Skip to main content

Last Call Review of draft-ietf-dhc-dhcp-privacy-03
review-ietf-dhc-dhcp-privacy-03-secdir-lc-hanna-2016-01-28-00

Request Review of draft-ietf-dhc-dhcp-privacy
Requested revision No specific revision (document currently at 05)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2016-02-04
Requested 2016-01-21
Authors Suresh Krishnan , Tomek Mrugalski , Sheng Jiang
Draft last updated 2016-01-28
Completed reviews Genart Last Call review of -03 by Peter E. Yee (diff)
Secdir Last Call review of -03 by Steve Hanna (diff)
Assignment Reviewer Steve Hanna
State Completed
Review review-ietf-dhc-dhcp-privacy-03-secdir-lc-hanna-2016-01-28
Reviewed revision 03 (document currently at 05)
Result Has Issues
Completed 2016-01-28
review-ietf-dhc-dhcp-privacy-03-secdir-lc-hanna-2016-01-28-00

I reviewed this document as part of the Security Directorate's ongoing effort
to review all IETF documents being processed by the IESG.  These comments were
written primarily for the benefit of the Security Area Directors.  Document
 authors, document editors, and WG chairs should treat these comments just like
 any other IETF Last Call comments.



Summary: Ready with issues



I applaud the creation of this document. In today’s environment, having a
privacy analysis of DHCPv4 is quite valuable.



I am not a DHCP expert so I can’t comment on any privacy issues that might have
been missed but the document seems to be quite thorough in this respect.



I especially like the way that section 5 describes briefly how the privacy
vulnerabilities listed in section 4 could be exploited. The attack methods
listed here should motivate administrators and implementers to consider
plugging them
 and even help folks convince their management that these issues should be
 addressed.



My only concern is that the Security Considerations section is not complete.



I would recommend adding a few more sentences to the Security Considerations
section to point out that privacy flaws can substantially ease security
attacks. For example, a targeted attack can use information leaked through
DHCPv4 to
 determine the IP address of the targeted user or device. Then device type
 discovery or operating system discovery to identify the device type and OS
 version, enabling attacks tailored to known vulnerabilities of this device
 type and OS.



Further, the last sentence in the Security Considerations section would benefit
from becoming a separate paragraph with a bit more elaboration. What are the
security implications of client privacy and perhaps anonymity? Does this mean
 that client privacy has a downside? Or would clever attackers avoid disclosing
 anything about their identity through DHCP and only innocent users be the
 likely victims of DHCPv4 privacy problems?



Thanks,



Steve