IETF Logo Mail Archive

Re: [dhcwg] Stephen Farrell's Discuss on draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and COMMENT)

Ted Lemon <Ted.Lemon@nominum.com> Thu, 28 May 2015 14:16 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F8671ACDA7; Thu, 28 May 2015 07:16:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id whQmOxcituW5; Thu, 28 May 2015 07:16:36 -0700 (PDT)
Received: from sjc1-mx02-inside.nominum.com (sjc1-mx02-inside.nominum.com [64.89.234.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8FB7D1ACD9C; Thu, 28 May 2015 07:16:36 -0700 (PDT)
Received: from webmail.nominum.com (cas-03.win.nominum.com [64.89.235.66]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by sjc1-mx02-inside.nominum.com (Postfix) with ESMTPS id 5CE75DA0085; Thu, 28 May 2015 14:16:36 +0000 (UTC)
Received: from [10.0.20.133] (71.233.43.215) by CAS-03.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.224.2; Thu, 28 May 2015 07:16:35 -0700
References: <489D13FBFA9B3E41812EA89F188F018E1CAF5DA3@xmb-rcd-x04.cisco.com> <55670179.8030400@cs.tcd.ie> <489D13FBFA9B3E41812EA89F188F018E1CAF5EC1@xmb-rcd-x04.cisco.com> <20150528.141105.74661164.sthaug@nethelp.no> <489D13FBFA9B3E41812EA89F188F018E1CAF6142@xmb-rcd-x04.cisco.com> <55670889.30503@cs.tcd.ie>
MIME-Version: 1.0 (1.0)
In-Reply-To: <55670889.30503@cs.tcd.ie>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-ID: <987AF535-F598-4FB7-A45A-59C856D1ACA3@nominum.com>
X-Mailer: iPad Mail (12F69)
From: Ted Lemon <Ted.Lemon@nominum.com>
Date: Thu, 28 May 2015 10:16:34 -0400
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
X-Originating-IP: [71.233.43.215]
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/UWgh7v7tQYlcsa1nmB1Fbjr2Vrk>
X-Mailman-Approved-At: Thu, 28 May 2015 07:21:54 -0700
Cc: "draft-ietf-dhc-dynamic-shared-v4allocation.ad@ietf.org" <draft-ietf-dhc-dynamic-shared-v4allocation.ad@ietf.org>, "Bernie Volz (volz)" <volz@cisco.com>, "dhc-chairs@ietf.org" <dhc-chairs@ietf.org>, "draft-ietf-dhc-dynamic-shared-v4allocation@ietf.org" <draft-ietf-dhc-dynamic-shared-v4allocation@ietf.org>, "Ted.Lemon@nominum.com" <Ted.Lemon@nominum.com>, "dhcwg@ietf.org" <dhcwg@ietf.org>, "draft-ietf-dhc-dynamic-shared-v4allocation.shepherd@ietf.org" <draft-ietf-dhc-dynamic-shared-v4allocation.shepherd@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [dhcwg] Stephen Farrell's Discuss on draft-ietf-dhc-dynamic-shared-v4allocation-07: (with DISCUSS and COMMENT)
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 May 2015 14:16:37 -0000

On May 28, 2015, at 8:22 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> So just to be clear: the reason I'm asking about this is mainly
> that I want to be sure that this draft doesn't make deploying
> the privacy one harder/impossible.

There are two points to keep in mind about this.   First, I think it actually makes it easier, because now the client identifier is required and the MAC address is not needed, so at a minimum it's at least easier to avoid including a consistent identifier in requests that might happen on different networks.   But secondly, the target for this specification is really home gateways, and the issues of roaming from network to network are at least at present pretty minimal.   Whether home gateway vendors implement the privacy doc or not, I think the risk to end users' privacy is limited since the upstream ISP presumably already knows who the customer is.

As for the port set ID as an identifier, it's just the opposite: it's the thing being allocated. Think of it as an IPv4 address, only with more bits.   It identifies the address and port range that has been allocated, not the client to which it has been allocated. It is sent by the client as an indication of which port set was previously allocated to the client, not as an identifier.  The client can be expected to have different port sets at different times. So it simply doesn't make sense to use it the way you are suggesting.

v2.23.0 | Report a Bug | By Email