Current Hostname Practice Considered Harmful
RFC 8117

Document Type RFC - Informational (March 2017; No errata)
Last updated 2017-03-10
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication
Document shepherd Wassim Haddad
Shepherd write-up Show (last changed 2016-08-24)
IESG IESG state RFC 8117 (Informational)
Consensus Boilerplate Yes
Telechat date
Responsible AD Suresh Krishnan
Send notices to "Wassim Haddad" <Wassim.Haddad@ericsson.com>, huitema@huitema.net
IANA IANA review state Version Changed - Review Needed
IANA action state No IC
Internet Engineering Task Force (IETF)                        C. Huitema
Request for Comments: 8117                          Private Octopus Inc.
Category: Informational                                        D. Thaler
ISSN: 2070-1721                                                Microsoft
                                                               R. Winter
                                 University of Applied Sciences Augsburg
                                                              March 2017

              Current Hostname Practice Considered Harmful

Abstract

   Giving a hostname to your computer and publishing it as you roam from
   one network to another is the Internet's equivalent of walking around
   with a name tag affixed to your lapel.  This current practice can
   significantly compromise your privacy, and something should change in
   order to mitigate these privacy threats.

   There are several possible remedies, such as fixing a variety of
   protocols or avoiding disclosing a hostname at all.  This document
   describes some of the protocols that reveal hostnames today and
   sketches another possible remedy, which is to replace static
   hostnames by frequently changing randomized values.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Not all documents
   approved by the IESG are a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8117.

Huitema, et al.               Informational                     [Page 1]
RFC 8117                Harmful Hostname Practice             March 2017

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Naming Practices  . . . . . . . . . . . . . . . . . . . . . .   3
   3.  Partial Identifiers . . . . . . . . . . . . . . . . . . . . .   4
   4.  Protocols That Leak Hostnames . . . . . . . . . . . . . . . .   5
     4.1.  DHCP  . . . . . . . . . . . . . . . . . . . . . . . . . .   5
     4.2.  DNS Address to Name Resolution  . . . . . . . . . . . . .   5
     4.3.  Multicast DNS . . . . . . . . . . . . . . . . . . . . . .   6
     4.4.  Link-Local Multicast Name Resolution  . . . . . . . . . .   6
     4.5.  DNS-Based Service Discovery . . . . . . . . . . . . . . .   7
     4.6.  NetBIOS-over-TCP  . . . . . . . . . . . . . . . . . . . .   7
   5.  Randomized Hostnames as a Remedy  . . . . . . . . . . . . . .   8
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .   9
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   9
   8.  Informative References  . . . . . . . . . . . . . . . . . . .   9
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

Huitema, et al.               Informational                     [Page 2]
RFC 8117                Harmful Hostname Practice             March 2017

1.  Introduction

   There is a long established practice of giving names to computers.
   In the Internet protocols, these names are referred to as "hostnames"
   [RFC7719].  Hostnames are normally used in conjunction with a domain
   name suffix to build the Fully Qualified Domain Name (FQDN) of a host
   [RFC1983].  However, it is common practice to use the hostname
   without further qualification in a variety of applications from file
   sharing to network management.  Hostnames are typically published as
   part of domain names and can be obtained through a variety of name
   lookup and discovery protocols.

   Hostnames have to be unique within the domain in which they are
Show full document text