Re: [Madinas] Best Practices for MAC Address handling..
Stephen Farrell <stephen.farrell@cs.tcd.ie> Fri, 30 October 2020 17:25 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 212F43A105A for <madinas@ietfa.amsl.com>; Fri, 30 Oct 2020 10:25:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.246
X-Spam-Level:
X-Spam-Status: No, score=-2.246 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.247, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-a5xmr9EDh8 for <madinas@ietfa.amsl.com>; Fri, 30 Oct 2020 10:25:50 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A113A1059 for <madinas@ietf.org>; Fri, 30 Oct 2020 10:25:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 81EF9BE2E; Fri, 30 Oct 2020 17:25:47 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACnETqpPzsBg; Fri, 30 Oct 2020 17:25:32 +0000 (GMT)
Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id E7CEBBE2F; Fri, 30 Oct 2020 17:25:31 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1604078732; bh=6eTCJEn4x6pCkGTsa7okkGK87AFWu3Qhm1G8Vlfm/2o=; h=Subject:To:References:From:Date:In-Reply-To:From; b=NNSEQgZqJ4G6r3JFdxKDDUQFv4i89fhbYJj7nYZV6MTJGN1cpag9FL+lbIuN7O6EA pI3Hczb5nDh1JjWHW0ZZUhCQGji0NVBTS3D8howgT+8Jx+MvY185lo+rmEsEgEtlhp mfhbvkNHfTmQJcLCfVXp5pCPlszUoqhKOpF5nC4s=
To: Michael Peddemors <michael@linuxmagic.com>, madinas@ietf.org
References: <2fbbbc00-e64a-f99a-7890-1f35e0531e7d@linuxmagic.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Message-ID: <a3ee743c-9bfa-3d9b-f503-8941e8b3606a@cs.tcd.ie>
Date: Fri, 30 Oct 2020 17:25:27 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2
MIME-Version: 1.0
In-Reply-To: <2fbbbc00-e64a-f99a-7890-1f35e0531e7d@linuxmagic.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="Id37ECbnItaoNNcfNO2O5gzgmyrnAX12F"
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/N8HJYyfTg68jyGg3FUxD1ry1AME>
Subject: Re: [Madinas] Best Practices for MAC Address handling..
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Oct 2020 17:25:52 -0000
On 30/10/2020 17:15, Michael Peddemors wrote: > I think that I speak for many infosec people, that I agree that MAC > addresses should NOT be randomly generated, but instead fixed. FWIW, speaking as someone interested in security and privacy, I disagree. But both things are kinda moot - OSes can and are doing this, so we can say what we do/don't like but they'll still do it. (And there are valid reasons for that.) Aside from that, one of my hopes for this BoF is that it not degenerate into "camps" e.g. of those that want to see better privacy or those you refer to as "the infosec community." We've followed that destructive path a couple of times now, and ISTM it leads nowhere. I hope, in this case, that we instead focus on how to both improve privacy and try find new ways to do the kinds of access control that previously depended on hard-coded long lived identifiers like MAC addresses, particularly for interfaces that move around with people. Cheers, S.
- [Madinas] Best Practices for MAC Address handling… Michael Peddemors
- Re: [Madinas] Best Practices for MAC Address hand… Stephen Farrell