Re: [Int-area] [homenet] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 30 September 2020 17:16 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59C0B3A0CBB; Wed, 30 Sep 2020 10:16:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMOCUJ2hlKIv; Wed, 30 Sep 2020 10:16:40 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 603003A0C1D; Wed, 30 Sep 2020 10:16:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id F27A9389EA; Wed, 30 Sep 2020 13:21:35 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id n4Bn8OgiqppP; Wed, 30 Sep 2020 13:21:31 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4E166389E9; Wed, 30 Sep 2020 13:21:31 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 133161D5; Wed, 30 Sep 2020 13:16:34 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "int-area@ietf.org" <int-area@ietf.org>, "homenet@ietf.org" <homenet@ietf.org>, "captive-portals@ietf.org" <captive-portals@ietf.org>
In-Reply-To: <a7dcba9b-f74f-0672-76bf-43281e1bc6d5@cs.tcd.ie>
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <D81695FF-973F-472D-BC0A-9B0F57278B21@comcast.com> <ca575a6b-987e-d998-2713-91e45190f5ea@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <af0451b1-8eae-4714-849f-d6e384dda075@huitema.net> <19117.1601400596@localhost> <CAH1iCip7UBe+FR-Cz+sP6SdS11NUQC9gV_s=99yO0tjcvCcX6A@mail.gmail.com> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <23594.1601409377@localhost> <a7dcba9b-f74f-0672-76bf-43281e1bc6d5@cs.tcd.ie>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Wed, 30 Sep 2020 13:16:34 -0400
Message-ID: <7974.1601486194@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/pE_qvgk6CU38E_Kjy4CF576kWxg>
Subject: Re: [Int-area] [homenet] [Captive-portals] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Sep 2020 17:16:49 -0000
Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: >> >> > On 29/09/2020 19:41, Michael Richardson wrote: >> It will be good if >> we can get a document from the MAC randomization >> proponents (if >> there is such a group), to explain the thread profile. >> I don't >> think it includes active compromised hosts. >> >> > That is a problem yes. I no longer think "compromised host" is the > >> correct term there though. In the case of android, we found google >> play > services regularly calls home linking all these identifiers and >> more > (phone#, sim serial, imei...) [1] for Google's own uses. I'd be >> very >> >> I feel that you have confounded two things, and I don't think it's >> helpful. I won't dispute your observatrions about surveillance >> capitalism, but I feel that you've sensationalized what I thought was >> a pretty specific technical point. Namely: You can't see into the L3 >> layer of WIFI, even when there are ARP broadcasts, unless your are >> also part of that L2 network. > I disagree about sensationalising, obviously;-) > The point is that we tended to think of a compromised host as one that > had been subject to a successful attack often run by an unknown > party. For mobile phones, the privacy adversary seems more often to be > an entity that the phone user has accepted one way or another, whether > that be the OS or handset vendor or whoever wrote that cute spirit- > level app. My take home from your work is that MAC address randomization is a useless waste of time. It causes significant costs to the network operator(s) without actually providing any benefit to the mobile phone owner, because the adversary is inside the device, invited in by the owner. In such a situation, MAC randomization feels like security theatre to me. [I'm reminded of various systems of magic in fiction, where you are safe as long as you don't unwittingly invite the bad guys in] You have defined the security perimeter as being from "top" of the phone. (Between the screen and the human) I have defined the security perimeter as being the "bottom" of the phone (between the phone and the Internet). I think that we can do more here, and I think that the cost to the operator (moving from unencrypted, MAC-address excepted networks, to encrypted 802.1X authenticated networks with provisioned identities) with some correspondant benefits to the operator as well as the end user. > PS: to be clear - the above's not really anti-google - we've seen > similar looking traffic from handset vendors' pre-installed s/w too. Agreed. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) Sandelman Software Works Inc, Ottawa and Worldwide
- [Int-area] Evaluate impact of MAC address randomi… Lee, Yiu
- Re: [Int-area] Evaluate impact of MAC address ran… Andy Smith
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] [EXTERNAL] Re: Evaluate impact of … Lee, Yiu
- Re: [Int-area] [Captive-portals] Evaluate impact … Peter Yee
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] Evaluate impact of MAC address ran… Lee, Yiu
- Re: [Int-area] [homenet] Evaluate impact of MAC a… David R. Oran
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Lee, Yiu
- Re: [Int-area] [EXTERNAL] Re: [homenet] Evaluate … Lee, Yiu
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Bob Hinden
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Brian Dickson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] [Captive-portals] [EXTERNAL] Re: [… Martin Thomson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Ralf Weber
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Pascal Thubert (pthubert)
- Re: [Int-area] Evaluate impact of MAC address ran… Stewart Bryant
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [Captive-portals] [homenet] Evalua… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Eric Vyncke (evyncke)
- Re: [Int-area] Evaluate impact of MAC address ran… Joseph Touch
- Re: [Int-area] Evaluate impact of MAC address ran… Stewart Bryant
- Re: [Int-area] Evaluate impact of MAC address ran… Alan DeKok
- Re: [Int-area] Evaluate impact of MAC address ran… tom petch
- Re: [Int-area] [Captive-portals] Evaluate impact … Derek Fawcus
- Re: [Int-area] [Captive-portals] [homenet] Evalua… Malay Vadher
- Re: [Int-area] [Captive-portals] [EXTERNAL] Re: [… Christian Huitema
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Brian Dickson
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Christian Huitema
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Peter Yee
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Juan Carlos Zuniga
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Weil, Jason
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Rolf Winter
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Carsten Bormann
- Re: [Int-area] Evaluate impact of MAC address ran… Andrew G. Malis
- Re: [Int-area] [EXTERNAL] Re: Evaluate impact of … Lee, Yiu
- Re: [Int-area] [Captive-portals] [homenet] Re: Ev… Livingood, Jason