[Madinas] New Liaison Statement, "Liaison statement on Randomized and Changing MAC Address"

Liaison Statement Management Tool <statements@ietf.org> Fri, 01 December 2023 16:13 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Liaison Statement Management Tool <statements@ietf.org>
To: Carlos Jesús Bernardos <cjbc@it.uc3m.es>, Juan-Carlos Zúñiga <juzuniga@cisco.com>
Cc: Éric Vyncke <evyncke@cisco.com>, Carlos Jesús Bernardos <cjbc@it.uc3m.es>, János Farkas <janos.farkas@ericsson.com>, Juan-Carlos Zúñiga <juzuniga@cisco.com>, Erik Kline <ek.ietf@gmail.com>, Glenn Parsons <glenn.parsons@ericsson.com>, John Messenger <JMessenger@advaoptical.com>, MAC Address Device Identification for Network and Application Services Discussion List <madinas@ietf.org>, Paul Nikolich <p.nikolich@ieee.org>, liaison-coordination@iab.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <170144720479.36257.18098100944442813927@ietfa.amsl.com>
Date: Fri, 01 Dec 2023 08:13:24 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/6cPKH1UuSGaZw-vHLjinMNH04WA>
Subject: [Madinas] New Liaison Statement, "Liaison statement on Randomized and Changing MAC Address"

Title: Liaison statement on Randomized and Changing MAC Address
Submission Date: 2023-12-01
URL of the IETF Web page: https://datatracker.ietf.org/liaison/1884/
Please reply by 2024-01-31
From: Glenn Parsons <glenn.parsons@ericsson.com>
To: Carlos Jesús Bernardos <cjbc@it.uc3m.es>,Juan-Carlos Zúñiga <juzuniga@cisco.com>
Cc: Carlos Jesús Bernardos <cjbc@it.uc3m.es>,Erik Kline <ek.ietf@gmail.com>,Éric Vyncke <evyncke@cisco.com>,Juan-Carlos Zúñiga <juzuniga@cisco.com>,MAC Address Device Identification for Network and Application Services Discussion List <madinas@ietf.org>,János Farkas <janos.farkas@ericsson.com>
Response Contacts: Paul Nikolich <p.nikolich@ieee.org>,Glenn Parsons <glenn.parsons@ericsson.com>,John Messenger <JMessenger@advaoptical.com>
Technical Contacts: 
Purpose: For action

Body: The IEEE 802.1 Working Group has reviewed the draft "Liaison on Randomized and Changing MAC
Address" (draft-ietf-madinas-mac-address-randomization-09) and has the following comments:

(1) Regarding the paragraph beginning “The IEEE 802.1 working group …” we propose replacement
with a version that more accurately summarizes the SLAP:

IEEE Std 802 [IEEE_802], as of the amendment IEEE 802c-2017 [IEEE_802c], specifies a local MAC
address space structure known as the Structured Local Address Plan (SLAP). The SLAP designates a
range of Extended Local Identifiers (ELIs) for subassignment within a block of addresses assigned by the
IEEE Registration Authority via a Company ID (CID). A range of local MAC addresses is designated for
Standard Assigned Identifiers (SAI) to be specified by IEEE 802 standards. Another range of local MAC
addresses is designated for Administratively Assigned Identifiers (AAI) subject to assignment by a
network administrator.

(2) Regarding (1), we suggest adding to [12] the reference:

[IEEE_802] "IEEE Std 802 - IEEE Standard for Local and Metropolitan Area Networks: Overview and
Architecture", IEEE 802, 2014.

(3) We propose deleting unintelligible information from some of the referenced IEEE standards; namely,
"architecture, 8. W. -. 8. L., " from IEEE_802c, "architecture, 8. W. -. 8. L., " from IEEE_802E, and
"Group, 8. W. -. W. L. W., " from IEEE_802_11_aq.

(4) A major conclusion of the work in IEEE Std 802E concerned the difficulty of defending privacy
against adversaries of any sophistication. In particular it has been shown that individuals can be
successfully tracked by fingerprinting using aspects of their communication other than MAC Addresses
or other permanent identifiers. Machine learning techniques facilitate fingerprinting without the adversary
needing to understand the technical reasons for the correlation. There is a danger in the short reference
currently in the MADINAS draft that the reader might conclude that replacing a permanent identifier with
a temporary identifier *will improve* privacy, as opposed to avoiding making things worse if the other
contributions to fingerprinting have been addressed - "reaching the conclusions" can overstate the
expected privacy gain. The issue of identifiers relates not just to service quality in any narrow sense, but
more broadly to providing service. The recently completed IEEE Std 802.1AEdk-2023: MAC Privacy
protection includes an Informative Annex responding to the IEEE Std 802E call for privacy study.

(5) Regarding the paragraph beginning with “Work within the IEEE 802.1 Security task group… “ we
propose a replacement that is more accurate:

IEEE Std 802E-2020: Recommended Practice for Privacy Considerations for IEEE 802 Technologies
[IEEE_802E] recommends the use of temporary and transient identifiers if there are no compelling
reasons for a newly introduced identifier to be permanent. This Recommended Practice is part of the basis
for the review of user privacy solutions for IEEE Std 802.11 (aka Wi-Fi) devices as part of the RCM
[rcm_privacy_csd] efforts. Annex T of IEEE Std 802.1AEdk-2023: MAC Privacy Protection discusses
privacy considerations in bridged networks.

(6) Since all readers may not be aware that IEEE 802 standards are available for free from the IEEE GET
program, we suggest including this information at the beginning of the Informative References section:

IEEE 802 standards are available free via the IEEE GET Program at
https://ieeexplore.ieee.org/browse/standards/get-program/page/series?id=68.

(7) In the introduction text of this draft, reference is made to cellular networks. These networks do not
(currently at least) use MAC addresses. It is suggested to remove the reference to cellular to avoid
confusion.

Thank you for your consideration of these matters, and we welcome continued collaboration going
forward.
Attachments:

    https://www.ietf.org/lib/dt/documents/LIAISON/liaison-2023-12-01-ieee-802-1-madinas-liaison-statement-on-randomized-and-changing-mac-address-attachment-1.pdf

[Madinas] New Liaison Statement, "Liaison stateme… Liaison Statement Management Tool