rather read this is a protocol problem.

- Section 4.1

   Second, [RFC4704] allows servers to update DNS for
   assigned temporary addresses.  Publishing client's IPv6 address in
   DNS that is publicly available is a major privacy breach.

Similar to the previous point, if a server performs dynamic DNS
update for a temporary address it assigns to a client (corresponding
to IA_TA), it seems to me that the server implementation is just too
naive.  And, like the previous point, currently the draft doesn't seem
to read it's an implementation problem.

- Section 4.2

   DNS Updates [RFC4704] defines a mechanism that allows both clients
   and server to insert into DNS domain information about clients.  Both

"DNS Updates [RFC4704]" looks confusing/misleading to me.  I believe
the term "DNS Updates" generally refers to the protocol defined in
RFC2136.  If this "DNS Updates" is intended to mean the protocol
described in RFC4704 (I think that's the intent from the context), I
suggest using some other term than "DNS Updates".  If it actually
means the protocol defined in RFC2136, it should refer to RFC2136, not
RFC4704.

Same comment applies to Section 5.7.

- Section 4.3

   Identifier-based allocation - a server may choose to allocate an
   address that is based on one of available identifiers, e.g.  IID or
   MAC address.

  What does this "IID" mean?  Interface Identifier?  If so, I don't
  understand it.  Or perhaps DUID?

- Section 5.4

   They
   do this by putting the previously assigned address(es) in the IA
   Address Option(s) inside the IA_NA, IA_TA.

Is a client really supposed to include IA_TA?  Or is this about
specific implementations?  Either way this behavior seems to be simply
broken.  If it talks about (a defect of) specific implementation, it
may be worth noting, but I think it should be clearly separated from
the case of IA_NA and described as an implementation defect.

- Section 7

   As such, no dedicated section about this is needed.

This sounds awkward to me since Section 7 is actually a "dedicated
section about" privacy.  Guessing author's intent, perhaps this should
be "no dedicated discussion"?

Editorial nits:
  - Section 1: s/or/of/ or s/or/for/ (?)

   The privacy or DHCP servers and relay agents are

  - Section 4.1

   There are number of serious issues, both protocolar and
   implementational, that make them nearly useless for their original

  The term "protocolar" is not in my usual dictionaries...is it some
  kind of jargon that I yet to learn, or is it just a typo?

  - I've found other several trivial typos and grammar errors, but I
    won't bother to list all of them here.  The authors might want to
    run another cycle of proofread before finally submitting it to the
    IESG (or with RFC editor)

--
JINMEI, Tatuya