Re: [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications
Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 22 September 2020 20:51 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: int-area@ietfa.amsl.com
Delivered-To: int-area@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4232C3A0770; Tue, 22 Sep 2020 13:51:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJBp39bXFgNV; Tue, 22 Sep 2020 13:51:36 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FCB63A0598; Tue, 22 Sep 2020 13:51:35 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 51A88BE2F; Tue, 22 Sep 2020 21:51:33 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 914v1bXAJkok; Tue, 22 Sep 2020 21:51:30 +0100 (IST)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AD3A2BE2E; Tue, 22 Sep 2020 21:51:30 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1600807890; bh=gTO3buZo+LPzROnNBgE/rfujtN+ALK9TPbsm33v5ovE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=ujKEEZdEDHwgsloXsJw84p8nMZPbvnoNtqp6gD3zmucEMLPCHaJsDPS8DxKXGpwpR wOME16XHomEtj7q0HBOXaeL9vhAyvqn4M4m10Q6nD/oi3E3r6dIxerAyJ2/pdT01VG NOCYeYq7083fMsDCmnaRUVPoliDOkDOyKFm2SXCw=
To: Michael Richardson <mcr+ietf@sandelman.ca>, captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org
References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw==
Message-ID: <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie>
Date: Tue, 22 Sep 2020 21:51:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <15660.1600807202@localhost>
Content-Type: multipart/mixed; boundary="------------409DEF894A3176187E6CD571"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/uWvAB5sLfmRWmudla5O40m4UzRM>
Subject: Re: [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications
X-BeenThere: int-area@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Internet Area Mailing List <int-area.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/int-area>, <mailto:int-area-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/int-area/>
List-Post: <mailto:int-area@ietf.org>
List-Help: <mailto:int-area-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/int-area>, <mailto:int-area-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2020 20:51:38 -0000
That agenda and draft seem to make the seemingly common enough mistake of only focusing on what a new privacy or security mechanism breaks and glossing over the good reasons why people introduce these mechanisms. I hope the BoF proponents fix that because otherwise they may end up giving the impression that they would prefer to not see the privacy benefits (which I'd guess is not their goal at all). One reason those good reasons need to be included is that they constrain the kinds of additions that might make sense to better handle the new mechanism. We've seen a number of these kinds of reactions and I figure it'd really be better if the reaction were not to appear purely reactionary;-) If that were fixed, then there may be a better discussion of what, if any, additional things need doing. If that is not fixed, I'd not be surprised if the putative BoF were to devolve into a "it's bad" vs. "no, it's good" bun fight that won't really take us further. Cheers, S. On 22/09/2020 21:40, Michael Richardson wrote: > > Damn. Spelt captive-portal without the s again. Reposting, sorry for duplicates. > I hate when WG names and list names do not match, and that we can't have aliases. > And I think that reply-to gets filtered. > > Archived-At: <https://mailarchive.ietf.org/arch/msg/int-area/14Skgm84GslPZ9UcGoWY3uzmK6I> > To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org > From: Michael Richardson <mcr+ietf@sandelman.ca> > Date: Tue, 22 Sep 2020 16:34:33 -0400 > > This thread was started today on the INTAREA WG ML. > > While I don't object to a BOF, I don't know where it goes. > What I see is that much of this problem needs to be resolved through > increased use of 802.1X: making WPA-Enterprise easier to use and setup, this > changing core identity from MAC Address to IDevID. > > My understanding is that Apple intends to randomize MAC every 12 hours, even > on the same "LAN" (ESSID), and that they will just repeat the WPA > authentication afterwards to get back on the network. If the per-device > unique policy (including CAPPORT authorization) can be tied to the device > better, than the MAC address based "physical" exception can be updated. > > But, WPA-PSK doesn't work, because it does not, in general, distinguish > between different devices. > > It can be made to work if every device is given a unique PSK, and there are > some successful experiments doing exactly that. Mostly it just works, but > the challenge is communicating the unique PSK through an unreliable human. > BRSKI can certainly do this, and it can leverage that unencrypted ESSID > present at most hospitality locations to get onto the encrypted > WPA-Enterprise. Or BRSKI-TEEP, or some other BRSKI-EAP method. The > unencrypted SSID is not going away at those locations. > > Thus QR-code based methods are best, yet those do not work for many IoT > devices. EMU's EAP-NOOB can help in certain cases, but we, as a community > need be clear on what direction we want to go. One answer is that IoT > devices have little reason to randomize their MAC if they are not generally > ported. > > > On 2020-09-22 3:49 p.m., Lee, Yiu wrote: >> Hi team, >> >> We proposed a BoF. The agenda is in >> https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md and the >> proposal is in >> https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-20200918.md. You >> can also find the draft here >> https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01. >> >> At this stage, we are looking for inputs for more use cases and interests >> of working together in this domain. Please post your comments in the >> mailing list. >> >> Thanks >> > > > -- > Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet >
- [Int-area] Evaluate impact of MAC address randomi… Lee, Yiu
- Re: [Int-area] Evaluate impact of MAC address ran… Andy Smith
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] [EXTERNAL] Re: Evaluate impact of … Lee, Yiu
- Re: [Int-area] [Captive-portals] Evaluate impact … Peter Yee
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] Evaluate impact of MAC address ran… Lee, Yiu
- Re: [Int-area] [homenet] Evaluate impact of MAC a… David R. Oran
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Lee, Yiu
- Re: [Int-area] [EXTERNAL] Re: [homenet] Evaluate … Lee, Yiu
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Bob Hinden
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Brian Dickson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Stephen Farrell
- Re: [Int-area] [Captive-portals] [EXTERNAL] Re: [… Martin Thomson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Ralf Weber
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Pascal Thubert (pthubert)
- Re: [Int-area] Evaluate impact of MAC address ran… Stewart Bryant
- Re: [Int-area] [homenet] Evaluate impact of MAC a… Michael Richardson
- Re: [Int-area] [Captive-portals] [homenet] Evalua… Michael Richardson
- Re: [Int-area] Evaluate impact of MAC address ran… Eric Vyncke (evyncke)
- Re: [Int-area] Evaluate impact of MAC address ran… Joseph Touch
- Re: [Int-area] Evaluate impact of MAC address ran… Stewart Bryant
- Re: [Int-area] Evaluate impact of MAC address ran… Alan DeKok
- Re: [Int-area] Evaluate impact of MAC address ran… tom petch
- Re: [Int-area] [Captive-portals] Evaluate impact … Derek Fawcus
- Re: [Int-area] [Captive-portals] [homenet] Evalua… Malay Vadher
- Re: [Int-area] [Captive-portals] [EXTERNAL] Re: [… Christian Huitema
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Brian Dickson
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Christian Huitema
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Peter Yee
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Juan Carlos Zuniga
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Weil, Jason
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Rolf Winter
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Michael Richardson
- Re: [Int-area] [homenet] [Captive-portals] [EXTER… Stephen Farrell
- Re: [Int-area] [Captive-portals] [homenet] [EXTER… Carsten Bormann
- Re: [Int-area] Evaluate impact of MAC address ran… Andrew G. Malis
- Re: [Int-area] [EXTERNAL] Re: Evaluate impact of … Lee, Yiu
- Re: [Int-area] [Captive-portals] [homenet] Re: Ev… Livingood, Jason