Re: [Madinas] BoF preparation call - Minutes

Juan Carlos Zuniga <juancarlos.zuniga@sigfox.com> Fri, 16 April 2021 18:07 UTC

Return-Path: <juancarlos.zuniga@sigfox.com>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF6623A2D5D for <madinas@ietfa.amsl.com>; Fri, 16 Apr 2021 11:07:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sigfox.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2NedsX35Owad for <madinas@ietfa.amsl.com>; Fri, 16 Apr 2021 11:07:12 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10110.outbound.protection.outlook.com [40.107.1.110]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F8B43A2809 for <madinas@ietf.org>; Fri, 16 Apr 2021 11:07:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Q2jrH73SUormOPfdGAZfYmjl9ib6sHOorq5y2Pkg/3w1mA9xqWOkuBfw8EE5m0qyJjV6emQ5NTzL0Tr6ZNlJzyQwUGFwnDUx/AZIk/vUKn8BzX9CSeZ5i1weDn2ocacJCDXauCAGAZlgUDZQJ1MkM4dIzoFTFpFP8Gr7GotvhSwM5PHr44aKLMtd23cJo1sP23TrA8ZvDRN3v7Cv/6lXikqP7HZrOtG587Xw1ujfAKtXDhw74UbF+vgD9uz1ZBPPWOTWTOdskNlsPKvi+wA/jQlWMy6nrAMJGdvl6DwoAwx4Ohi16wnw30ZLbmeTcYUGYi2Cs+1PX7+jjeSn1CxY1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M8wBzfR14lRE97yxmSXQrhyVc+D1Z8ye3L9v3/lo4PE=; b=mKVAPUXvTxOxlr8WIlaxpq9iNbJFACFbiIBDbXYd+Q7VjHJWAOuISJ+Ml60urFa04kpH4an+ncPd4q/I9q/FJ5GkW4bBFDF/7JBJfjGNcZIPsvg8wguvPglkyUj55QEhB920ussSiaRzDc3937bqj2hDIOFHcsG915s4hDcthAQtBhVzlf8ODxfYp030DimWYPt5+WSRv8AbQTHewWY1xAcX8hk7BdE1HSFOamiUyTmqsMtEr2vgnb0oHz6Mafgk9+UjZYdQ+0EaRMMRnaLrk3I9h+IoM1WjuOwlQ9dvmYMsu38xDnf6nPAjTYO1yl0knNrdBvnoO8oNIm7B9wKp3Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sigfox.com; dmarc=pass action=none header.from=sigfox.com; dkim=pass header.d=sigfox.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sigfox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=M8wBzfR14lRE97yxmSXQrhyVc+D1Z8ye3L9v3/lo4PE=; b=AErcdgjpK57xpRr8wxaoQ2B8LYoPV5S+8681vk0gDZmZAZueFNa5EM5G6jxUj5/78NaoPwOdLqeFrDi7b3IqmX+Hi8OIKmPGvQ4r6kUobO2+rAXZRucGB7cH/bLOUqwbWCqfIrEmXXEjrZb0KchXmdyC6JCe571t+vOGRgad2fY=
Received: from DB7PR08MB3179.eurprd08.prod.outlook.com (2603:10a6:5:25::29) by DB7PR08MB3531.eurprd08.prod.outlook.com (2603:10a6:10:49::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.21; Fri, 16 Apr 2021 18:07:09 +0000
Received: from DB7PR08MB3179.eurprd08.prod.outlook.com ([fe80::6106:2628:4e04:9098]) by DB7PR08MB3179.eurprd08.prod.outlook.com ([fe80::6106:2628:4e04:9098%4]) with mapi id 15.20.4020.025; Fri, 16 Apr 2021 18:07:09 +0000
From: Juan Carlos Zuniga <juancarlos.zuniga@sigfox.com>
To: "madinas@ietf.org" <madinas@ietf.org>
CC: CARLOS JESUS BERNARDOS CANO <cjbc@it.uc3m.es>, "Lee, Yiu" <Yiu_Lee@comcast.com>, "j.c.zuniga@ieee.org" <j.c.zuniga@ieee.org>
Thread-Topic: BoF preparation call - Minutes
Thread-Index: Adcy1oLccu8K6gDbQomFMaNj79JFSw==
Date: Fri, 16 Apr 2021 18:07:09 +0000
Message-ID: <DB7PR08MB31795F545A841A94CA888CE8894C9@DB7PR08MB3179.eurprd08.prod.outlook.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=sigfox.com;
x-originating-ip: [104.163.146.17]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f6ef2ef0-4f5b-4a03-d3a3-08d9010273d6
x-ms-traffictypediagnostic: DB7PR08MB3531:
