Re: [dhcwg] 3315bis question: Changing default DUID to DUID-LL?

Ted Lemon <mellon@fugue.com> Mon, 23 May 2016 20:21 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF40A12DB82 for <dhcwg@ietfa.amsl.com>; Mon, 23 May 2016 13:21:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sEgm--OU21pE for <dhcwg@ietfa.amsl.com>; Mon, 23 May 2016 13:21:11 -0700 (PDT)
Received: from mail-lb0-x232.google.com (mail-lb0-x232.google.com [IPv6:2a00:1450:4010:c04::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0853A12DB86 for <dhcwg@ietf.org>; Mon, 23 May 2016 13:20:31 -0700 (PDT)
Received: by mail-lb0-x232.google.com with SMTP id sh2so17284472lbb.1 for <dhcwg@ietf.org>; Mon, 23 May 2016 13:20:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=glyBhAhV2Jf0yU13a4Dp0rcg2oJbrfjxvBLlhzudvf8=; b=kYAwh2aPm8b6LGje6pbmQ+WS8Ryztu5nLP5cuaWtOjHsm+Yx5nDZXoyvsb6Qgszdgd XdS476Sj/yJUS0+8kVf06PrFxuWx7NZ45t95B8Bc51AAHcTyFSy2GJMegEu4/X4ZvqPn QwoNvpFV4QcPHU2JrxLpjGemYrBYS7TQKqevGz8Zm4SsgvGng9a2iwyW9RV/ljrSst8e xR4YAJ4MZsy9R9brj8ikpR6fgr0nEU0aKfgQh1u/GYm9/U+A/KlGqiuoS+XWKLwfltrF JMCeBY+2MEAuaCZ0I07FXudmORiS2puGn9M7X93lDjLV+BQxt4/G4KLxQIYdR4Y6TO9B V55w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=glyBhAhV2Jf0yU13a4Dp0rcg2oJbrfjxvBLlhzudvf8=; b=OwJiJWbBVE5hSg+EDOqOrp4je6ocTQKkyREYThu3izGkEgxamB1kdHVKs1/zMXvdiA IEbbfI6wM1iDbzqvOsVjn99yWzExi3GaCMc95mGtBbsEA/4XIG4yLDFsev89Mii9wOmB SfQqQLn0vZT/zb6IfyBzTOOwFJeUqUJp/M/vx1gXZxwzr1TzsQrDa/3EGBuN3miYRVZM Z4U6sfomPInLE5adxd3RprXew21O+DB8YPLpx1wzSAIHURHHeE+Q1F0KlVBYsrBG+ecn gRlAi8PNZMyHnSg8cP8UVuY1r52AN8paHhH4MoyYs8+DnqpI/2LBKtFAvtIP1JRktdGm DoLQ==
X-Gm-Message-State: ALyK8tIP0Luv/lJgP3ygTbXWqNUdS12ASYuyEaQ6lNuXMUfTJp8zgE8/yqyXJ8n4Wy8s0giauCH4M7bzssWJsg==
X-Received: by 10.112.159.40 with SMTP id wz8mr3202018lbb.87.1464034829155; Mon, 23 May 2016 13:20:29 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.153.135 with HTTP; Mon, 23 May 2016 13:19:49 -0700 (PDT)
In-Reply-To: <574361A4.9040907@gmail.com>
References: <574093A8.5040300@gmail.com> <574361A4.9040907@gmail.com>
From: Ted Lemon <mellon@fugue.com>
Date: Mon, 23 May 2016 16:19:49 -0400
Message-ID: <CAPt1N1nHYs5r16eviyd39jNHXHrAKLBicnOr_kEs5WwBz=c+2w@mail.gmail.com>
To: Tomek Mrugalski <tomasz.mrugalski@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2aea0ee54560533882bd7
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/UT4-oriqZlQkDGQ_lY4LjM_1Fn4>
Cc: dhcwg <dhcwg@ietf.org>
Subject: Re: [dhcwg] 3315bis question: Changing default DUID to DUID-LL?
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 20:21:15 -0000

On Mon, May 23, 2016 at 4:01 PM, Tomek Mrugalski <tomasz.mrugalski@gmail.com
> wrote:

> 2. Ted pointed out that DUID-LL does not reveal anything more than
> DUID-LLT already does, so there's no problem from privacy perspective.
>

Actually, that wasn't my point at all, although it's true.  My point was
that if you have a bar code scan of the link-layer address of a device, you
can see that data in both DUID-LL or DUID-LLT.   Really the difference
between the two is that DUID-LLT is better if you  have removable network
interfaces (which isn't so common anymore) and DUID-LL is better if you
have fixed interfaces (the more usual case nowadays).

One additional hiccup is that DUID is specific to the machine, not to the
interface.   So if you have a machine with more than one interface, you
still don't have a 1:1 mapping between bar code scanned link-layer
addresses and devices, unless your device uses the same link-layer address
on all its interfaces.

Since you brought up the privacy question, it's worth noting that neither
of these options has good privacy characteristics, so advice that we give
about which link-layer address to use in what format would be rightly
ignored by vendors who care about user privacy.   This is not an issue for
infrastructure equipment.   I don't think we should recommend either
without specifying the scope in which the recommendation is valid.

What I _would_ like to do is to clarify the language in this section so
that it doesn't forbid looking at the link-layer address in either DUID-LL
or DUID-LLT.   That was never the intention of the language in RFC 3315,
but it's been interpreted that way rather a lot.

And, BTW, Tomek, you shouldn't be asking us for our opinions.   Our
opinions don't matter.  What matters are the specific reasons we have for
favoring one or the other identifier.   If you ask for opinions, you will
wind up with a lot of votes, and what are you supposed to do with votes in
an IETF consensus call?   :)