Re: [Gen-art] Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
Brian E Carpenter <brian.e.carpenter@gmail.com> Sat, 06 February 2016 02:10 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA7061A1AA6; Fri, 5 Feb 2016 18:10:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dO0CMCVUdGiO; Fri, 5 Feb 2016 18:10:44 -0800 (PST)
Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE621A00C3; Fri, 5 Feb 2016 18:10:44 -0800 (PST)
Received: by mail-pf0-x22f.google.com with SMTP id n128so77539789pfn.3; Fri, 05 Feb 2016 18:10:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:organization:message-id:date:user-agent :mime-version:in-reply-to:content-type:content-transfer-encoding; bh=BN4YJ5pAtfHIlehsTq5/AERKvLNoPKmQMtm49RJoFHc=; b=nH//P53bID7feoXDup2+1hRWXXXtynMg5881T3DfLYlBQRcL4T+ad2uusGyNnTCq9/ mSdsRYwwn9Tzc+Yb0afOWfyelFOdVBgMN8edqI1KTAWer0qkIVEEGEkdDthqlAc3eV9P XVcZSs2+RvLQB0gIX055bwI/h8yajPjUFkd8sTasvuFQNenUZN8uuuBD40rHnJDcHKRI JmZmJb+1v6+kIhA8arm3WqLTkMgrHrhl87b3pBxB14etX8iWpHmuQDt0sCNgeBwKp3zQ bBHjxQDMpbBySSz4jZ/Se3/Lr4mOXh2sQv8rCpTVxdIDgN6UsbkwpoNFSZadslMrHTrs N44g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:organization :message-id:date:user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=BN4YJ5pAtfHIlehsTq5/AERKvLNoPKmQMtm49RJoFHc=; b=gp1jmwknPP48aMHFbI4uG2ZpADn4DV57w3POIGSEsahwGsexnut1qoXyqoUdDVI7i1 EcMON5Hy+G5YvRjJjEBrItBMnOy4+Jurk7ZFFExSIppLKs5xeygYwz6IfMo2GXrfp6yS DI7AFjkuIf4M5cDneRWsbNxtApxxSL5quMiaT29ITk9s3nzF827T7qQLGz6qjdH0Jg2N GrJORyoll4RdRDod6tjXkk8eZWauLwyfXKxCKSEjqemghjxtc11VZththdExBLwMb95n 1zTBrOxCwxmaDxLtUhp5qO2QG9osUzMidjFhNOG4UvGZmuuGXKWDmsynErMUZ+RirHG3 oeSA==
X-Gm-Message-State: AG10YORmX2q5zPNVwq4y0DUvnMhS5iaE7+ZCyXJCXU4+8IJiPFwfDq/C1EsRJaPlo2EvWA==
X-Received: by 10.98.65.206 with SMTP id g75mr24299371pfd.94.1454724644230; Fri, 05 Feb 2016 18:10:44 -0800 (PST)
Received: from ?IPv6:2406:e007:4357:1:28cc:dc4c:9703:6781? ([2406:e007:4357:1:28cc:dc4c:9703:6781]) by smtp.gmail.com with ESMTPSA id z67sm27188141pfa.71.2016.02.05.18.10.40 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 05 Feb 2016 18:10:42 -0800 (PST)
To: Christian Huitema <huitema@microsoft.com>, "draft-ietf-dhc-anonymity-profile.all@ietf.org" <draft-ietf-dhc-anonymity-profile.all@ietf.org>, General Area Review Team <gen-art@ietf.org>
References: <56B53A9E.50109@gmail.com> <DM2PR0301MB06557907B0415CD0538DC93BA8D30@DM2PR0301MB0655.namprd03.prod.outlook.com>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Organization: University of Auckland
Message-ID: <56B5562B.6040300@gmail.com>
Date: Sat, 06 Feb 2016 15:10:51 +1300
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <DM2PR0301MB06557907B0415CD0538DC93BA8D30@DM2PR0301MB0655.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/aa_MBeBTn3izV2Se3MxxOhcfS-w>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 02:10:46 -0000
Bonjour Christian, On 06/02/2016 14:46, Christian Huitema wrote: > On Friday, February 5, 2016 4:13 PM, Brian E Carpenter wrote: >> ... >> >> Document: draft-ietf-dhc-anonymity-profile-06.txt >> Reviewer: Brian Carpenter >> Review Date: 2016-02 >> IETF LC End Date: 2016-02-15 >> IESG Telechat date: >> >> Summary: Almost ready >> -------- >> >> Comment: >> -------- >> >> There is a reciprocal-RAND IPR disclosure against this draft >> >> Minor Issues: >> ------------- >> >>> 3.5. Client Identifier Option >> ... >>> In contradiction to [RFC4361], when using the anonymity profile, DHCP >>> clients MUST use client identifiers based solely on the link layer >>> address that will be used in the underlying connection. >> >> The use of "solely" bothers me. I understand why the ID must be based on >> the MAC address, but why can't it be (for example) a hash of that address >> with a pseudo-random nonce? "Solely" seems to exclude that sort of >> solution. > > The intent is not to exclude solutions that hash the MAC with something else, but rather to ensure that the station does not disclose more information than already contained in the MAC -- by opposition to using long term identifiers, as specified in RFC 4361. What wording would you suggest? Good, we agree on the intent at least. Would you agree to something like "MUST use client identifiers based solely on the link layer address that will be used in the underlying connection, which MAY be obfuscated by a technique such as a hash." > >> ... >>> There are usages of DHCP where the underlying connection is a point >>> to point link, in which case there is no link layer address available >>> to construct a non-revealing identifier. If anonymity is desired in >>> such networks, the client SHOULD pick a random identifier that is >>> unique to the