x-microsoft-antispam-prvs: <DB7PR08MB3531B769C602EE9335E52BE2894C9@DB7PR08MB3531.eurprd08.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ZTzeKbsCoJVW8kd6qRYx4rMIDTRRiyQnn/DtpX04/DpMnb2Y+PIJEOlbIe5JyeO5cxhh6bqPUBhi/zPW9rffoasybpcQbdCgWsabpIzEh+4H5az3nwf/jz2fO1PzIsfPY0o8r0VBFSkqkttKP9JoeEzNcb9A1uw43/pqzfRk+rPNqgb1cXOf5TSu1iQib2iAAu0eJt+sGm/8kwngZ6jxKF/fqqOjLfRjN9Lgu6mEpkoUPo2dEpfNydC19HJCLWvlfhJqUVuFrb3pG6L7nyk+4Hb51EyvgLxzxswq24ZC5qDySzt2kmN56ugO83BMfHOOnRR2xGiw+/NWWGJ5s556f6ua7xqST+D1GUOMfJNxKeE50rwFH3NCxgcXkh6/vpxzQV87RqiXlro8FsOByTRBfAXqx5zDU6+n0xkTlqfJtJIYtmYRgVmCKcB1BGR9n44scWTJPO0uky13kUJwo9AWkOXNmO74plcHSFhVeZ41j5gRJUafQT2mkuL7aRp8GaCySMBHisLIHnjvC71tYYYfC582BZzJfy/xT9p1PCAB3cocMjgfajEY0Wdj3AMfbp7rrih+0bEHYKaPpNv8a/mvKtaGNU3t8hzOLJ8JGPw5YI8=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR08MB3179.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(366004)(396003)(39830400003)(136003)(55016002)(2906002)(83380400001)(4326008)(8936002)(76116006)(45080400002)(316002)(66946007)(8676002)(66476007)(6916009)(7696005)(71200400001)(6506007)(9686003)(54906003)(52536014)(5660300002)(64756008)(66556008)(66446008)(86362001)(33656002)(186003)(38100700002)(122000001)(26005)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: xgHCzXVrlOs2wiwf3ft1m5lhPVXzLDxMRofQk66mqtIdKCeIuFMazHri3oXQgOqfmiAEG4pHSK9Bh2aaZe7zfwDjvgfYdgrxE23ta5IwigK+duZ70mpJ2iMFPzscByN2tR2BBckANWzEOUyyd8mvuYR0tu7ulHWHmb5QqhOZ+7xSOitsdmE2KbzoDXIUp4qUUVy1mmVQR4zCU3ZCkdq/Z26a3wEjU6Bt3dRYZku2CxGtUd0F/mbBzKzNpG4VNJdW4kaa0a10nEK2BLrWeEjg2CBrwj36cL9flUc4YTbZdJbiQQr8OlijCdN0N7e/gmzQ0ASGss0ji749XrcauXlEG2P3PWGwCmvwakPS9MAK2WC8KL4q89fuKuTgkykxVJ1YE7Y6kr0AvL7WJBMCPEEvkcxyZyCKM4cqo6948sgxHKk9jQVCeaYDJR1r9q3XVygsC6X+LC3Sx7NHsxg6Xh+W0IIAxxeoKkfAfQ2AU7E3pVAezBH3xZ6N49IZKUbIDF25sd18wdmJALyid/xiADiGDQKef7rMin9BTCEKEhiFEUL6ciMtAqNj17KnSNxAH9YzYTLj1kUTrjd0yO+ewJT4MnjLH0D4xQZuearewRKzfAxTB55O9pVREnQwGV2/mDcYNEv0ZpKAjmlhy9TP4SoCGiOu446TBgWz4B/XmImPmyCi6qcSCF6R1hWLGt+Id+z+BRlQY+CXJTQn7i7Y/fiz64/zt9x0ES2SsOgOQ7X+kaXR0Aor5SwW/qmJ3gad96o+PQJgJCbEFw8MC5kKIBFv8c4YxZKnnyy7ABAHrIxvTAlq3Mv/kwmXTtWZZo4Z6X5yaoxKEHp2jbuCvd7WyHfwntUVFB6OlH02RT8h3XSv8/BqtsvitbdatbjImMiK4tD66wJBikVjV1pQ54AdwJCZgNAEbNuGjw56CMS7S6+1ayHz1UxaICrSARI2TxrW04H5JgHxfshjaXd9fHTMFtnURcLHisoPh4yE9yNyjzBkcceEA88qmJ24sPgaOfZWaAgjcrqMsAb6Ci6iPnQL57lllJtxFCmrIm6Pzv8Lo41QTs7i0Xzv4zhq/Exbi2UVKrw9DM5+hFJtd/4fezur/ceIZLvNDETUlLGwMmeuOYds9zZduTN09NIleLXWOPSACi3Wl3V4cJgz9KyXaAXnjUKBIOTQRNQ1lC8UeNETDUoCbIlsJWm3JweBedPOUt+rg3AdmSRgKDgXrJ7bX6OjysoZIeFjIA4esK5VmjizIa6WhRDknlpkrI/lTvFB0asWpXNDAZ7bLy35lyz4tn6DO3oOgH8CAi3wMP+8MotQLOXOxaclLo46Khb9aNrS1YT8S91H
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DB7PR08MB31795F545A841A94CA888CE8894C9DB7PR08MB3179eurp_"
MIME-Version: 1.0
X-OriginatorOrg: sigfox.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB7PR08MB3179.eurprd08.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f6ef2ef0-4f5b-4a03-d3a3-08d9010273d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Apr 2021 18:07:09.4017 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fcbc8bb1-061e-4b94-9f70-3ad917b0c8d3
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: VlwAJYETbyCDpMcKWSd89srBMOTapggs/iV4DzFkzDWlUTskkAgk6ACsid3Xi6P79t+0KHJ5ESspCIiwNkwQ36N4yxmFejKn/ounZP6BtM8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3531
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/8zGzKxBPjH77p7kAylmqloc8Lz4>
Subject: Re: [Madinas] BoF preparation call - Minutes
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2021 18:07:18 -0000

