On Mon, Feb 1, 2016 at 11:24 PM, The IESG <iesg-secretary@xxxxxxxx> wrote:
The IESG has received a request from the Dynamic Host Configuration WG
(dhc) to consider the following document:
- 'Anonymity profile for DHCP clients'
<draft-ietf-dhc-anonymity-profile-06.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@xxxxxxxx mailing lists by 2016-02-15.
Christian et al., thanks for taking on this work. But I think an important point here is missing.
It seems to me that fundamental design of DHCP relies on the client blindly broadcasting information to anyone that happens to be on link, or on the path between relay and server. This information is both explicit - e.g., previous IP addresses assigned, hostnames, etc. - and implicit - e.g., via implementation behaviour and unique combinations of options.
It's true that this profile mitigates the amount of information that can be collected. But in IPv6 we have other configuration methods - such as SLAAC - that broadcast way less information than stateless DHCPv6, which in turn broadcasts less information than stateless DHCPv6.
This document should recognize that at least on IPv6-only networks, it is an option not to use DHCP at all, and that option has substantial privacy benefits that are in many cases above what this profile can provide.