[dhcwg] draft-huitema-dhc-anonymity-profile
"Bernie Volz (volz)" <volz@cisco.com> Sun, 22 March 2015 23:44 UTC
Return-Path: <volz@cisco.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E60841A86E9 for <dhcwg@ietfa.amsl.com>; Sun, 22 Mar 2015 16:44:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tyx8I0xPpgv8 for <dhcwg@ietfa.amsl.com>; Sun, 22 Mar 2015 16:44:07 -0700 (PDT)
Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F16881A86E8 for <dhcwg@ietf.org>; Sun, 22 Mar 2015 16:44:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7067; q=dns/txt; s=iport; t=1427067846; x=1428277446; h=from:to:subject:date:message-id:mime-version; bh=FkyR0m+XnW0ikMna6L8SyveNNQLgbeNv9shmY2to4g0=; b=hLAm7qduZJwkKVsfejzxRuqdLvXqduLE3oUqXpKXOReD4iDDg3pPfxIC EE7Ako7zLQ6uO4KJIKpfsq71WkwmIElKq877fZ+PPsJovbMQWUwguxC4B fy4qhOPe7Xdu9qPX/37NDyEaeSx4fbGXAW7vmAaBkN8Konq2YjKei7gtb U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CpBABaUw9V/4sNJK1cgkNDUl7FKYFPhXUCgSE4FAEBAQEBAQF8hBYBBC1eASpWJgEEARoBiCYNyDkBAQEBAQEBAwEBAQEBAQEBGo9lLYMigRYFjkGCDoNvmikiggIcgVCCM38BAQE
X-IronPort-AV: E=Sophos;i="5.11,448,1422921600"; d="scan'208,217";a="134380139"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by alln-iport-3.cisco.com with ESMTP; 22 Mar 2015 23:44:05 +0000
Received: from xhc-aln-x04.cisco.com (xhc-aln-x04.cisco.com [173.36.12.78]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t2MNi5Yc000398 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sun, 22 Mar 2015 23:44:06 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.114]) by xhc-aln-x04.cisco.com ([173.36.12.78]) with mapi id 14.03.0195.001; Sun, 22 Mar 2015 18:44:05 -0500
From: "Bernie Volz (volz)" <volz@cisco.com>
To: "Christian Huitema (huitema@microsoft.com)" <huitema@microsoft.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: draft-huitema-dhc-anonymity-profile
Thread-Index: AdBk+ZL7h6j3fScPQ22HX0DNpAo4RA==
Date: Sun, 22 Mar 2015 23:44:05 +0000
Message-ID: <489D13FBFA9B3E41812EA89F188F018E1CA1C925@xmb-rcd-x04.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.86.249.218]
Content-Type: multipart/alternative; boundary="_000_489D13FBFA9B3E41812EA89F188F018E1CA1C925xmbrcdx04ciscoc_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/SQtBS_76Jct_nCQBHYj3274esaU>
Subject: [dhcwg] draft-huitema-dhc-anonymity-profile
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Mar 2015 23:44:09 -0000
Christian: The draft looks good. However, in section 3 you did not mention the PRL (and also 4.4 for the ORO) and about how device detection using the PRL/ORO are possible (see https://github.com/inverse-inc/fingerbank and http://www.fingerbank.org/). These may be worth mitigating? Techniques might include randomly ordering the PRL/ORO option list and/or randomly including some options that are not desired (picking options to request should be done carefully as picking random numbers might trigger unexpected processing by the server). We may also want to mention the fingerprinting issue in the Privacy Considerations drafts. (I'm not sure whether anyone has built a database for DHCPv6 clients yet.) In 4.6, what about Option 17, Vendor-specific Information Option? (In section 3.8 for DHCPv4, you mentioned the DHCPv4 equivalent.) - Bernie
- [dhcwg] draft-huitema-dhc-anonymity-profile Bernie Volz (volz)