Re: [homenet] [Int-area] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
Brian Dickson <brian.peter.dickson@gmail.com> Tue, 29 September 2020 17:59 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEC2E3A0F9C; Tue, 29 Sep 2020 10:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u23KVAgoZhOO; Tue, 29 Sep 2020 10:59:49 -0700 (PDT)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 430203A0F9B; Tue, 29 Sep 2020 10:59:49 -0700 (PDT)
Received: by mail-ua1-x929.google.com with SMTP id n26so3753318uao.8; Tue, 29 Sep 2020 10:59:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dXWPNpKEmQY5sAoMAFFOSYKHR7HpmglxXC+borVUaV4=; b=gyBiG2VgMLnQQXWaFENq/mnCgQDX3pAEiMVs9ugsnqoMqaQfU1+yDuDkUp9eV+rRQm UFTbB1Sa8mwK2QGIxBWOWBse6TtUlVe5eqC2/jspGB7CzEtgl71FRHuNALoqoHFttd9R PbCG95YxGnb9VpEdqXIPQprRfDFo6wWQ4TEDj4NM4CLwIH7adV3Rqknj94oiE8aX7zPI P31q/rKmz2jBCpNrFHEqyiyWWF/9AXtTPsb2g1ThbWds2tuGxzV2q0t9zweHnmMy8F30 qdquJe4tCpW31ynh/lNXjAimMzysGhhJjErbDwmVJSwuMIRHJ4D90IkwtANri1mvNJZa JqJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dXWPNpKEmQY5sAoMAFFOSYKHR7HpmglxXC+borVUaV4=; b=Ht9XjLBFrjVdjZZkNskh+OUkQHNycy6XtvWpO7AoVm8QErNHtmkIHDNY/hN1kVt1h7 BwTrHVcwQZ3aR1k5+SMKDCgWz4ZnD3X0DQcllbzv5grLhUQnfLoRbofYz3eZM2VM98FC 2UmiBTKgcvSEIBIvQfT6LA/TIq0gPZIGXtyGZTUs2Zr9RD4JjQ8ITmaNNEyVGPn8hOD4 yT6hOgQK4coSEHwad5S7MmI4e/xJKdYIOOUnmcuiTjLBdQ0h2uf1aM6hYOSV6HtXK84r QOMQqNahPAuvudW9AJTNGx2frk4w8u7ZLJOkb6QKRKCxepVnvOgBzZJzwgwBG9DqNnFU +jHQ==
X-Gm-Message-State: AOAM5302qDZLHfT0bvpPAiLgNHEgeZwGY3N/g4HeiaGd71SBUNnh3DXz BPPB5JfvzDHyrhmNgHNRFJJOeft0CRQQJ/1uMKs=
X-Google-Smtp-Source: ABdhPJzZDbcfeFislL+DOV8TuiuSaW0hjTkfQPK4osv17+wIbn91t1GPtdgKfEBmQNO452/gU9PLz2SJZowHS4LgmTw=
X-Received: by 2002:ab0:b18:: with SMTP id b24mr4993455uak.75.1601402388141; Tue, 29 Sep 2020 10:59:48 -0700 (PDT)
MIME-Version: 1.0
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <af0451b1-8eae-4714-849f-d6e384dda075@huitema.net> <19117.1601400596@localhost>
In-Reply-To: <19117.1601400596@localhost>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Tue, 29 Sep 2020 10:59:37 -0700
Message-ID: <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com>
To: Michael Richardson <mcr@sandelman.ca>
Cc: Christian Huitema <huitema@huitema.net>, Martin Thomson <mt@lowentropy.net>, "Lee, Yiu" <Yiu_Lee@comcast.com>, "captive-portals@ietf.org" <captive-portals@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000007cdb4c05b0778c60"
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/a-aGrUc3MAAWxFLSQHz19yeU9q4>
Subject: Re: [homenet] [Int-area] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2020 17:59:51 -0000
On Tue, Sep 29, 2020 at 10:30 AM Michael Richardson <mcr@sandelman.ca> wrote: > Christian Huitema <huitema@huitema.net> wrote: > > Martin is making an important point here. There are a number of > privacy > > enhancing technologies deployed at different layers: MAC address > > randomization at L2, Privacy addresses at L3, various forms of > > encryption and compartments at L4 and above. Each of these > technologies > > is useful by itself, but they can easily be defeated by deployment > > mistakes. For example: > > You are spot on. > But, even your four points muddle things. > > We need some diagrams that we can all agree upon, and we need to name the > different observers. > > Each thing defends against different kinds of observers, and not all > observers can see all things. > Some observers may collaborate (I invoke, the WWII French resistance > emotion > for this term...) > Some observers may have strong reasons not to. > > > 1) Using the same IP address with different MAC addresses negates a > lot > > of the benefits of randomized MAC addresses, > > This assumes that a single observer can observe both at the same time. > WEP++ leaves MAC addresses visible, but encrypts the rest of L3 content. > Any host/interface that uses ARP (not sure whether any flavor of WiFi does, or if so which flavors), exposes the L3/L2 mapping. So, wired IPv4 for certain (except in very locked-down enterprise settings with static MAC addresses, perhaps) leaks this information to every host on the same broadcast domain (same subnet and possibly additional subnets on the same LAN/VLAN). ARP L2 broadcasts solicit information about IP addresses, and at a minimum each such query exposes its own MAC and IP address. Responses may be unicast or broadcast, not sure which. An active compromised host can easily solicit that information by iterating over all the IP addresses on the subnet and performing an ARP for each one. Brian
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Stephen Farrell
- Re: [homenet] [Captive-portals] [Int-area] Evalua… Peter Yee
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Lee, Yiu
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Stephen Farrell
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Lee, Yiu
- Re: [homenet] [Int-area] Evaluate impact of MAC a… David R. Oran
- Re: [homenet] [EXTERNAL] Re: [Int-area] Evaluate … Lee, Yiu
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Bob Hinden
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Brian Dickson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Stephen Farrell
- Re: [homenet] [Captive-portals] [EXTERNAL] Re: [I… Martin Thomson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Captive-portals] [EXTERNAL] Re: [I… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Ralf Weber
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Pascal Thubert (pthubert)
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Captive-portals] [Int-area] Evalua… Michael Richardson
- Re: [homenet] [Int-area] [Captive-portals] Evalua… Derek Fawcus
- Re: [homenet] [Int-area] [Captive-portals] Evalua… Malay Vadher
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Christian Huitema
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Michael Richardson
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Brian Dickson
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Michael Richardson
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Stephen Farrell
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Christian Huitema
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Peter Yee
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Michael Richardson
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Juan Carlos Zuniga
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Stephen Farrell
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Weil, Jason
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Rolf Winter
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Philip Homburg
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Michael Richardson
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Stephen Farrell
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Carsten Bormann
- Re: [homenet] [Int-area] [Captive-portals] Re: Ev… Livingood, Jason