>>>>> Marc Linsner <mlinsner@cisco.com> writes:
>>>>> hannes.tschofenig@nsn.com writes:
>>> Unfortunately, the security consideration section does not mention
>>> this aspect with a single word. Hence, I suggest to add:
>>> "
>>> Since there is no confidentiality protection for DHCP messages,
>>> an eavesdropper who can monitor the link between the DHCP server
>>> and requesting client can discover this LCI. In cases where
>>> multiple hosts share the same link and can therefore see each
>>> others DHCP messages the DHCP MUST NOT hand out location for
>>> individual hosts but MUST rather provide location of the DHCP
>>> relay, DHCP server, or a similar device instead. This ensures
>>> that none of the end devices are able to learn exact information
>>> of the other hosts on the same network.
>>> "
>> Not true, currently in the security consideration section of the
>> draft:
>> " Since there is no privacy protection for DHCP messages, an
>> eavesdropper who can monitor the link between the DHCP server and
>> requesting client can discover this LCI."
> But the conclusion is missing: if you are on a shared link then
> you must not share location at the level of the individual
> hosts. I fear that those who implement and deploy would not get
> the point and would nevertheless reveal information and put the
> user at risk.
Somehow, I feel that this is a valid concern. However, as there
may be "whole network is trusted" scenarios (although unlikely),
I'd suggest "SHOULD NOT" instead of "MUST NOT".
--
FSF associate member #7257
