IETF Logo Mail Archive

Re: [homenet] [Captive-portals] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications

Michael Richardson <mcr@sandelman.ca> Tue, 29 September 2020 19:56 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E96F3A1129; Tue, 29 Sep 2020 12:56:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDkzW221cao4; Tue, 29 Sep 2020 12:56:19 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 150BD3A1123; Tue, 29 Sep 2020 12:56:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id CE992389D5; Tue, 29 Sep 2020 16:01:11 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GszqmttehTZk; Tue, 29 Sep 2020 16:01:11 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4D5C4389D4; Tue, 29 Sep 2020 16:01:11 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 67A9150C; Tue, 29 Sep 2020 15:56:17 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
cc: Brian Dickson <brian.peter.dickson@gmail.com>, "captive-portals@ietf.org" <captive-portals@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
In-Reply-To: <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie>
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <af0451b1-8eae-4714-849f-d6e384dda075@huitema.net> <19117.1601400596@localhost> <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 29 Sep 2020 15:56:17 -0400
Message-ID: <23594.1601409377@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/DMmB1vXdbVe1Lt_GxM9q2vLneQg>
Subject: Re: [homenet] [Captive-portals] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 19:56:21 -0000

Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:

    > On 29/09/2020 19:41, Michael Richardson wrote:
    >> It will be good if we can get a document from the MAC randomization
    >> proponents (if there is such a group), to explain the thread profile.
    >> I don't think it includes active compromised hosts.

    > That is a problem yes. I no longer think "compromised host" is the
    > correct term there though. In the case of android, we found google play
    > services regularly calls home linking all these identifiers and more
    > (phone#, sim serial, imei...) [1] for Google's own uses. I'd be very

I feel that you have confounded two things, and I don't think it's helpful.
I won't dispute your observatrions about surveillance capitalism, but I feel
that you've sensationalized what I thought was a pretty specific technical
point. Namely:
    You can't see into the L3 layer of WIFI, even when there are
    ARP broadcasts, unless your are also part of that L2 network.

I'm sure that Google Play calls home and tells Google all the your
L2/L3/IMEI/etc.  I don't doubt it.

I don't see how this relates to a local passive eavesdropping observing the
L2 frames with the encrypted L3.  One not involved with the operation
of the wifi, nor connected to that link.

Unless you are saying that Google Play operates as active eavesdropper on all
the networks on which it is connected?  I.e. it sends the L2/L3 mappings for
all devices on that network?

    > More on-topic, I do think MAC address randomisation has a role to play
    > for WiFi as it does for BLE, but yes there is a lack of guidance as to
    > how to implement and deploy such techniques well. It's a bit tricky
    > though as it's fairly OS dependent so maybe not really in scope for the
    > IETF?

The IEEE has a spec on how to do MAC address ramdomization.
It says nothing about how to automatically update the accept-list rules
created by RFC8520, or RFC8908/RFC8910 (CAPPORT).  Or EAP-FOO.

    > (For the last 3 years I've set a possible student project in
    > this space, but each time a student has considered it, it turned out
    > "too hard";-)

:-(

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

v2.23.0 | Report a Bug | By Email