IETF Logo Mail Archive

Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-profile-03 - Respond by Sept. 22, 2015

Marcin Siodelski <msiodelski@gmail.com> Tue, 22 September 2015 12:31 UTC

Return-Path: <msiodelski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA621A6FAE for <dhcwg@ietfa.amsl.com>; Tue, 22 Sep 2015 05:31:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tv9n5iHUEz2N for <dhcwg@ietfa.amsl.com>; Tue, 22 Sep 2015 05:31:37 -0700 (PDT)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 741361A6F98 for <dhcwg@ietf.org>; Tue, 22 Sep 2015 05:31:37 -0700 (PDT)
Received: by lahg1 with SMTP id g1so10175561lah.1 for <dhcwg@ietf.org>; Tue, 22 Sep 2015 05:31:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=FCHL72aFGaky05mWBXLE9KEakFim1hWdjANZvRv5gY4=; b=lz0OIkdWdU8Ari2NZTc6jUeQ1XzkG0zkJJx9JqoogGj7AiMqGkBuZqQ4rCsI/aRyUv QRUr0BzcDPgQi+5TbeNlAiDzm2gnzTt+TbtySVPMdbkOBjpzjMq+EkztXUby1y0muZW4 QylqTaPU8xDIxwcdhzpWZUHKxx8wGkzb/3DOcAceQ2JciexXa7ZdCuoHngB6c2ZY3yPt Wf0MjTNtY9pKN0Gk4We2xT2Zs5A92QIvwfyZmYh6II9IsCqrGjRdOH+7xiYXWH7tWOp5 gcQDH7NnrZQtFplXNE47e8o79332cYh4shJ9K4bilwxvQDNUCGqaBOPNoF8fOWs2KNfr YcXQ==
X-Received: by 10.25.164.212 with SMTP id n203mr2573419lfe.108.1442925095444; Tue, 22 Sep 2015 05:31:35 -0700 (PDT)
Received: from MacBook-Pro-Marcin.local (89-79-26-47.dynamic.chello.pl. [89.79.26.47]) by smtp.googlemail.com with ESMTPSA id 30sm97737lfy.20.2015.09.22.05.31.34 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Sep 2015 05:31:34 -0700 (PDT)
To: "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <489D13FBFA9B3E41812EA89F188F018E1CC661A4@xmb-rcd-x04.cisco.com>
From: Marcin Siodelski <msiodelski@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56014A25.2000209@gmail.com>
Date: Tue, 22 Sep 2015 14:31:33 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <489D13FBFA9B3E41812EA89F188F018E1CC661A4@xmb-rcd-x04.cisco.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/U7td4pRRhzWUPbJBng7jYi2NUb4>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-profile-03 - Respond by Sept. 22, 2015
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 12:31:40 -0000

I have read the version -03 of the document and I support it move
forward. However, I have some issues, which are mostly repeating what I
have said in my previous review from July 22nd, 2015.

3. Anonymity profile for DHCPv4
Normative language needs cleanup in this section.

- all messages MUST contain the appropriate Message Type. In the text
DHCPDISCOVER MUST contain Message Type, other messages SHOULD contain
Message Type. This is wrong.

- Similar applies to the client identifier. I think that in all cases
the client SHOULD send it (there may be cases when the client doesn't
send it though). Therefore, the DHCPDISCOVER case should not mandate
client identifier, as it does now.

- I wonder if there is any reason to state that the client SHOULD
include Parameter Request List option? The RFC2131 says it MAY. So, if
the client is not interested in receiving any options why SHOULD? And
why MUST in the DHCPDISCOVER case.

It also seems that you should probably replace DISCOVER with
DHCPDISCOVER, REQUEST with DHCPREQUEST and so on. They are the proper
names for the messages.

3.3. Requested IP address option

"There are scenarios in which a client connects to a network when a
lease is still valid".

I think this is to address the INIT-REBOOT case when the client wakes up
and sends Requested IP address option in the DHCPREQUEST message to
obtain the same address. That's ok, but I think it should be referred to
as INIT-REBOOT state because it is a naming convention from RFC2131.
Secondly, I guess the lease may not really be valid when the client
issues the DHCPREQUEST in the INIT-REBOOT state. It may have expired
(possibly short time ago) but the client will try to reclaim this lease
anyway, and maybe the server can still hand it out. So, it would be
probably better to say that

"There are scenarios in which a client connecting to a network remembers
previously allocated address, i.e. is in the INIT-REBOOT state."

or something like that.


4.4.1. Obtain temporary addresses

Some of my concerns sent in the previous review were not addressed. I
think I don't understand how the section about temporary addresses fits
into the principle guideline to randomize link layer addresses. In
particular, this section discusses replacing IAID to get the new
address, while preserving an old address. If the new address is
successfully assigned, the old address can be released or left to time
out. In any case, the client seems to be using the same MAC address
while this transition to the new IAID takes place, so the DHCP server
would be able to correlate the old address with the new address. Is this
the intent? Is it just giving the hint how to obtain IA_TA-like behavior
independently from the randomization of the MAC address?

In other words, if I am implementing a client with the anonymity profile
enabled, would I randomize MAC address, MAC address and IAID, or I'd
make it an option in the device?

Also, why is reference to the Section 4.4. specifically important:

"This, along with the mitigation technique discussed in Section 4.4,
will ensure that a client will get a new address that can be renewed...."
?

Randomizing the IAID doesn't imply randomizing MAC address, so I don't
understand why it has been mentioned here.

Marcin


On 02.09.2015 23:45, Bernie Volz (volz) wrote:
> Hi all,
> 
>  
> 
> This message starts the DHC Working Group Last Call to advance
> draft-ietf-dhc-anonymity-profile-03, Anonymity profile for DHCP clients,
> http://tools.ietf.org/html/draft-ietf-dhc-anonymity-profile-03. This
> document’s intended status is Standards Track.
> 
>  
> 
> Note: At present, there is 1 IPR against file against this document
> (http://datatracker.ietf.org/ipr/2654/).
> 
>  
> 
> This is a part of the WGLC of 3 documents
> (draft-ietf-dhc-dhcp-privacy-01,  draft-ietf-dhc-dhcpv6-privacy-01, and
> draft-ietf-dhc-anonymity-profile-03).
> 
>  
> 
> Please send your comments by September 22th, 2015. If you do not feel
> this  document should advance, please state your reasons why.
> 
>  
> 
> Bernie Volz is the assigned shepherd.
> 
>  
> 
> - Tomek & Bernie
> 
>  
> 
> 
> 
> _______________________________________________
> dhcwg mailing list
> dhcwg@ietf.org
> https://www.ietf.org/mailman/listinfo/dhcwg
>

v2.23.0 | Report a Bug | By Email