Last Call Review of draft-ietf-dhc-dhcp-privacy-03

Request Review of draft-ietf-dhc-dhcp-privacy
Requested rev. no specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-02-04
Requested 2016-01-21
Authors Suresh Krishnan, Tomek Mrugalski, Sheng Jiang
Draft last updated 2016-01-28
Completed reviews Genart Last Call review of -03 by Peter Yee (diff)
Secdir Last Call review of -03 by Steve Hanna (diff)
Assignment Reviewer Steve Hanna
State Completed
Review review-ietf-dhc-dhcp-privacy-03-secdir-lc-hanna-2016-01-28
Reviewed rev. 03 (document currently at 05)
Review result Has Issues
Review completed: 2016-01-28


I reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the Security Area Directors.  Document
 authors, document editors, and WG chairs should treat these comments just like any other IETF Last Call comments.


Summary: Ready with issues


I applaud the creation of this document. In today’s environment, having a privacy analysis of DHCPv4 is quite valuable.


I am not a DHCP expert so I can’t comment on any privacy issues that might have been missed but the document seems to be quite thorough in this respect.


I especially like the way that section 5 describes briefly how the privacy vulnerabilities listed in section 4 could be exploited. The attack methods listed here should motivate administrators and implementers to consider plugging them
 and even help folks convince their management that these issues should be addressed.


My only concern is that the Security Considerations section is not complete.


I would recommend adding a few more sentences to the Security Considerations section to point out that privacy flaws can substantially ease security attacks. For example, a targeted attack can use information leaked through DHCPv4 to
 determine the IP address of the targeted user or device. Then device type discovery or operating system discovery to identify the device type and OS version, enabling attacks tailored to known vulnerabilities of this device type and OS.


Further, the last sentence in the Security Considerations section would benefit from becoming a separate paragraph with a bit more elaboration. What are the security implications of client privacy and perhaps anonymity? Does this mean
 that client privacy has a downside? Or would clever attackers avoid disclosing anything about their identity through DHCP and only innocent users be the likely victims of DHCPv4 privacy problems?