Dear all,

Thanks for attending the call.

Below are the minutes.

Feel free to let us know if there is any required clarification or missing info.

Best,

Juan Carlos, Carlos & Yiu




MADINAS BoF Prep-call

Friday, 16 April, 14:00-15:00 UTC, Webex

Chairs:
Juan Carlos Zuniga (SIGFOX)
Carlos Bernardos (UC3M)

Note Taker: Yiu Lee (Comcast)



AGENDA

1. Intro & Agenda Bashing - Chairs                            5 minutes

2. Problem Statement                                                   15 minutes
              draft-henry-madinas-framework-01 - Jerome Henry (Cisco)

3. WBA                                                                               20 minutes

              WiFi Devices Identification Group and Paper - Bruno Tomas (WBA), Tim Twell (BT)

4. Proposed Charter & Next Steps                                   20 minutes

              Chairs w/ADs support



MINUTES - Participants (28)

1. Intro & Agenda Bashing - Chairs

JC gave a quick intro and the agenda.


2. Problem Statement

Jerome explained the draft updates. Jerome mentioned that we updated
Table 1 and removed the "Privacy" column because the authors agreed that
privacy is important across the board.

Eric Vycke suggested to replace "framework" to "Problem Statement"

Tim Cappalli has question for PS6. We replace "Define" to "Identify".


3. WBA

Bruno Tomas shared the current work happening in WBA

WBA sees device identity is an important issue. They have a project called
"OpenRoaming".

OpenRoaming is a framework to extend Passpoint to make roaming more user
friendly

Tim Twell is leading the effort in BT for device identity. Tim Twell gave
an overview of the WBA Liaison paper. He acknowledged that using mac-address
as device identity created some challenges moving forward. The White Paper
will provide inputs to the standard bodies. WBA plans to work on requirements
and recommendations pointing to other SDOs - new protocol developments is
last resort. Currently, Tim believes that there isn't an one-size-fit-all
solution for all environments.


