IETF Logo Mail Archive

Re: [Madinas] I-D Action: draft-ietf-madinas-mac-address-randomization-10.txt

Bob Hinden <bob.hinden@gmail.com> Wed, 21 February 2024 17:29 UTC

Return-Path: <bob.hinden@gmail.com>
X-Original-To: madinas@ietfa.amsl.com
Delivered-To: madinas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64370C14F6B7 for <madinas@ietfa.amsl.com>; Wed, 21 Feb 2024 09:29:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gpgXoK0nhhwc for <madinas@ietfa.amsl.com>; Wed, 21 Feb 2024 09:28:57 -0800 (PST)
Received: from mail-yw1-x112a.google.com (mail-yw1-x112a.google.com [IPv6:2607:f8b0:4864:20::112a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E29CCC14F708 for <madinas@ietf.org>; Wed, 21 Feb 2024 09:28:56 -0800 (PST)
Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-6079d44b02bso49177057b3.3 for <madinas@ietf.org>; Wed, 21 Feb 2024 09:28:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1708536536; x=1709141336; darn=ietf.org; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=4XIEpESszByp7f5LtiqsVVn/oosMYkL20YQau/Rj8dg=; b=MSII544b+6PmL6iFDZ26sjG9weU7kCEz2ebKnWxGwmwB+Z4u7OEKaJRb3wf2o+c8q/ 51/5omfrAdsINJ+0ejiC5dqFAL5xhxWXCE+LMcO6RbBpeBq7JTMitGTgFI8v91obWjCS 53ugmsww0J/+wcvY3jVCbwCks5rd151+VyZzG3yQiyJorJth6kAGs62laGS+WzFRHcYo GDKa+WqyzK4uUc5tj6+9WT3eHMGArlfg4XrJBDsPpyRpUeoDw/Taemf7r/YnhBYXrrEX CeiV1qr4Qf3cawveLlYnevUDRJtW1d//trjmoHR9vOY0x+2RUlk594CZDoRWUOzOAvFn 24fA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1708536536; x=1709141336; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=4XIEpESszByp7f5LtiqsVVn/oosMYkL20YQau/Rj8dg=; b=obP1qfy10w/kvkwjykt5QdoC6tXXI0UbkMy0MwO5ikVkKEia/wnDJPbnSzVhdTvX2n J/JQcdGyUQPxVkkbLtK+PQyM8zXV7/QO3JB0Y3xMmT16m44cE8T4BR8khByCAFGSyUmS 1SXe5yjN+wSZ+mJpYHTrwIZzbsWjazV+v6R4tXGuzHrcgJEoda3Qh5IcTqOLbLwXzVPM YSP3bCQd/Pouum5USScWcNdGBJ+sjSq0jRzRgF0onQ1vL+OLlURVegqL51nDprE7Se/w yRBifPrU+om/A6nD6v/UqG8Sura3GbQUJHabU5oZwERFSnKgKHdoOLii8xxAENnjgDnp mM9A==
X-Forwarded-Encrypted: i=1; AJvYcCXTmEaMBrZbcUPxMc62qdjR48Ey7mx3pozJJ4X4XvNJVsNJpGhXJu+6lXYf4z4WLyy/ipeQEs+/gj+kO5rhudAj
X-Gm-Message-State: AOJu0YzLj2X6yTy2/YLlNIrFaaJUONpAojJvtQb1r2eQK1TGnULdhZ52 l4RZ3tVKOsON3TK/Ss9qxe2zUkEgayjs2a9BbIBnkwU4s/S6y9aE
X-Google-Smtp-Source: AGHT+IEjUKHyyWr5WqnsLgjPfN4+Ksl/tb0bwo291sdK04evzNoT01uNoQwV5Vm/aDiK4ZWNYGNwRQ==
X-Received: by 2002:a81:ec01:0:b0:608:5f8c:2899 with SMTP id j1-20020a81ec01000000b006085f8c2899mr4588612ywm.26.1708536535311; Wed, 21 Feb 2024 09:28:55 -0800 (PST)
Received: from smtpclient.apple (99-31-208-116.lightspeed.sntcca.sbcglobal.net. [99.31.208.116]) by smtp.gmail.com with ESMTPSA id k62-20020a816f41000000b006047d63bc78sm2678716ywc.72.2024.02.21.09.28.54 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 21 Feb 2024 09:28:54 -0800 (PST)
From: Bob Hinden <bob.hinden@gmail.com>
Message-Id: <706C6A9B-965A-4587-8544-7BAA0C30EF4A@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7C67C250-3B76-484A-9A84-E3FF0D464FCA"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.400.31\))
Date: Wed, 21 Feb 2024 09:28:33 -0800
In-Reply-To: <CALypLp9usT2b8U4qxjr=QRixvwTHhNwFi6B5i_fZ+HxdK7OpgQ@mail.gmail.com>
Cc: Bob Hinden <bob.hinden@gmail.com>, madinas@ietf.org
To: CARLOS JESUS BERNARDOS CANO <cjbc@it.uc3m.es>
References: <170497095275.13340.12464306135239574020@ietfa.amsl.com> <E8162B32-363A-4B7C-86D6-5D7B2AD1F03E@gmail.com> <CALypLp-2cuBo-4t=Fu6F2y0DqOjsy3_vqhdYfzyJiEraVZi0xQ@mail.gmail.com> <FCE4EEAF-D7BC-49F5-94AA-80D6D9E286B0@gmail.com> <CALypLp9usT2b8U4qxjr=QRixvwTHhNwFi6B5i_fZ+HxdK7OpgQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3774.400.31)
Archived-At: <https://mailarchive.ietf.org/arch/msg/madinas/Q8U58Si7IE7Glb7w3RY7v6ypvvI>
Subject: Re: [Madinas] I-D Action: draft-ietf-madinas-mac-address-randomization-10.txt
X-BeenThere: madinas@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: MAC Address Device Identification for Network and Application Services <madinas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/madinas>, <mailto:madinas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/madinas/>
List-Post: <mailto:madinas@ietf.org>
List-Help: <mailto:madinas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/madinas>, <mailto:madinas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2024 17:29:01 -0000

