< draft-jabley-dnsext-eui48-eui64-rrtypes-05.txt   draft-jabley-dnsext-eui48-eui64-rrtypes-07.txt >
Network Working Group J. Abley Network Working Group J. Abley
Internet-Draft TekSavvy Solutions, Inc. Internet-Draft TekSavvy Solutions, Inc.
Intended status: Informational June 12, 2013 Intended status: Informational August 15, 2013
Expires: December 14, 2013 Expires: February 16, 2014
Resource Records for EUI-48 and EUI-64 Addresses in the DNS Resource Records for EUI-48 and EUI-64 Addresses in the DNS
draft-jabley-dnsext-eui48-eui64-rrtypes-05 draft-jabley-dnsext-eui48-eui64-rrtypes-07
Abstract Abstract
48-bit Extended Unique Identifiers (EUI-48) and 64-bit Extended 48-bit Extended Unique Identifiers (EUI-48) and 64-bit Extended
Unique Identifiers (EUI-64) are address formats specified by the IEEE Unique Identifiers (EUI-64) are address formats specified by the IEEE
for use in various layer-2 networks, e.g. Ethernet. for use in various layer-2 networks, e.g. Ethernet.
This document describes two new DNS resource record types, EUI48 and This document describes two new DNS resource record types, EUI48 and
EUI64, for encoding Ethernet addresses in the DNS. EUI64, for encoding Ethernet addresses in the DNS.
This document describes potentially severe privacy implications This document describes potentially severe privacy implications
resulting from indiscriminate publication of link-layer addresses in resulting from indiscriminate publication of link-layer addresses in
the DNS. This document recommends that EUI-48 or EUI-64 addresses the DNS. EUI-48 or EUI-64 addresses SHOULD NOT be published in the
SHOULD NOT be published in the public DNS. This document specifies public DNS. This document specifies an interoperable encoding of
an interoperable encoding of these address types for use in private these address types for use in private DNS namespaces, where the
DNS namespaces, where the privacy concerns can be constrained and privacy concerns can be constrained and mitigated.
mitigated.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 14, 2013. This Internet-Draft will expire on February 16, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 35 skipping to change at page 2, line 33
4.2. EUI64 RR Presentation Format . . . . . . . . . . . . . . . 6 4.2. EUI64 RR Presentation Format . . . . . . . . . . . . . . . 6
4.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . 6 4.3. Example . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Example Use-Case: IP Address Tracking in DOCSIS Networks . . . 7 5. Example Use-Case: IP Address Tracking in DOCSIS Networks . . . 7
6. DNS Protocol Considerations . . . . . . . . . . . . . . . . . 8 6. DNS Protocol Considerations . . . . . . . . . . . . . . . . . 8
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
8. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. Security Considerations . . . . . . . . . . . . . . . . . . . 10
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 11
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12
10.1. Normative References . . . . . . . . . . . . . . . . . . . 12 10.1. Normative References . . . . . . . . . . . . . . . . . . . 12
10.2. Informative References . . . . . . . . . . . . . . . . . . 12 10.2. Informative References . . . . . . . . . . . . . . . . . . 12
10.3. Informative References . . . . . . . . . . . . . . . . . . 12
Appendix A. Editorial Notes . . . . . . . . . . . . . . . . . . . 13 Appendix A. Editorial Notes . . . . . . . . . . . . . . . . . . . 13
A.1. RRType Parameter Allocation Template . . . . . . . . . . . 13 A.1. RRType Parameter Allocation Template . . . . . . . . . . . 13
A.2. Change History . . . . . . . . . . . . . . . . . . . . . . 14 A.2. Change History . . . . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
The Domain Name System (DNS) is described in [RFC1034] and [RFC1035]. The Domain Name System (DNS) is described in [RFC1034] and [RFC1035].
This base specification defines many Resource Record Types (RRTypes), This base specification defines many Resource Record Types (RRTypes),
and subsequent specifications have defined others. Each defined and subsequent specifications have defined others. Each defined
RRType provides a means of encoding particular data in the DNS. RRType provides a means of encoding particular data in the DNS.
48-bit Extended Unique Identifiers (EUI-48) [EUI48] and 64-bit 48-bit Extended Unique Identifiers (EUI-48) [EUI48] and 64-bit
Extended Unique Identifiers (EUI-64) [EUI64] are address formats Extended Unique Identifiers (EUI-64) [EUI64] are address formats
skipping to change at page 10, line 8 skipping to change at page 10, line 8
| Type | Value | Meaning | Reference | | Type | Value | Meaning | Reference |
+-------+-------+-------------------+---------------+ +-------+-------+-------------------+---------------+
| EUI48 | 108 | an EUI-48 address | this document | | EUI48 | 108 | an EUI-48 address | this document |
| | | | | | | | | |
| EUI64 | 109 | an EUI-64 address | this document | | EUI64 | 109 | an EUI-64 address | this document |
+-------+-------+-------------------+---------------+ +-------+-------+-------------------+---------------+
8. Security Considerations 8. Security Considerations
There are privacy concerns with the publication of link-layer There are privacy concerns with the publication of link-layer
addresses in the DNS. EUI-48 and EUI-64 addresses with the Global addresses in the DNS. EUI-48 and EUI-64 addresses with the Local/
bit zero [RFC5342] are intended to represent unique identifiers for Global bit zero [RFC5342] (referred to in [RFC4291] as the universal/
network connected equipment (notwithstanding many observed cases of local bit) are intended to represent unique identifiers for network
connected equipment, notwithstanding many observed cases of
duplication due to manufacturing errors, unauthorised use of OUIs, duplication due to manufacturing errors, unauthorised use of OUIs,
and address spoofing through configuration of network interfaces). and address spoofing through configuration of network interfaces.
