draft-ietf-dhc-dhcp-privacy-02.txt   draft-ietf-dhc-dhcp-privacy-03.txt 
dhc S. Jiang dhc S. Jiang
Internet-Draft Huawei Technologies Co., Ltd Internet-Draft Huawei Technologies Co., Ltd
Intended status: Informational S. Krishnan Intended status: Informational S. Krishnan
Expires: July 2, 2016 Ericsson Expires: July 21, 2016 Ericsson
T. Mrugalski T. Mrugalski
ISC ISC
December 30, 2015 January 18, 2016
Privacy considerations for DHCPv4 Privacy considerations for DHCPv4
draft-ietf-dhc-dhcp-privacy-02 draft-ietf-dhc-dhcp-privacy-03
Abstract Abstract
DHCP is a protocol that is used to provide addressing and DHCP is a protocol that is used to provide addressing and
configuration information to IPv4 hosts. This document discusses the configuration information to IPv4 hosts. This document discusses the
various identifiers used by DHCP and the potential privacy issues. various identifiers used by DHCP and the potential privacy issues.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 35 skipping to change at page 1, line 35
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 2, 2016. This Internet-Draft will expire on July 21, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2016 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 3, line 50 skipping to change at page 3, line 50
its client-id stored in stable storage while other may its client-id stored in stable storage while other may
generate it on the fly and use a different one after each generate it on the fly and use a different one after each
boot. Stable identifier may or may not be globally unique. boot. Stable identifier may or may not be globally unique.
3. DHCP Options Carrying Identifiers 3. DHCP Options Carrying Identifiers
In DHCP, there are a few options which contain identification In DHCP, there are a few options which contain identification
information or can be used to extract the identification information information or can be used to extract the identification information
about the client. This section enumerates various options and about the client. This section enumerates various options and
identifiers conveyed in them, which can be used to disclose client identifiers conveyed in them, which can be used to disclose client
identification. identification. They are targets of various attacks that would be
analyzed in Section 5.
3.1. Client Identifier Option 3.1. Client Identifier Option
The Client Identifier Option [RFC2131] is used to pass an explicit The Client Identifier Option [RFC2131] is used to pass an explicit
client identifier to a DHCP server. client identifier to a DHCP server.
The client identifier is an opaque key, which must be unique to that The client identifier is an opaque key, which must be unique to that
client within the subnet to which the client is attached. It client within the subnet to which the client is attached. It
typically remains stable after it has been initially generated. It typically remains stable after it has been initially generated. It
may contain a hardware address, identical to the contents of the may contain a hardware address, identical to the contents of the
skipping to change at page 4, line 41 skipping to change at page 4, line 41
enables link-layer address randomization, it is likely that it was enables link-layer address randomization, it is likely that it was
disabled during the first device boot. Hence the original, disabled during the first device boot. Hence the original,
unobfuscated link-layer address will likely end up being announced as unobfuscated link-layer address will likely end up being announced as
client identifier, even if the link- layer address has changed (or client identifier, even if the link- layer address has changed (or
even if being changed on a periodic basis). The exposure of the even if being changed on a periodic basis). The exposure of the
original link-layer address in the client identifier will also original link-layer address in the client identifier will also
undermine other privacy extensions such as [RFC4941]. undermine other privacy extensions such as [RFC4941].
3.2. Address Fields & Options 3.2. Address Fields & Options
The 'yiaddr' field [RFC2131] in DHCP message is used to allocate The 'yiaddr' field [RFC2131] in DHCP message is used to convey
address from the server to the client. allocated address from the server to the client.
The DHCPv4 specification [RFC2131] provides a way to specify the The DHCPv4 specification [RFC2131] provides a way to specify the
client link-layer address in the DHCPv4 message header. A DHCPv4 client link-layer address in the DHCPv4 message header. A DHCPv4
message header has 'htype' and 'chaddr' fields to specify the client message header has 'htype' and 'chaddr' fields to specify the client
link-layer address type and the link-layer address, respectively. link-layer address type and the link-layer address, respectively.
The 'chaddr' field is used both as a hardware address for The 'chaddr' field is used both as a hardware address for
transmission of reply messages and as a client identifier. transmission of reply messages and as a client identifier.
The 'requested IP address' option [RFC2131] is used by client to The 'requested IP address' option [RFC2131] is used by client to
suggest that a particular IP address be assigned. suggest that a particular IP address be assigned.
3.3. Client FQDN Option 3.3. Client FQDN Option
The Client Fully Qualified Domain Name (FQDN) option [RFC4702] is The Client Fully Qualified Domain Name (FQDN) option [RFC4702] is
used by DHCP clients and servers to exchange information about the used by DHCP clients and servers to exchange information about the
client's fully qualified domain name and about who has the client's fully qualified domain name and about who has the
responsibility for updating the DNS with the associated AAAA and PTR responsibility for updating the DNS with the associated A and PTR
RRs. RRs.
A client can use this option to convey all or part of its domain name A client can use this option to convey all or part of its domain name
to a DHCP server for the IP-address-to-FQDN mapping. In most case a to a DHCP server for the IP-address-to-FQDN mapping. In most case a
client sends its hostname as a hint for the server. The DHCP server client sends its hostname as a hint for the server. The DHCP server
MAY be configured to modify the supplied name or to substitute a MAY be configured to modify the supplied name or to substitute a
different name. The server should send its notion of the complete different name. The server should send its notion of the complete
FQDN for the client in the Domain Name field. FQDN for the client in the Domain Name field.
3.4. Parameter Request List Option 3.4. Parameter Request List Option
 End of changes. 8 change blocks. 
9 lines changed or deleted 10 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/