ietf
[Top] [All Lists]

Re: [dhcwg] Last Call: <draft-ietf-dhc-anonymity-profile-06.txt> (Anonymity profile for DHCP clients) to Proposed Standard

2016-02-13 01:38:07
 On Fri, Feb 12, 2016 at 11:15 PM, Brian E Carpenter <
brian(_dot_)e(_dot_)carpenter(_at_)gmail(_dot_)com> wrote:

Yes. Also, we can add text explaining that once these problems are better
understood and the IETF agrees on the proper way to handle anonymous
prefix
delegation, clients MAY use the agreed upon solution. Which is kind of
redundant, but if you guys prefer it that way, why not.

To be clear, I don't have a strong opinion on this; it simply seemed like
something the IPv6 community should be aware of before it ends up in an
RFC.
I also noticed this morning that it might impact
draft-ietf-v6ops-host-addr-availability.


+1 to the other comments here.

I see no reason why prefix delegation should be worse for anonymity than
address assignment. In fact, using prefix delegation instead of address
assignments provides benefits for anonymity against off-link attackers,
because delegating a prefix to a client allows that client to use many
different addresses (potentially, even a different address for every remote
host it connects to, or a different address for every new TCP connection).

As Brian says, there are many other reasons why a network would want to
provide a dedicated prefix to the host;
see draft-ietf-v6ops-host-addr-availability .

I would instead say something like:

====
The anonymity properties of DHCPv6 Prefix Delegation, which use IA_PD
identity associations, are similar to those of of DHCPv6 address assignment
using IA_NA identity associations.

Because current host OS implementations do not typically request prefixes,
clients that wish to use DHCPv6 PD - just like clients that wish to use any
DHCP or DHCPv6 option that is not currently widely used - should recognize
that doing so will serve as a form of fingerprinting unless or until client
use of DHCPv6 PD becomes more widespread.
====
<Prev in Thread] Current Thread [Next in Thread>