Re: [Gen-art] Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
Christian Huitema <huitema@microsoft.com> Sat, 06 February 2016 05:43 UTC
Return-Path: <huitema@microsoft.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F1731AC3B3; Fri, 5 Feb 2016 21:43:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HrLaH_1QwUii; Fri, 5 Feb 2016 21:42:53 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0142.outbound.protection.outlook.com [207.46.100.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5E821AC3B5; Fri, 5 Feb 2016 21:42:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Saw9/AwQUrG1FQbNdsKnyEYjjVRFmAVKmL4aUAAlF/Y=; b=deUWos/P5M8AAi1avJLWCAyV9H3cFumYYWV3hduH8wd4H/rYMxLt448ykokL7jDS4sjsh+FZMQD0e1PXYSQOZpmAfL/4knbVNQKQUuO2kT9l8pw6OyVVAt9FLPDn3b2/qdnsW2ZuirO7/udxMVZl8R/KUlfomq/pqyT/7eYu990=
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com (10.160.96.17) by DM2PR0301MB0653.namprd03.prod.outlook.com (10.160.96.15) with Microsoft SMTP Server (TLS) id 15.1.396.15; Sat, 6 Feb 2016 05:42:51 +0000
Received: from DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) by DM2PR0301MB0655.namprd03.prod.outlook.com ([10.160.96.17]) with mapi id 15.01.0396.020; Sat, 6 Feb 2016 05:42:50 +0000
From: Christian Huitema <huitema@microsoft.com>
To: Brian E Carpenter <brian.e.carpenter@gmail.com>, "draft-ietf-dhc-anonymity-profile.all@ietf.org" <draft-ietf-dhc-anonymity-profile.all@ietf.org>, General Area Review Team <gen-art@ietf.org>
Thread-Topic: Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
Thread-Index: AQHRYHMtlbswx1xXBkeVUuuYCpeaAJ8eOi6ggAAMH4CAADqbkA==
Date: Sat, 06 Feb 2016 05:42:49 +0000
Message-ID: <DM2PR0301MB0655DF68955C3CA3A530470AA8D30@DM2PR0301MB0655.namprd03.prod.outlook.com>
References: <56B53A9E.50109@gmail.com> <DM2PR0301MB06557907B0415CD0538DC93BA8D30@DM2PR0301MB0655.namprd03.prod.outlook.com> <56B5562B.6040300@gmail.com>
In-Reply-To: <56B5562B.6040300@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:8900:31e1:6868:b348:dd01:8a4f]
x-ms-office365-filtering-correlation-id: ed221858-2bce-41ca-96c4-08d32eb85a0a
x-microsoft-exchange-diagnostics: 1; DM2PR0301MB0653; 5:K0cW2ZARluy6ldqXu7jEjXG4ubsBtg1MzmfDhaAeBl25XMnYeEwYTJDcJnvdqeIk4D9/4dA/8zMkbofKUdJ6NZIoggOTHp2nGHJqms4dW/6VGMyljdEzFHOA+JS9x8+3vy5Ww5DKlVYKMm93UFK8EQ==; 24:V7pr4/qRe524cW+VpvKBvlmvnHSEJMw2mJPOV2j7s/sHJaH1/FDA4S4PyPBzv/u+ADLmjymeL4LFU0/NTQ2ofR8ChY3W1etVSYUXtE4awxk=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0301MB0653;
x-microsoft-antispam-prvs: <DM2PR0301MB065302FEF7CCE00B9DD65396A8D30@DM2PR0301MB0653.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:DM2PR0301MB0653; BCL:0; PCL:0; RULEID:; SRVR:DM2PR0301MB0653;
x-forefront-prvs: 08444C7C87
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(479174004)(51914003)(377454003)(24454002)(377424004)(5003600100002)(2900100001)(86362001)(3660700001)(15975445007)(6116002)(40100003)(86612001)(2950100001)(1220700001)(5001960100002)(586003)(10090500001)(92566002)(107886002)(5008740100001)(74316001)(5005710100001)(10290500002)(1096002)(189998001)(10400500002)(77096005)(122556002)(50986999)(33656002)(5001770100001)(106116001)(87936001)(8990500004)(99286002)(2906002)(230783001)(3280700002)(76576001)(19580395003)(5002640100001)(76176999)(102836003)(2501003)(5004730100002)(54356999)(5890100001); DIR:OUT; SFP:1102; SCL:1; SRVR:DM2PR0301MB0653; H:DM2PR0301MB0655.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2016 05:42:50.0281 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0301MB0653
Archived-At: <http://mailarchive.ietf.org/arch/msg/gen-art/rLuK_6uH3Fp2vQ97LLuSuZFAVIo>
Subject: Re: [Gen-art] Gen-ART Last Call review of draft-ietf-dhc-anonymity-profile-06
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Feb 2016 05:43:00 -0000
On Friday, February 5, 2016 6:11 PM, Brian Carpenter wrote > Bonjour Christian, Hello Brian Thanks for the suggestions. I will update the draft accordingly, but I will also wait a few day to check whether there is more feedback coming from other reviewers. -- Christian Huitema > > On 06/02/2016 14:46, Christian Huitema wrote: > > On Friday, February 5, 2016 4:13 PM, Brian E Carpenter wrote: > >> ... > >> > >> Document: draft-ietf-dhc-anonymity-profile-06.txt > >> Reviewer: Brian Carpenter > >> Review Date: 2016-02 > >> IETF LC End Date: 2016-02-15 > >> IESG Telechat date: > >> > >> Summary: Almost ready > >> -------- > >> > >> Comment: > >> -------- > >> > >> There is a reciprocal-RAND IPR disclosure against this draft > >> > >> Minor Issues: > >> ------------- > >> > >>> 3.5. Client Identifier Option > >> ... > >>> In contradiction to [RFC4361], when using the anonymity profile, DHCP > >>> clients MUST use client identifiers based solely on the link layer > >>> address that will be used in the underlying connection. > >> > >> The use of "solely" bothers me. I understand why the ID must be based on > >> the MAC address, but why can't it be (for example) a hash of that address > >> with a pseudo-random nonce? "Solely" seems to exclude that sort of > >> solution. > > > > The intent is not to exclude solutions that hash the MAC with something > else, but rather to ensure that the station does not disclose more information > than already contained in the MAC -- by opposition to using long term > identifiers, as specified in RFC 4361. What wording would you suggest? > > Good, we agree on the intent at least. Would you agree to something