IETF Logo Mail Archive

Re: [Int-area] [Captive-portals] [homenet] Evaluate impact of MAC address randomization to IP applications

Malay Vadher <malay@plume.com> Sun, 27 September 2020 15:41 UTC

Return-Path: <malay@plume.com>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82F853A041C for <int-area@ietfa.amsl.com>; Sun, 27 Sep 2020 08:41:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=plume-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnBB0wOoYR0u for <int-area@ietfa.amsl.com>; Sun, 27 Sep 2020 08:41:41 -0700 (PDT)
Received: from mail-oi1-x236.google.com (mail-oi1-x236.google.com [IPv6:2607:f8b0:4864:20::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72FA33A044A for <int-area@ietf.org>; Sun, 27 Sep 2020 08:41:41 -0700 (PDT)
Received: by mail-oi1-x236.google.com with SMTP id c13so8703886oiy.6 for <int-area@ietf.org>; Sun, 27 Sep 2020 08:41:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=plume-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=SOhUnRrNqRhuBDWnxIhGDLK59/oHuPoD3mnPEetzUlk=; b=uaRaYOQ6DFz0qSkIfiH/Zh7XaBmMKGtqikwDzDHDrbXoJNlyTaoecR6F7EhJipY3iA F5+Ua2unRB5c9K1XwCpO9eZbfCw1DWjo/MjdX4X4j594pxY3656rTmlWSE3yMKDCHrO3 TpAzPN5HpDPee5g02mVg/4rWDt3F58EWVe3PUVKz7VDMsh++BhIk73XEoP+8Tcn+wNsA AbbhQQ7opHTBk7UnylUqnXZAKjYqWk8lMNAkp1inIAFjPERVdFGDvE0wqSVjgIo1cKJU obfjMQFWFX4CLW0YN3L73MwLsCCAh46vd8Fyf8ff7/WUM27s8p3jmHuBmxfo5wKvGNm2 n22Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=SOhUnRrNqRhuBDWnxIhGDLK59/oHuPoD3mnPEetzUlk=; b=Fe0JGARZY49zQ+ED4oFndgHMFjZRSd7t8mQvJCNwiM3XLah82EeJv81WaSMPQP4N7Z NSA9T1ehqfn3+r+muZl3C1MSkpXCbT/Dr/5T1D4Y7uz+yPYQPkJE04lq9S8iqyQtCaX2 rX1xhg+tQDb7QyUAl+ephHHGikLCYeS5qbj68Nq91O36eZD9+AgKxlabBDCWJUHgBObG F0tqVvvsBI7BMsJmBcELnBUMQKRUR3PCZ+8X3AqU5JZ/whS0BimaRVsrz+OolA55O+Rf PO3LZesHCvDDzws5S2wlD6EwFEl9GfvaGRE8Gb8txEMl4HAT42KwSZy2uo6QZVFeF63Y yTBA==
X-Gm-Message-State: AOAM530JuwmjPw4w81zn6dmXF19d0e7TqkWQczCPa7REhD+fhIx7tplO IIb6liB4kbb/R5VmQueIjnJAFzLFbhqzahZJ46NLcA==
X-Google-Smtp-Source: ABdhPJw/4TJLrpsQ00Jjz7/D3OnLawaZXJAi9XtJJmyFfdG3D1w1ITVDlCucowA7SYZCw8LeoEkFU2FgoPe8r54Oe1U=
X-Received: by 2002:aca:1a09:: with SMTP id a9mr3605830oia.164.1601221300502; Sun, 27 Sep 2020 08:41:40 -0700 (PDT)
MIME-Version: 1.0
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <D7720A77-03DF-4F4E-8E08-463DE26C914C@orandom.net> <MN2PR11MB3565925D6B2B8F9B91765355D8380@MN2PR11MB3565.namprd11.prod.outlook.com> <1350.1600865571@localhost>
In-Reply-To: <1350.1600865571@localhost>
From: Malay Vadher <malay@plume.com>
Date: Sun, 27 Sep 2020 08:41:29 -0700
Message-ID: <CANQ88cqAnyA7s1Ov-KJEMPpAgHWHJs-EWq0nEgeYASDh1JiYGg@mail.gmail.com>
To: "homenet@ietf.org" <homenet@ietf.org>, "int-area@ietf.org" <int-area@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d2d51105b04d62f8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/WfI0s0Zp_WNwnrHlKXq9qX5jK_g>
Subject: Re: [Int-area] [Captive-portals] [homenet] Evaluate impact of MAC address randomization to IP applications
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Sep 2020 15:41:44 -0000

Hi Yiu

Plume is supportive of this topic and would like to help with BoF
consensus. We are willing to present a couple of concepts with respect to
current MAC based device-to-user or group association predicaments and
propose non-MAC based expositions to enable policy control on devices while
allowing for MAC randomization.

This topic interests us immensely as while we would like to respect and
promote privacy of the users who could be tracked in public WiFi networks
outside of their home, we believe they would also like to opt-in to
personalize their own and their family member's experience in their home
network. This personalization includes traffic prioritization, content
filtering, cyber security protection and other advanced parental and
digital well being controls. Having this addressed in the IETF environment
and potentially standardizing it would help drive adoption of such features
across the industry. We look forward to working on it together.

Malay Vadher
Plume Design Inc

On Wed, Sep 23, 2020 at 5:53 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Pascal Thubert \(pthubert\) <pthubert=40cisco.com@dmarc.ietf.org> wrote:
>     > Hello Dave and all:
>
>     > So far I have not seen how the MAC randomization deals with:
>
>     > - differentiated environments - the preferred behavior on a highway
> or
>     > at a coffee shop may differ from that at in a corporate or a DC
>     > network. In the corporate network, we can expect something like .1x
> to
>     > undo the privacy, for good reasons. And we can expect state to be
>     > maintained for each IP and each MAC. When a MAC changes, there can be
>     > unwanted state created and remaining in the DHCP server, LISP MSMR,
>     > SAVI switch,  etc... Privacy MAC is only an additional hassle that we
>     > want to minimize.
>
> If we can assume 802.1X using an Enterprise scheme, and using a TLS1.3
> substrate, then if the identity resides in a (Client) TLS Certificate, it
> will not been by a passive attacker.
>
> The MAC address is outside of the WEP encryption, so it is always seen,
> even
> if the traffic is otherwise encrypted.
>
> An EAP-*TLS based upon TLS1.2 would reveal the identity, at least the first
> time.  Perhaps this is a reason to support resumption tokens in EAP-TLS!
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
>            Sandelman Software Works Inc, Ottawa and Worldwide
>
>
>
>
> _______________________________________________
> Int-area mailing list
> Int-area@ietf.org
> https://www.ietf.org/mailman/listinfo/int-area
>

v2.23.0 | Report a Bug | By Email