WBA released a Liaison Paper that is being shared with IETF MADINAS (newer
version to be distributed on the list).
Section 1 discuss problems caused by mac randomization.
Section 2 looks at different network types and how they use device identity.
Section 3 looks at device distribution of using mac-address randomization.

At the network data plane layer, currently mac-address is being used for
many functions such as telemetry, QoS and Lawful Intercept.


CHAT

rom Eric Vyncke (Cisco) to everyone:    10:07 AM
Sorry for joining late, I had a link to a google meeting ;-)
from Jerome Henry (Cisco) (Cisco) to everyone:    10:08 AM
:0
to Behcet (Guest) (privately):    10:10 AM
Hi Behcet, would you mind muting your mic?
from Tim Cappalli - Microsoft (Guest) to everyone:    10:14 AM
User's personal privacy still matters on managed devices. Its just what level is there legal protection or corporation policies that allow the organization to ignore the user's concerns.
from Eric Vyncke (Cisco) to everyone:    10:14 AM
agreed, some countries are pretty clear on this
from Tim Cappalli - Microsoft (Guest) to everyone:    10:17 AM
This is more of a use case doc, no?
from Eric Vyncke (Cisco) to everyone:    10:17 AM
True
from Eric Vyncke (Cisco) to everyone:    10:19 AM
3.6 is indeed more about requirements
from Erik Kline (Guest) to everyone:    10:19 AM
PS5: s/define/identify/?
from Eric Vyncke (Cisco) to everyone:    10:21 AM
Good idea
from Erik Kline (Guest) to everyone:    10:27 AM
What's the relationship between Open Roaming and Passpoint?  (sorry for the naive question)
from Erik Kline (Guest) to everyone:    10:28 AM
ack; thx
from Behcet (Guest) to everyone:    10:29 AM
Passpoint is authentication protocol developed by WiFi Alliance. It basically does authentication based on email address not MAC address
from Tim Cappalli - Microsoft (Guest) to everyone:    10:30 AM
Passpoint is NOT an authentication protocol
from Tim Cappalli - Microsoft (Guest) to everyone:    10:30 AM
It is a discovery protocl
from Tim Cappalli - Microsoft (Guest) to everyone:    10:30 AM
Nor is email address used
from Behcet (Guest) to everyone:    10:32 AM
This is from WFA: Wi-Fi CERTIFIED Passpoint(r) is an industry-wide solution that streamlines Wi-Fi access and eliminates the need for users to find and authenticate a network each time they visit
from [V] Mark Hamilton Ruckus/CommScope (Guest) to everyone:    10:32 AM
It's both.  It defines discovery mechansisms, and also specifies EAP authentication to be used for access.  I optionally also adds methods to provision EAP identities into the client devices.
from Bruno Tomas WBA (Guest) to everyone:    10:32 AM
Indeed, Passpoint combines 802.11u, 802.11i and 802.1x (allow both EAP-SIM, AKA, TTLS, TLS) authentication. OpenRoaming leverages Passpoint to massively scale user onboarding and Identity Providers. It then adds the end to end perspective, with RadSec/IPSEC, AAA, Dynamic Discovery (optional) of Roaming end points
from Tim Cappalli - Microsoft (Guest) to everyone:    10:32 AM
It references EAP methods, does not define them
from Tim Cappalli - Microsoft (Guest) to everyone:    10:33 AM
and client provisioning != authentication
from Behcet (Guest) to everyone:    10:33 AM
Merci Bruno
from Carsten Bormann (Guest) to everyone:    10:34 AM
This is somewhat hard to follow while it uses identifiers and identities as if they were synonyms
from [V] Mark Hamilton Ruckus/CommScope (Guest) to everyone:    10:36 AM
We should note that EAP level of authentication is not appropriate for all networks.  Where the user and network want/need a mutual trust relationship, Passpoint and OpenRoaming can be leveraged.  But, where the network is "visited" and less (or not) trusted, privacy is still a concern.
from Eric Vyncke (Cisco) to everyone:    10:37 AM
is 'networ types' on slide 4 what the IETF names "use cases" ?
from Tim Cappalli - Microsoft (Guest) to everyone:    10:37 AM
It is not all about trust. It is also about UX
from Tim Cappalli - Microsoft (Guest) to everyone:    10:38 AM
So while Passpoint may seem like overkiill from a protocol standpoint, its UX is unmatched.
[LAST LINES MISSING]