IETF Logo Mail Archive

Re: [Last-Call] Artart last call review of draft-ietf-v6ops-dhcp-pd-per-device-06

Jen Linkova <furry13@gmail.com> Sun, 18 February 2024 23:26 UTC

Return-Path: <furry13@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74875C14F5F7; Sun, 18 Feb 2024 15:26:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.858
X-Spam-Level:
X-Spam-Status: No, score=-6.858 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id spD5rrGau6wl; Sun, 18 Feb 2024 15:26:21 -0800 (PST)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95D8CC14F5EF; Sun, 18 Feb 2024 15:26:21 -0800 (PST)
Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2d0bc402c8eso35198031fa.1; Sun, 18 Feb 2024 15:26:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708298779; x=1708903579; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=M5e/MG1RZcqI2f+3fldzDpRTNs98oivRzeU+wgHo95M=; b=N+a9I9mfOg/gJaACBIF22HWjkJv9bPoCCq2GpBzA8wnyCumLpKNG5DMQH2G9mXWUnw QT02HTh4lfVezkhDZX7HZnaxnMRRZmlupdaXyX7zJIrz0slY7Qi6DsfOAFsGHwu2PBo8 aSVXWBPyRaV4hSfuDZ672kyMYAcAYWDIhfbxomkLDva0/s/EU14R4D+NUoRonzIPs+02 ktiwLu1+A61RErCbjSEcbHvz2ls9GeYhJNXz83uiDNdENY0UPftEzUonqwm3Qqc/O/6E 7sJ+Gj+bodemGSLmdv/cdPMXoqQE6Vz6Xs297asgsdBcgOFgryt0oVkM6IvO1a1tLUB4 jbXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708298779; x=1708903579; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=M5e/MG1RZcqI2f+3fldzDpRTNs98oivRzeU+wgHo95M=; b=tlJA9llNCDMGzusW0VWqrsFSwV+XSCmByZH5mWPD5CeGueIl/ODbQKzKkpF7fpngY0 ztA1aRWuUP2DCih4GYZGd4j5xjUWN9+CmpvFazwPaZ390NKNCKBBvJpPjmDwmgaUx3nd lqIp/TxZr4iGLe2vVOYcgOLzCYQ/IYtT1PHRFj/Gp8Pg6PkGeTK/QpMaWs2+tyGnZJV3 Hex5aIcn5F5JYI41fYTR2oH3SUYBExrleaczdTPUIhbDtWdJDc+cJiLllxp8TVDV6lro efNyuXlG5r6PaDymEmf0x3s2YFt2yobHAu+pu25aBc2Ab+e2OeWd6rFka+d/KCb0E7mx hwZA==
X-Forwarded-Encrypted: i=1; AJvYcCXE9h0bAkxQeBpVoY85jwzzU5f5nfi9+3E52PeTBT9CpLZahni1nESJ4c6i4tbNafVvBrQAt9pJHFMdfB5dZey9ZLylaOhaSJ/7fOKfm/noKSuDBWgd1DvCEMLt9vUmsgu8NO0E09MlQy9hnP2uf8qMFV5p+J4Zy087LXthMQ75cap4WAM=
X-Gm-Message-State: AOJu0YzGSU4DiKi8gV5ZCOJPU1Nj9i9L4reXfDBzkby9rwGKxR0Cm1YS gwcY97RqlweKrQKR1Co2ud+PE+3FQ6EHlZCBH1D+BPr4I+cIsT20KIKYjKsnQ+OGQUxUYbZjjra NgGjWll408i3XqupO7LoUUIxadUVauwf8UAM=
X-Google-Smtp-Source: AGHT+IGKSI7KNkWz2KVTjH79lO6Cve/0al7tmKFQLBYZoKHxSCHDOZhHNopRe5FF0fOpjcJaZU/ibZ+BflQRGPxVJtM=
X-Received: by 2002:a2e:be8c:0:b0:2d2:214a:59b0 with SMTP id a12-20020a2ebe8c000000b002d2214a59b0mr2085816ljr.4.1708298778707; Sun, 18 Feb 2024 15:26:18 -0800 (PST)
MIME-Version: 1.0
References: <170729098974.18180.7426380502291118487@ietfa.amsl.com> <CAFU7BARg6_d23nF5Rt68vncLk1uzoJdKJ5iVNyxS493KJAj1pg@mail.gmail.com>
In-Reply-To: <CAFU7BARg6_d23nF5Rt68vncLk1uzoJdKJ5iVNyxS493KJAj1pg@mail.gmail.com>
From: Jen Linkova <furry13@gmail.com>
Date: Mon, 19 Feb 2024 00:26:07 +0100
Message-ID: <CAFU7BARvW50BD-9OWp0EQucewV-uY2hp_3mN+oeb1pub_0qcDQ@mail.gmail.com>
To: Harald Alvestrand <harald@alvestrand.no>
Cc: art@ietf.org, draft-ietf-v6ops-dhcp-pd-per-device.all@ietf.org, last-call@ietf.org, v6ops@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/9izmIG8zqEwLrtdDlLku9U4rjdo>
Subject: Re: [Last-Call] Artart last call review of draft-ietf-v6ops-dhcp-pd-per-device-06
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Feb 2024 23:26:23 -0000