current link, using for example a combination of a >>> local secret and an identifier of the connection. >> >> Firstly, s/random/pseudo-random/ and s/unique/highly likely to be unique/ > > How "pick a randomized identifier that is highly likely to be unique to the current link?" > > We could discuss whether OS API like "cryptgenrandom" or "/dev/random" are random or pseudorandom. I would rather not go there... OK. That, or cite RFC4086. (I had a similar problem for draft-ietf-anima-grasp and ended up thus: The Session ID SHOULD have a very low collision rate locally. It MUST be generated by a pseudo-random algorithm using a locally generated seed which is unlikely to be used by any other device in the same network [RFC4086]. ) > >> Secondly, this seems underspecified. Something more like >> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ie >> tf.org%2fhtml%2frfc7217%23section- >> 5&data=01%7c01%7chuitema%40microsoft.com%7c8d5e624df9d64ef14b4e0 >> 8d32e8a4e80%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=GsVV%2b >> tNt8FeXjyqO%2f6HM%2f8u2fR3EOG4RmHTeP9TJbi4%3d seems necessary. > > What you see above is the garbage inflicted by our server based anti-phishing protection. But I digress. > > I am a bit reluctant to be too prescriptive on the algorithm, because we have little implementation experience so far. The general patter of hashing a secret and an identifier is well known. We could certainly throw in an informational reference to RFC 7217 if you believe that this helps. Yes, I think so - a hint that this is not exactly a new problem. > > >>> 4.3. Client Identifier DHCPv6 Option >> ... >>> When using the anonymity profile without the benefit of randomized >>> link-layer addresses, clients that want to protect their privacy >>> SHOULD generate a new randomized DUID-LLT every time they attach to a >>> new link or detect a possible link change event. >> >> Firstly, again, it's always pseudo-random in a computer. >> >> Secondly, it isn't obvious from the text that you are really abusing the RFC >> 3315 format by using a bogus MAC address and bogus timestamp. I suggest >> rewriting the sentence: >> >> When using the anonymity profile without the benefit of pseudo-random >> link-layer addresses, clients that want to protect their privacy >> SHOULD generate a new pseudo-random identifier in DUID-LLT format >> every time they attach to a new link or detect a possible link >> change event. Syntactically this identifier will conform to [RFC3315] >> but its content is meaningless. > > Agree with the addition of the "meaningless" comment. > > I would keep "randomized" instead of pseudo-random, because if we do write pseudo random, someone is bound to understand "do not use the cryptographic API that guarantees a high degree of entropy but use a Mersenne Twister instead." Sigh. Again, RFC4086. >>> 4.5.2. Prefix delegation >>> >>> The interaction between prefix delegation and anonymity require >>> further study. For now, the simple solution is to avoid using prefix >>> delegation when striving for anonymity. When using the anonymity >>> profiles, clients SHOULD NOT use IA_PD, the prefix delegation form of >>> address assignment. >> >> I see the issue, but this may be problematic for some scenarios. I think this >> choice needs to be reviewed in 6man. I will make that happen. > > What about inserting there a text explaining that "further work on the topic is needed," or some such? Sure. My concern is that you might unintentionally block off a useful path with that SHOULD NOT. At least there should be a configuration option to allow IA_PD. >>> 5. Operational Considerations >>> >>> The anonymity profile has the effect of hiding the client identity >>> from the DHCP server. This is not always desirable. Some DHCP >>> servers provide facilities like publishing names and addresses in the >>> DNS, or ensuring that returning clients get reassigned the same >>> address. >> >> Many DHCP servers will only give addresses to pre-registered MAC >> addresses. >> That should probably be noted, because it will prevent all use of pseudo- >> random MAC addresses. (Another reason to hash the MAC address with a >> nonce.) > > Yes, we can add a caveat. But the real rule is that some networks will block randomization, and for those network clients have to either refuse to connect or not use this spec... Agreed. Brian
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Christian Huitema
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Brian E Carpenter
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Brian E Carpenter
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Christian Huitema