Re: [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications
Michael Richardson <mcr+ietf@sandelman.ca> Tue, 22 September 2020 20:40 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: homenet@ietfa.amsl.com
Delivered-To: homenet@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8EE3A198A; Tue, 22 Sep 2020 13:40:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HuMVZEHYVuIZ; Tue, 22 Sep 2020 13:40:08 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 995753A1976; Tue, 22 Sep 2020 13:40:07 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 10328389D2; Tue, 22 Sep 2020 16:18:44 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7J4-OSu2JIWg; Tue, 22 Sep 2020 16:18:40 -0400 (EDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:103c:9eff:fecb:2eac]) by tuna.sandelman.ca (Postfix) with ESMTP id C912B3899C; Tue, 22 Sep 2020 16:18:39 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 080A94F5; Tue, 22 Sep 2020 16:40:02 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org
In-Reply-To: <20200922201317.097C3389D4@tuna.sandelman.ca>
References: <20200922201317.097C3389D4@tuna.sandelman.ca>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Tue, 22 Sep 2020 16:40:02 -0400
Message-ID: <15660.1600807202@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/homenet/lxIs009AzHkDO7yHj3HuqsIh0Yo>
Subject: Re: [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications
X-BeenThere: homenet@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Homenet WG mailing list <homenet.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/homenet>, <mailto:homenet-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/homenet/>
List-Post: <mailto:homenet@ietf.org>
List-Help: <mailto:homenet-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/homenet>, <mailto:homenet-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 20:40:10 -0000
Damn. Spelt captive-portal without the s again. Reposting, sorry for duplicates. I hate when WG names and list names do not match, and that we can't have aliases. And I think that reply-to gets filtered. Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/14Skgm84GslPZ9UcGoWY3uzmK6I> To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org From: Michael Richardson <mcr+ietf@sandelman.ca> Date: Tue, 22 Sep 2020 16:34:33 -0400 This thread was started today on the INTAREA WG ML. While I don't object to a BOF, I don't know where it goes. What I see is that much of this problem needs to be resolved through increased use of 802.1X: making WPA-Enterprise easier to use and setup, this changing core identity from MAC Address to IDevID. My understanding is that Apple intends to randomize MAC every 12 hours, even on the same "LAN" (ESSID), and that they will just repeat the WPA authentication afterwards to get back on the network. If the per-device unique policy (including CAPPORT authorization) can be tied to the device better, than the MAC address based "physical" exception can be updated. But, WPA-PSK doesn't work, because it does not, in general, distinguish between different devices. It can be made to work if every device is given a unique PSK, and there are some successful experiments doing exactly that. Mostly it just works, but the challenge is communicating the unique PSK through an unreliable human. BRSKI can certainly do this, and it can leverage that unencrypted ESSID present at most hospitality locations to get onto the encrypted WPA-Enterprise. Or BRSKI-TEEP, or some other BRSKI-EAP method. The unencrypted SSID is not going away at those locations. Thus QR-code based methods are best, yet those do not work for many IoT devices. EMU's EAP-NOOB can help in certain cases, but we, as a community need be clear on what direction we want to go. One answer is that IoT devices have little reason to randomize their MAC if they are not generally ported. On 2020-09-22 3:49 p.m., Lee, Yiu wrote: > Hi team, > > We proposed a BoF. The agenda is in > https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md and the > proposal is in > https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-20200918.md. You > can also find the draft here > https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01. > > At this stage, we are looking for inputs for more use cases and interests > of working together in this domain. Please post your comments in the > mailing list. > > Thanks > -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Stephen Farrell
- Re: [homenet] [Captive-portals] [Int-area] Evalua… Peter Yee
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Lee, Yiu
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Stephen Farrell
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Lee, Yiu
- Re: [homenet] [Int-area] Evaluate impact of MAC a… David R. Oran
- Re: [homenet] [EXTERNAL] Re: [Int-area] Evaluate … Lee, Yiu
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Bob Hinden
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Brian Dickson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Stephen Farrell
- Re: [homenet] [Captive-portals] [EXTERNAL] Re: [I… Martin Thomson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Captive-portals] [EXTERNAL] Re: [I… Michael Richardson
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Ralf Weber
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Pascal Thubert (pthubert)
- Re: [homenet] [Int-area] Evaluate impact of MAC a… Michael Richardson
- Re: [homenet] [Captive-portals] [Int-area] Evalua… Michael Richardson
- Re: [homenet] [Int-area] [Captive-portals] Evalua… Derek Fawcus
- Re: [homenet] [Int-area] [Captive-portals] Evalua… Malay Vadher
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Christian Huitema
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Michael Richardson
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Brian Dickson
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Michael Richardson
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Stephen Farrell
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Christian Huitema
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Peter Yee
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Michael Richardson
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Juan Carlos Zuniga
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Stephen Farrell
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Weil, Jason
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Rolf Winter
- Re: [homenet] [Int-area] [Captive-portals] [EXTER… Philip Homburg
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Michael Richardson
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Stephen Farrell
- Re: [homenet] [Captive-portals] [Int-area] [EXTER… Carsten Bormann
- Re: [homenet] [Int-area] [Captive-portals] Re: Ev… Livingood, Jason