Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-profile-03 - Respond by Sept. 22, 2015
Marcin Siodelski <msiodelski@gmail.com> Tue, 22 September 2015 12:31 UTC
Return-Path: <msiodelski@gmail.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA621A6FAE for <dhcwg@ietfa.amsl.com>; Tue, 22 Sep 2015 05:31:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tv9n5iHUEz2N for <dhcwg@ietfa.amsl.com>; Tue, 22 Sep 2015 05:31:37 -0700 (PDT)
Received: from mail-la0-x234.google.com (mail-la0-x234.google.com [IPv6:2a00:1450:4010:c03::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 741361A6F98 for <dhcwg@ietf.org>; Tue, 22 Sep 2015 05:31:37 -0700 (PDT)
Received: by lahg1 with SMTP id g1so10175561lah.1 for <dhcwg@ietf.org>; Tue, 22 Sep 2015 05:31:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=FCHL72aFGaky05mWBXLE9KEakFim1hWdjANZvRv5gY4=; b=lz0OIkdWdU8Ari2NZTc6jUeQ1XzkG0zkJJx9JqoogGj7AiMqGkBuZqQ4rCsI/aRyUv QRUr0BzcDPgQi+5TbeNlAiDzm2gnzTt+TbtySVPMdbkOBjpzjMq+EkztXUby1y0muZW4 QylqTaPU8xDIxwcdhzpWZUHKxx8wGkzb/3DOcAceQ2JciexXa7ZdCuoHngB6c2ZY3yPt Wf0MjTNtY9pKN0Gk4We2xT2Zs5A92QIvwfyZmYh6II9IsCqrGjRdOH+7xiYXWH7tWOp5 gcQDH7NnrZQtFplXNE47e8o79332cYh4shJ9K4bilwxvQDNUCGqaBOPNoF8fOWs2KNfr YcXQ==
X-Received: by 10.25.164.212 with SMTP id n203mr2573419lfe.108.1442925095444; Tue, 22 Sep 2015 05:31:35 -0700 (PDT)
Received: from MacBook-Pro-Marcin.local (89-79-26-47.dynamic.chello.pl. [89.79.26.47]) by smtp.googlemail.com with ESMTPSA id 30sm97737lfy.20.2015.09.22.05.31.34 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Sep 2015 05:31:34 -0700 (PDT)
To: "Bernie Volz (volz)" <volz@cisco.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>
References: <489D13FBFA9B3E41812EA89F188F018E1CC661A4@xmb-rcd-x04.cisco.com>
From: Marcin Siodelski <msiodelski@gmail.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <56014A25.2000209@gmail.com>
Date: Tue, 22 Sep 2015 14:31:33 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <489D13FBFA9B3E41812EA89F188F018E1CC661A4@xmb-rcd-x04.cisco.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/U7td4pRRhzWUPbJBng7jYi2NUb4>
Subject: Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-profile-03 - Respond by Sept. 22, 2015
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 12:31:40 -0000
I have read the version -03 of the document and I support it move forward. However, I have some issues, which are mostly repeating what I have said in my previous review from July 22nd, 2015. 3. Anonymity profile for DHCPv4 Normative language needs cleanup in this section. - all messages MUST contain the appropriate Message Type. In the text DHCPDISCOVER MUST contain Message Type, other messages SHOULD contain Message Type. This is wrong. - Similar applies to the client identifier. I think that in all cases the client SHOULD send it (there may be cases when the client doesn't send it though). Therefore, the DHCPDISCOVER case should not mandate client identifier, as it does now. - I wonder if there is any reason to state that the client SHOULD include Parameter Request List option? The RFC2131 says it MAY. So, if the client is not interested in receiving any options why SHOULD? And why MUST in the DHCPDISCOVER case. It also seems that you should probably replace DISCOVER with DHCPDISCOVER, REQUEST with DHCPREQUEST and so on. They are the proper names for the messages. 3.3. Requested IP address option "There are scenarios in which a client connects to a network when a lease is still valid". I think this is to address the INIT-REBOOT case when the client wakes up and sends Requested IP address option in the DHCPREQUEST message to obtain the same address. That's ok, but I think it should be referred to as INIT-REBOOT state because it is a naming convention from RFC2131. Secondly, I guess the lease may not really be valid when the client issues the DHCPREQUEST in the INIT-REBOOT state. It may have expired (possibly short time ago) but the client will try to reclaim this lease anyway, and maybe the server can still hand it out. So, it would be probably better to say that "There are scenarios in which a client connecting to a network remembers previously allocated address, i.e. is in the INIT-REBOOT state." or something like that. 4.4.1. Obtain temporary addresses Some of my concerns sent in the previous review were not addressed. I think I don't understand how the section about temporary addresses fits into the principle guideline to randomize link layer addresses. In particular, this section discusses replacing IAID to get the new address, while preserving an old address. If the new address is successfully assigned, the old address can be released or left to time out. In any case, the client seems to be using the same MAC address while this transition to the new IAID takes place, so the DHCP server would be able to correlate the old address with the new address. Is this the intent? Is it just giving the hint how to obtain IA_TA-like behavior independently from the randomization of the MAC address? In other words, if I am implementing a client with the anonymity profile enabled, would I randomize MAC address, MAC address and IAID, or I'd make it an option in the device? Also, why is reference to the Section 4.4. specifically important: "This, along with the mitigation technique discussed in Section 4.4, will ensure that a client will get a new address that can be renewed...." ? Randomizing the IAID doesn't imply randomizing MAC address, so I don't understand why it has been mentioned here. Marcin On 02.09.2015 23:45, Bernie Volz (volz) wrote: > Hi all, > > > > This message starts the DHC Working Group Last Call to advance > draft-ietf-dhc-anonymity-profile-03, Anonymity profile for DHCP clients, > http://tools.ietf.org/html/draft-ietf-dhc-anonymity-profile-03. This > document’s intended status is Standards Track. > > > > Note: At present, there is 1 IPR against file against this document > (http://datatracker.ietf.org/ipr/2654/). > > > > This is a part of the WGLC of 3 documents > (draft-ietf-dhc-dhcp-privacy-01, draft-ietf-dhc-dhcpv6-privacy-01, and > draft-ietf-dhc-anonymity-profile-03). > > > > Please send your comments by September 22th, 2015. If you do not feel > this document should advance, please state your reasons why. > > > > Bernie Volz is the assigned shepherd. > > > > - Tomek & Bernie > > > > > > _______________________________________________ > dhcwg mailing list > dhcwg@ietf.org > https://www.ietf.org/mailman/listinfo/dhcwg >
- [dhcwg] WGLC on draft-ietf-dhc-anonymity-profile-… Bernie Volz (volz)
- Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-prof… Marcin Siodelski
- Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-prof… Christian Huitema
- Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-prof… Bernie Volz (volz)
- Re: [dhcwg] WGLC on draft-ietf-dhc-anonymity-prof… Marcin Siodelski