Oh dear, I shouldn't have been sending any emails before my first coffee..

On Mon, Feb 19, 2024 at 12:15 AM Jen Linkova <furry13@gmail.com> wrote:
> > The biggest detected problem is with privacy, where the risk of tracking seems
> > to be underplayed, with the recommendation being a weak "client might consider
> > implementing a mechanism similar to RFC 8981". Given that a fixed prefix per
> > client is near certain to be tracked as soon as it's deployed, I think the
> > recommendation should be "SHOULD (MUST?) reallocate prefixes on the same
> > schedule as is deployed for RFC 8981 addresses".
>
> Thank you, I agree we should have documented it in more detail.
> The most important things to remember are:
> - exactly the same problem exists for DHCPv6 IA_NA today.
> - to track the client, the observer needs to know if the device has
> its own prefix or not.
>
> The host behaviour is out of scope, the document intentionally focused
> on recommendations for nework administrators on how to configure the
> network.
> So we have rewritten the Security Considerations (not submitted yet),
> and now it looks like that:

Indeed I meant Privacy Considerations, and the new text will be:

"If an eavesdropper or information collector is aware that a given
client is using the proposed mechanism, then they may be able to track
the client based on its prefix. The privacy implications of this are
equivalent to the privacy implications of networks using stateful
DHCPv6 address assignment: in both cases, the IPv6 addresses are
determined by the server, either because the server assigns a full
128-bit address in a shared prefix, or because the server determines
what prefix is delegated to the client. Administrators deploying the
proposed mechanism can use similar methods to mitigate the impact as
the ones used today in networks that use stateful DHCPv6 address
assignment.

Networks that use the proposed mechanism instead of SLAAC or in
addition to SLAAC, SHOULD minimally:

Ensure that when a client requests a prefix, the prefix is randomly
assigned and not allocated deterministically.
Use short prefix lifetimes, to ensure that when a client disconnects
and reconnects it gets a different prefix.

To provide privacy roughly equivalent to SLAAC with temporary
addresses ([RFC8981]), the network SHOULD allow the client to have two
prefixes at the same time. This allows the client to rotate prefixes
using a mechanism similar to temporary addresses but that operates on
prefixes instead of on individual addresses. The prefix's lifetimes
SHOULD be short enough to allow the client to use a reasonable
rotation interval without using too much address space. For example,
if every 24 hours the the client asks for a new prefix and stops
renewing the old prefix, and the Valid Lifetime of delegated prefixes
is one hour, then the client will consume two prefixes for one hour
out of 24 hours, and thus will on average consume just under 1.05
prefixes.
"

-- 
Cheers, Jen Linkova

v2.23.0 | Report a Bug | By Email