Re: [dhcwg] Order of options for DHCP Anonymity profile

Christian Huitema <> Tue, 01 September 2015 01:32 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id D541A1B65E8 for <>; Mon, 31 Aug 2015 18:32:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id z2rqHpp1kUiu for <>; Mon, 31 Aug 2015 18:32:46 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 953491B5A1F for <>; Mon, 31 Aug 2015 18:32:46 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Tue, 1 Sep 2015 01:32:44 +0000
Received: from ([]) by ([]) with mapi id 15.01.0256.013; Tue, 1 Sep 2015 01:32:44 +0000
From: Christian Huitema <>
To: Tomek Mrugalski <>, "" <>
Thread-Topic: [dhcwg] Order of options for DHCP Anonymity profile
Thread-Index: AdDjQ5/X5uFde6IFSve9jsTqSE4nXQAC5rUAACo5mQAACarJAAAM8Hvg
Date: Tue, 01 Sep 2015 01:32:44 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results: spf=none (sender IP is );
x-originating-ip: []
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0653; 5:YVqFSsC8fudLCcx3iJlclXMfBSGZCkt4KNnJQHarYkWNn1SE64CyuVIjyBzT8ekUwxVbzL+UfURvtr7vd9RZN7JtLlf2Yf8QgVLZ1BKOxRXlEKNAECGU1GvQByqOpbsfRoM+/hOYl56HDjqhtmkUfQ==; 24:RyjUVSCwayYDeNLTTB4ARHHRVOGGSgvEoYLKkUqj8UeMVh6HZoq0Xpp4V/m7KOe/JDVQUvyqet4D7f9kxkjDTipEWkVfoKZMqh+bIk4jfos=; 20:5pdwY2qXRspP7K0mlBU8awpvgPEVL3DDx6K61QtW6o/6cIH0bSHMPnLh08evUqY+FpsI5vnPbRSJlloiXG7/Pw==
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0653;
x-o365ent-eop-header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(8121501046)(3002001); SRVR:DM2PR0301MB0653; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0653;
x-forefront-prvs: 06860EDC7B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(24454002)(189002)(377454003)(199003)(5001860100001)(5001770100001)(40100003)(5005710100001)(5001960100002)(10290500002)(76576001)(10090500001)(5002640100001)(10400500002)(93886004)(2656002)(33656002)(102836002)(46102003)(5004730100002)(5007970100001)(122556002)(99286002)(106356001)(105586002)(68736005)(50986999)(189998001)(74316001)(2950100001)(66066001)(64706001)(77096005)(86362001)(2501003)(77156002)(107886002)(76176999)(101416001)(92566002)(5003600100002)(5001920100001)(86612001)(97736004)(4001540100001)(81156007)(62966003)(2900100001)(54356999)(87936001)(8990500004)(5001830100001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0653;; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None ( does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2015 01:32:44.1719 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0653
Archived-At: <>
Subject: Re: [dhcwg] Order of options for DHCP Anonymity profile
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 01 Sep 2015 01:32:49 -0000

On Monday, August 31, 2015 11:57 AM, Tomek Mrugalski wrote:
> ...
> On 31.08.2015 16:20, Bernie Volz (volz) wrote:
> > Ordering by option number seems a fine (and simpler) approach. The
> > differences in options requested might still make fingerprinting
> > possible (especially for clients that ask for more unusual options).
> By sending options ordered you would disclose the desire for anonymity.
> It is obvious from the first packet intercepted.

We have four goals:

 * don't break stuff, don't do something that will cause interop issues.

 * hide the identity of the device and the user. I think we achieve that.

 * escape software fingerprinting, avoid identifying the platform being used.

 * hide the fact that we are using randomization

The draft currently does well on the first two goals -- we don't disclose identifiers beyond the MAC address, and we tested interop with a variety of servers.

The draft does an OK job at avoiding fingerprinting, if implementers just require the minimum set of options. The server may be able to find that the client is seeking anonymity, but it will have a hard time finding the client's platform.

The draft does poorly at hiding the desire for randomization, because there are some marked differences with "normal" operations, e.g., not including the host name or the vendor options. The problem there is that in order to really hide, the client would have to lie. It would have for example to manufacture a random host name that looks like something users could have set. It would have to add some vendor options. It would have to present the parameters in pretty much the same way as a "normal" implementation. 

But then, lying can very well have interop consequences, and inventing options can very well facilitate fingerprinting.

> Sten said that the randomization function might be recognizable. That's
> technically true, but for all reasonably good randomizations it would require
> gathering large number of packets before you could draw any statistically
> significant conclusions.

As Bernie and Sten commented, in practice you can only do that if you use crypto-grade randomization. If you just call RAND(), then you are recognized in a single packet. But by using that type of randomization, you also signal that you are trying to hide, since your order is very different from what Windows or Android or IOS do.

> Christian said that the order of options comes from how the software processes
> the packet. I understand that. But I think the conclusion coming out of it is
> somewhat weak. You say that it's doable to order options by option code but it's
> too much effort to randomly reshuffle them? In both cases that would likely be
> a step conducted at the final steps of packet processing, shortly before sending it
> over the wire.

Ordering the ORO/PRL codes is trivial. In our implementation, that's just a constant list.

Ordering the actual options is harder. The code has logic like "encode the options common to all message types, then encode the options requested for this specific message."

> I still think that randomizing the order of both options and option codes in
> PRL/ORO is the way to go. If you strongly object to that, perhaps the text could
> say that the client SHOULD randomize, but if it's not possible for whatever
> reason, it MAY send options/option codes ordered by option number.

I could live with that if that enables consensus.

-- Christian Huitema