IETF Logo Mail Archive

[dhcwg] Order of options for DHCP Anonymity profile

Christian Huitema <huitema@microsoft.com> Sun, 30 August 2015 17:08 UTC

Return-Path: <huitema@microsoft.com>
X-Original-To: dhcwg@ietfa.amsl.com
Delivered-To: dhcwg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5356E1B2A07 for <dhcwg@ietfa.amsl.com>; Sun, 30 Aug 2015 10:08:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mHIEsH8t8hFh for <dhcwg@ietfa.amsl.com>; Sun, 30 Aug 2015 10:08:55 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0792.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::792]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85BA81AC434 for <dhcwg@ietf.org>; Sun, 30 Aug 2015 10:08:51 -0700 (PDT)
Received: from DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) by DM2PR0301MB1181.namprd03.prod.outlook.com (10.160.217.143) with Microsoft SMTP Server (TLS) id 15.1.256.15; Sun, 30 Aug 2015 17:08:49 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0654.namprd03.prod.outlook.com (10.160.96.16) with Microsoft SMTP Server (TLS) id 15.1.256.15; Sun, 30 Aug 2015 17:08:48 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0256.013; Sun, 30 Aug 2015 17:08:47 +0000
From: Christian Huitema <huitema@microsoft.com>
To: "dhcwg@ietf.org" <dhcwg@ietf.org>
Thread-Topic: Order of options for DHCP Anonymity profile
Thread-Index: AdDjQ5/X5uFde6IFSve9jsTqSE4nXQ==
Date: Sun, 30 Aug 2015 17:08:46 +0000
Message-ID: <DM2PR0301MB0655D1C7800B593A3C6268A1A86C0@DM2PR0301MB0655.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=huitema@microsoft.com; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [24.16.156.113]
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0654; 5:Was00FDccZIFvBY2lwc8269HoQkVCdk9SPCo1ojucUz1Z1GCsdM0Cy5bvM5Fwe4T5e2bglEnBtXwjd7oJBBhtFr9fcT+1P4MdQBn46bgvC1hpK+EzKuOBO4SxZ/aMpxFaWQuW4dw6/AVuIHhScSg1A==; 24:SwQEwWpDGSvIXhaeA+w4RRJB6mW8Htb8rDoEADrB6UEAlriynYqGS1gBXVXZHIMy24ofIbGIRKEljYV57mgVTzJfdMef/Qb3xHu9UsvwJvo=; 20:U5fcBxyXnX0VYNcKmBm/OGuEDC1ogKfEB8KaiFoBoua3L0qQG0dhSUdt+9V7fz/vy65srbXU+u/sB7gdki9PLA==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654; UriScan:; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB1181;
x-microsoft-antispam-prvs: <DM2PR0301MB06540D144EAB0E62DE39AB05A86C0@DM2PR0301MB0654.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(8121501046)(3002001); SRVR:DM2PR0301MB0654; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0654;
x-forefront-prvs: 0684F80A5C
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(68736005)(76576001)(4001540100001)(189998001)(74316001)(5001920100001)(101416001)(2351001)(110136002)(66066001)(10090500001)(107886002)(122556002)(99286002)(105586002)(40100003)(106356001)(2656002)(5004730100002)(62966003)(5001960100002)(33656002)(229853001)(450100001)(102836002)(64706001)(77156002)(5003600100002)(2501003)(86362001)(5001830100001)(2900100001)(5001860100001)(46102003)(86612001)(5005710100001)(10290500002)(81156007)(10400500002)(92566002)(77096005)(97736004)(54356999)(5007970100001)(50986999)(87936001)(5002640100001)(8990500004); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0654; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Aug 2015 17:08:46.9931 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0654
X-Microsoft-Exchange-Diagnostics: 1; DM2PR0301MB1181; 2:IA4Hxvybhn/dfY4p1ee2tWEeIYHqkTRSpREgYdYJdX/SPE/TqlzaFWn0G5L3vpFPBulf9ZbhuAzkx1DnFzVdTUHXYl4y6Rxd2YRm2M1BbW1NVjmdVInw/ZVW+R1b78nKxiJw6BLxGgMPLCHv4ednYBpRhf9Kz/HZPfQ/rT+HygM=; 3:AZwh5jC/tzM/lrgCZuaZegDvnNVYvdqOebjn3x0qWZGxL1jvwQg7mW0y9+Ke+6+ICzbHIsHoiJEDLtdAhrTE0MYRWNULLIvHKCKVAxkJgB+plERq3gBSQZPmamgLi12HlTGuaAilxkn6mfsHB87tqA==; 25:SESwa2V5INXjfSaEQYX7yRqyv9rOZVGlaHhyqMemuRVhe5FAdv0dMYzsX7mZYoTIGHxgRmiEOUqTzszFSGU0oTf3LtAuMDws7NB1qmcylor4AWwoj8h9qx5ODvQupCVitCVP/o4IxGpGHlpJarSSXHCdMmiLDi7JmFVV45IrX3CKRX9G9vXgbT3zWpmoLaMRIKwPKY/pl3LVL0shThRidQYg7US3I7beN5CYP1u/RkFu69buHp5w0608uioDEf8Q; 23:LwDn2CLC3oKi6X0VpPIsmEqUc5EAupBwvMj8P1UqPgD5lJqLwc4mHnA2B4r8Vly0JIQawfXM2hlwfAxqkqzMRO36fu7XZhP8deBMuNovKHgHt/llr5oYCKaDT09vKVOIWFp9R89vCFd/XY8WGKUZLNMWlWoz/qT1QpHatuOIj+eK0ARaTxssbIsXwDjoE/66
X-OriginatorOrg: microsoft.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/dhcwg/w5ur60oFYHgUn_0q_4lFprtesp4>
Subject: [dhcwg] Order of options for DHCP Anonymity profile
X-BeenThere: dhcwg@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dhcwg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dhcwg/>
List-Post: <mailto:dhcwg@ietf.org>
List-Help: <mailto:dhcwg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dhcwg>, <mailto:dhcwg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Aug 2015 17:08:57 -0000

In his review of the anonymity profile, Bernie suggested considering the order of options and the PRL parameter of DHCPv4:

> BV> New section between 3.4 and 3.5 to include the PRL similar to ORO text in
> 3.5? Kind of odd that the Parameter Request List isn't mentioned at all for
> DHCPv4 where there exists a fairly extensive fingerprinting database (mostly
> based on the PRL).

I am looking at the current text in the draft, and the DHCPv6 paragraph reads:

   One specific method used for fingerprinting utilizes the order in
   which options are included in the message.  Another related technique
   utilizes the order in which option codes are included in an Option
   Request Option (ORO).

   The client willing to protect its privacy SHOULD randomize options
   order before sending any DHCPv6 message.  Such a client SHOULD also
   randomly shuffle the option codes order in ORO.

We could add similar text in the DHCPv4 section, but I have a small question regarding practicality of "randomizing the options." The current code is simple and static, with different blocks processing different related options. Randomization would require either executing the code blocks in random order, which is tricky, or adding a post processing phase to shuffle components of the messages, which is not natural.

As far as the ORO or PRL options are concerned, I would suggest that requested option numbers be sorted from smaller to larger. That allows for static implementations, and defeats fingerprinting just as well as randomization.

For the ordering of the actual options, I don't think that requiring randomized order is practical, and I would prefer allowing implementers to use a static order.

Any advice from the WG?

-- Christian Huitema

v2.23.0 | Report a Bug | By Email