Re: [dhcwg] Order of options for DHCP Anonymity profile

"Bernie Volz (volz)" <> Mon, 31 August 2015 14:20 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 1D31C1ACE1B for <>; Mon, 31 Aug 2015 07:20:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SwUKgqBbIYIz for <>; Mon, 31 Aug 2015 07:20:06 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A7E621B2B9C for <>; Mon, 31 Aug 2015 07:20:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=15342; q=dns/txt; s=iport; t=1441030807; x=1442240407; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=DJRgyIiWiB3KWifZscEhcILMFd3wlxMFWeuRTOKXMUc=; b=Fyr2VzztwDqZYOIln7s3XxM51L6OahxFUslfVBrJY3zTLFWKlJ9vjgne 06UmsjjK78D9DrR/mKmNXyP+7Tz4dT+Xk6ZQ70ALVBu5pHKFunh4xo5YI Rxvs1OjwsOY7iMk1htjIG4kUltNltO0aVZEOvZywL5Yrijn98A7q0+9wn 4=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos; i="5.17,441,1437436800"; d="scan'208,217"; a="28377011"
Received: from ([]) by with ESMTP; 31 Aug 2015 14:20:06 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id t7VEK5CN027690 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 31 Aug 2015 14:20:05 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1104.5; Mon, 31 Aug 2015 09:20:04 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Mon, 31 Aug 2015 09:20:04 -0500
Received: from ([]) by ([]) with mapi id 14.03.0248.002; Mon, 31 Aug 2015 09:20:04 -0500
From: "Bernie Volz (volz)" <>
To: Sten Carlsen <>, Christian Huitema <>, "" <>
Thread-Topic: [dhcwg] Order of options for DHCP Anonymity profile
Thread-Index: AQHQ41JSD5yQAUirvEGDoxykz0jpKJ4mJvfg
Date: Mon, 31 Aug 2015 14:20:04 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_489D13FBFA9B3E41812EA89F188F018E1CC5EE54xmbrcdx04ciscoc_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [dhcwg] Order of options for DHCP Anonymity profile
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 31 Aug 2015 14:20:10 -0000

Ordering by option number seems a fine (and simpler) approach. The differences in options requested might still make fingerprinting possible (especially for clients that ask for more unusual options).

Perhaps for anonymity, it might even be appropriate to consider reducing the option set a client asks for to those it really needs (for basic connectivity). Though this might also have minimal impact, as I suspect the more bizarre option requests are typically from things that aren't usually very mobile?

-          Bernie

From: dhcwg [] On Behalf Of Sten Carlsen
Sent: Sunday, August 30, 2015 2:11 PM
To: Christian Huitema;
Subject: Re: [dhcwg] Order of options for DHCP Anonymity profile

On 30/08/15 19:08, Christian Huitema wrote:

In his review of the anonymity profile, Bernie suggested considering the order of options and the PRL parameter of DHCPv4:

BV> New section between 3.4 and 3.5 to include the PRL similar to ORO text in

3.5? Kind of odd that the Parameter Request List isn't mentioned at all for

DHCPv4 where there exists a fairly extensive fingerprinting database (mostly

based on the PRL).

I am looking at the current text in the draft, and the DHCPv6 paragraph reads:

   One specific method used for fingerprinting utilizes the order in

   which options are included in the message.  Another related technique

   utilizes the order in which option codes are included in an Option

   Request Option (ORO).

   The client willing to protect its privacy SHOULD randomize options

   order before sending any DHCPv6 message.  Such a client SHOULD also

   randomly shuffle the option codes order in ORO.

We could add similar text in the DHCPv4 section, but I have a small question regarding practicality of "randomizing the options." The current code is simple and static, with different blocks processing different related options. Randomization would require either executing the code blocks in random order, which is tricky, or adding a post processing phase to shuffle components of the messages, which is not natural.

As far as the ORO or PRL options are concerned, I would suggest that requested option numbers be sorted from smaller to larger. That allows for static implementations, and defeats fingerprinting just as well as randomization.

For the ordering of the actual options, I don't think that requiring randomized order is practical, and I would prefer allowing implementers to use a static order.

Any advice from the WG?
This is a tricky issue. There are several paths, each with its perils:
- some devices on the network randomises, some don't - this highlights who wants to be anonymous.
- the randomisation function might be recognisable, yielding another fingerprint.
- the collection of what you ask for is still a good part of a fingerprint regardless of sequence.

The most anonymous approach would probably be that each device asks for the exact same things in the exact same order all over the world. This is obviously not going to happen.

Just my 0.02$

-- Christian Huitema


dhcwg mailing list<>


Best regards

Sten Carlsen

No improvements come from shouting: