[Gen-art] Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 06 February 2016 00:13 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 835231B30AF; Fri, 5 Feb 2016 16:13:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R4Vp2wvlmyiC; Fri, 5 Feb 2016 16:13:11 -0800 (PST)
Received: from mail-pf0-x234.google.com (mail-pf0-x234.google.com [IPv6:2607:f8b0:400e:c00::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98AF01B3034; Fri, 5 Feb 2016 16:13:11 -0800 (PST)
Received: by mail-pf0-x234.google.com with SMTP id w123so77117064pfb.0; Fri, 05 Feb 2016 16:13:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:subject:to:organization:message-id:date:user-agent :mime-version:content-type:content-transfer-encoding; bh=TrdlFvplGYCH441DcbrgC/0VGMYcsox8DsP0GNpgYJs=; b=Ep1GcOPVhjJudG99pDMwH9anfld+nd26w5vSlxp5FYT95o2SEBMSbm6UE3XeEQAtq4 WpS0jzDdT5irFCK2DJX9tgG43jpZ+M35IrikMo8saE/ANCuotUuNtSZb5I5vuPz0FwMD Zl5MLFCNxioDVudHAjPqFQyuPZDDd/KLQYVORIeqccund/x41L1IfIM3befciYPMdGCC qhit2D+x9yIysKnmiRker2WSS7qT3ZO/bEaOnN9cZH7iHIB3D064R5/yrGUfpiHBEp/g ylq/IrFdYYtBVIHBFBcAguR8EBzkYkmjJIYA0HXVDcOFqFE+A8wrEv8ir5rZyUrUR0/f 3Z5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:subject:to:organization:message-id:date :user-agent:mime-version:content-type:content-transfer-encoding; bh=TrdlFvplGYCH441DcbrgC/0VGMYcsox8DsP0GNpgYJs=; b=mc33ASECc6XoPYubQkAV/YIUu1DfahQEJmfMN/RKq+iO/CxIKa/49bXgMM3P8t52MA sKWWtbfTo0HlNPVul///x/t3uZnoI9Mzweh3bU1ySuroeOf14O4PxjDz1hPRVHBSAuRs BALPVYMvKxQLE+AfsTLnoOd84SxFaN/J+QtmayKTqbjFcn76yHyWyH0BheeHq5bWNH6J Uft3sRWa1M2MTLJm8jP2ik2JkSSUoIBKeGruxfGe11bNYOpwyg3wWHTX/sK8w9J0W5qc UAQn+0JM/XfTQvcTYLtqvs7O4oLgiBfHkOtBwtE/1rZCBrZuvnmnlUeVI3YTtcilefiJ OffA==
X-Gm-Message-State: AG10YOT9rPiDZ4YiR/JCgI4hFx7wpvxcML66fvLMapBxKDwLb3gpSLmLDg898da57Pqfvg==
X-Received: by 10.98.15.145 with SMTP id 17mr17441080pfp.19.1454717591290; Fri, 05 Feb 2016 16:13:11 -0800 (PST)
Received: from ?IPv6:2406:e007:4357:1:28cc:dc4c:9703:6781? ([2406:e007:4357:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id 195sm24062999pfa.5.2016.02.05.16.13.07 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 05 Feb 2016 16:13:09 -0800 (PST)
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
To: draft-ietf-dhc-anonymity-profile.all@ietf.org, General Area Review Team <gen-art@ietf.org>
Organization: University of Auckland
Message-ID: <56B53A9E.50109@gmail.com>
Date: Sat, 06 Feb 2016 13:13:18 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/5vmM0swFkS9IlIiAJ0gKCP9ZHO4>
Subject: [Gen-art] Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 00:13:13 -0000
I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <http://wiki.tools.ietf.org/area/gen/trac/wiki/GenArtfaq>. Document: draft-ietf-dhc-anonymity-profile-06.txt Reviewer: Brian Carpenter Review Date: 2016-02 IETF LC End Date: 2016-02-15 IESG Telechat date: Summary: Almost ready -------- Comment: -------- There is a reciprocal-RAND IPR disclosure against this draft Minor Issues: ------------- > 3.5. Client Identifier Option ... > In contradiction to [RFC4361], when using the anonymity profile, DHCP > clients MUST use client identifiers based solely on the link layer > address that will be used in the underlying connection. The use of "solely" bothers me. I understand why the ID must be based on the MAC address, but why can't it be (for example) a hash of that address with a pseudo-random nonce? "Solely" seems to exclude that sort of solution. ... > There are usages of DHCP where the underlying connection is a point > to point link, in which case there is no link layer address available > to construct a non-revealing identifier. If anonymity is desired in > such networks, the client SHOULD pick a random identifier that is > unique to the current link, using for example a combination of a > local secret and an identifier of the connection. Firstly, s/random/pseudo-random/ and s/unique/highly likely to be unique/ Secondly, this seems underspecified. Something more like https://tools.ietf.org/html/rfc7217#section-5 seems necessary. > 4.3. Client Identifier DHCPv6 Option ... > When using the anonymity profile without the benefit of randomized > link-layer addresses, clients that want to protect their privacy > SHOULD generate a new randomized DUID-LLT every time they attach to a > new link or detect a possible link change event. Firstly, again, it's always pseudo-random in a computer. Secondly, it isn't obvious from the text that you are really abusing the RFC 3315 format by using a bogus MAC address and bogus timestamp. I suggest rewriting the sentence: When using the anonymity profile without the benefit of pseudo-random link-layer addresses, clients that want to protect their privacy SHOULD generate a new pseudo-random identifier in DUID-LLT format every time they attach to a new link or detect a possible link change event. Syntactically this identifier will conform to [RFC3315] but its content is meaningless. > 4.5.2. Prefix delegation > > The interaction between prefix delegation and anonymity require > further study. For now, the simple solution is to avoid using prefix > delegation when striving for anonymity. When using the anonymity > profiles, clients SHOULD NOT use IA_PD, the prefix delegation form of > address assignment. I see the issue, but this may be problematic for some scenarios. I think this choice needs to be reviewed in 6man. I will make that happen. > 5. Operational Considerations > > The anonymity profile has the effect of hiding the client identity > from the DHCP server. This is not always desirable. Some DHCP > servers provide facilities like publishing names and addresses in the > DNS, or ensuring that returning clients get reassigned the same > address. Many DHCP servers will only give addresses to pre-registered MAC addresses. That should probably be noted, because it will prevent all use of pseudo-random MAC addresses. (Another reason to hash the MAC address with a nonce.)
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Christian Huitema
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Brian E Carpenter
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Brian E Carpenter
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Christian Huitema