Publication of EUI-48 or EUI-64 addresses in the DNS may result in Publication of EUI-48 or EUI-64 addresses in the DNS may result in
privacy issues in the form of unique trackable identities. privacy issues in the form of unique trackable identities that in
some cases may be permanent.
For example, although IP addresses and DNS names for network devices For example, although IP addresses and DNS names for network devices
typically change over time, EUI-48 and EUI-64 addresses configured on typically change over time, EUI-48 and EUI-64 addresses configured on
the same devices are normally far more stable (in many cases, the same devices are normally far more stable (in many cases,
effectively invariant). Publication of EUI-48 addresses associated effectively invariant). Publication of EUI-48 addresses associated
with user devices in a way that could be mapped to assigned IP with user devices in a way that could be mapped to assigned IP
addresses would allow the behaviour of those users to be tracked by addresses would allow the behaviour of those users to be tracked by
third parties, regardless of where and how the user's device is third parties, regardless of where and how the user's device is
connected to the Internet. This might well result in a loss of connected to the Internet. This might well result in a loss of
privacy for the user. privacy for the user.
The publication of EUI-48 or EUI-64 addresses associated with
deployed equipment, using the mechanism described in this document or
any other mechanism, has the potential to facilitate MAC cloning --
that is, facilitate link-layer attacks against deployed devices, e.g.
to disrupt service or intercept data.
These concerns can be mitigated by restricting access to DNS zones These concerns can be mitigated by restricting access to DNS zones
containing EUI48 or EUI64 RRs to specific, authorised clients and by containing EUI48 or EUI64 RRs to specific, authorised clients and by
provisioning them in DNS zones that exist in private namespaces only. provisioning them in DNS zones that exist in private namespaces only.
This document recommends that EUI-48 or EUI-64 addresses SHOULD NOT This document recommends that EUI-48 or EUI-64 addresses SHOULD NOT
be published in the public DNS. be published in the public DNS.
9. Acknowledgements 9. Acknowledgements
The author acknowledges the contributions of Olafur Gudmundsson, Mark The author acknowledges the contributions of Olafur Gudmundsson, Mark
skipping to change at page 13, line 5 skipping to change at page 12, line 35
for IEEE 802 Parameters", BCP 141, RFC 5342, for IEEE 802 Parameters", BCP 141, RFC 5342,
September 2008. September 2008.
10.2. Informative References 10.2. Informative References
[NTRE038D] [NTRE038D]
CRTC Interconnection Steering Committee Network Working CRTC Interconnection Steering Committee Network Working
Group, "Implementation of IP Address Tracking in DOCSIS Group, "Implementation of IP Address Tracking in DOCSIS
Networks (TIF18)", October 2006. Networks (TIF18)", October 2006.
10.3. Informative References
[RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing
Architecture", RFC 4291, February 2006.
Appendix A. Editorial Notes Appendix A. Editorial Notes
This section (and sub-sections) to be removed prior to publication. This section (and sub-sections) to be removed prior to publication.
A.1. RRType Parameter Allocation Template A.1. RRType Parameter Allocation Template
DNS RRTYPE PARAMETER ALLOCATION TEMPLATE DNS RRTYPE PARAMETER ALLOCATION TEMPLATE
A. Submission Date: 2013-03-18 A. Submission Date: 2013-03-18
skipping to change at page 15, line 5 skipping to change at page 15, line 5
04 Incorporated suggestions from John Klensin. Intended status 04 Incorporated suggestions from John Klensin. Intended status
changed to informational from standards track. Moved examples to changed to informational from standards track. Moved examples to
a more sensible place. a more sensible place.
05 Add emphasis that the publication of link-layer addresses in the 05 Add emphasis that the publication of link-layer addresses in the
DNS has potentially severe privacy implications, and is not DNS has potentially severe privacy implications, and is not
recommended by this document. Recommend that publication of link- recommended by this document. Recommend that publication of link-
layer addresses in the public DNS should not happen at all. layer addresses in the public DNS should not happen at all.
Various wordsmithing for the purposes of clarity. Various wordsmithing for the purposes of clarity.
06 Add text regarding MAC cloning in the Security Considerations
section. Make text that mentions the "Global bit" more consistent
with [RFC5342] and [RFC4291].
07 Make the "SHOULD NOT publish in the public DNS" recommendation
stronger.
Author's Address Author's Address
Joe Abley Joe Abley
TekSavvy Solutions, Inc. TekSavvy Solutions, Inc.
470 Moore Street 470 Moore Street
London, ON N6C 2C2 London, ON N6C 2C2
Canada Canada
Phone: +1 519 670 9327 Phone: +1 519 670 9327
Email: jabley@teksavvy.ca Email: jabley@teksavvy.ca
 End of changes. 12 change blocks. 
15 lines changed or deleted 35 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/