like > "MUST use client identifiers based solely on the link layer > address that will be used in the underlying connection, which > MAY be obfuscated by a technique such as a hash." > > > > > >> ... > >>> There are usages of DHCP where the underlying connection is a point > >>> to point link, in which case there is no link layer address available > >>> to construct a non-revealing identifier. If anonymity is desired in > >>> such networks, the client SHOULD pick a random identifier that is > >>> unique to the current link, using for example a combination of a > >>> local secret and an identifier of the connection. > >> > >> Firstly, s/random/pseudo-random/ and s/unique/highly likely to be > unique/ > > > > How "pick a randomized identifier that is highly likely to be unique to the > current link?" > > > > We could discuss whether OS API like "cryptgenrandom" or "/dev/random" > are random or pseudorandom. I would rather not go there... > > OK. That, or cite RFC4086. > > (I had a similar problem for draft-ietf-anima-grasp and ended up thus: > > The Session ID SHOULD have a very low collision rate locally. It > MUST be generated by a pseudo-random algorithm using a locally > generated seed which is unlikely to be used by any other device in > the same network [RFC4086]. > ) > > > > > >> Secondly, this seems underspecified. Something more like > >> > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftools.ie > >> tf.org%2fhtml%2frfc7217%23section- > >> > 5&data=01%7c01%7chuitema%40microsoft.com%7c8d5e624df9d64ef14b4e0 > >> > 8d32e8a4e80%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=GsVV%2b > >> tNt8FeXjyqO%2f6HM%2f8u2fR3EOG4RmHTeP9TJbi4%3d seems necessary. > > > > What you see above is the garbage inflicted by our server based anti- > phishing protection. But I digress. > > > > I am a bit reluctant to be too prescriptive on the algorithm, because we > have little implementation experience so far. The general patter of hashing a > secret and an identifier is well known. We could certainly throw in an > informational reference to RFC 7217 if you believe that this helps. > > Yes, I think so - a hint that this is not exactly a new problem. > > > > > > >>> 4.3. Client Identifier DHCPv6 Option > >> ... > >>> When using the anonymity profile without the benefit of randomized > >>> link-layer addresses, clients that want to protect their privacy > >>> SHOULD generate a new randomized DUID-LLT every time they attach to > a > >>> new link or detect a possible link change event. > >> > >> Firstly, again, it's always pseudo-random in a computer. > >> > >> Secondly, it isn't obvious from the text that you are really abusing the RFC > >> 3315 format by using a bogus MAC address and bogus timestamp. I > suggest > >> rewriting the sentence: > >> > >> When using the anonymity profile without the benefit of pseudo-random > >> link-layer addresses, clients that want to protect their privacy > >> SHOULD generate a new pseudo-random identifier in DUID-LLT format > >> every time they attach to a new link or detect a possible link > >> change event. Syntactically this identifier will conform to [RFC3315] > >> but its content is meaningless. > > > > Agree with the addition of the "meaningless" comment. > > > > I would keep "randomized" instead of pseudo-random, because if we do > write pseudo random, someone is bound to understand "do not use the > cryptographic API that guarantees a high degree of entropy but use a > Mersenne Twister instead." > > Sigh. Again, RFC4086. > > >>> 4.5.2. Prefix delegation > >>> > >>> The interaction between prefix delegation and anonymity require > >>> further study. For now, the simple solution is to avoid using prefix > >>> delegation when striving for anonymity. When using the anonymity > >>> profiles, clients SHOULD NOT use IA_PD, the prefix delegation form of > >>> address assignment. > >> > >> I see the issue, but this may be problematic for some scenarios. I think this > >> choice needs to be reviewed in 6man. I will make that happen. > > > > What about inserting there a text explaining that "further work on the topic > is needed," or some such? > > Sure. My concern is that you might unintentionally block off a useful > path with that SHOULD NOT. At least there should be a configuration option > to allow IA_PD. > > >>> 5. Operational Considerations > >>> > >>> The anonymity profile has the effect of hiding the client identity > >>> from the DHCP server. This is not always desirable. Some DHCP > >>> servers provide facilities like publishing names and addresses in the > >>> DNS, or ensuring that returning clients get reassigned the same > >>> address. > >> > >> Many DHCP servers will only give addresses to pre-registered MAC > >> addresses. > >> That should probably be noted, because it will prevent all use of pseudo- > >> random MAC addresses. (Another reason to hash the MAC address with a > >> nonce.) > > > > Yes, we can add a caveat. But the real rule is that some networks will block > randomization, and for those network clients have to either refuse to connect > or not use this spec... > > Agreed. > > Brian
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Christian Huitema
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Brian E Carpenter
- [Gen-art] Gen-ART Last Call review of draft-ietf-… Brian E Carpenter
- Re: [Gen-art] Gen-ART Last Call review of draft-i… Christian Huitema