Carlos,

Greatly improved, thanks very much!

A few suggested edits and comments to Section 6 below.

Bob


> 6.  MAC randomization in IETF Protocol Standards
> 
>    [RFC4862] specifies Stateless Address Autoconfiguration (SLAAC) for
>    IPv6, which typically results in hosts configuring one or more
>    "stable" addresses composed of a network prefix advertised by a local
>    router, and an Interface Identifier (IID).  [RFC8064] formally
>    updated the original IPv6 IID selection mechanism to avoid generating
>    the IID from the MAC address of the interface (via EUI64), as this
>    potentially allowed for global tracking of a device at L3 from any
>    point on the Internet (note that the prefix part of the address
>    provides meaningful insights of the physical location of the device
>    in general, which together with the MAC address-based IID, made it
>    easier to perform global device tracking).

The same can be said for IPv4 prefixes, they can be used to track the location.    

> 
>    [RFC8981] identifies and describes the privacy issues associated with
>    embedding MAC stable addressing information into the IPv6 addresses
>    (as part of the IID).  It describes an extension to IPv6 Stateless
>    Address Autoconfiguration that causes hosts to generate temporary
>    addresses with randomized interface identifiers for each prefix
>    advertised with autoconfiguration enabled.  Changing addresses over
>    time limits the window of time during which eavesdroppers and other
>    information collectors may trivially perform address-based network-
>    activity correlation when the same address is employed for multiple
>    transactions by the same host.  Additionally, it reduces the window
>    of exposure of a host as being accessible via an address that becomes
>    revealed as a result of active communication.  These temporary
>    addresses are meant to be used for a short period of time (hours to
>    days) and would then be deprecated.  Deprecated addresses can
>    continue to be used for already established connections, but are not
>    used to initiate new connections.  New temporary addresses are
>    generated periodically to replace temporary addresses that expire.
>    In order to do so, a node produces a sequence of temporary global
>    scope addresses from a sequence of interface identifiers that appear
>    to be random in the sense that it is difficult for an outside
>    observer to predict a future address (or identifier) based on a
>    current one, and it is difficult to determine previous addresses (or
>    identifiers) knowing only the present one.  The main problem with the
>    temporary addresses is that they should not be used by applications
>    that listen for incoming connections (as these are supposed to be
>    waiting on permanent/well-known identifiers).  Besides, if a node
> 
> 
> 
> Zuniga, et al.           Expires 23 August 2024                 [Page 8]
> 
> Internet-Draft     Randomized and Changing MAC Address     February 2024
> 
> 
>    changes network and comes back to a previously visited one, the
>    temporary addresses that the node would use will be different, and
>    this might be an issue in certain networks where addresses are used
>    for operational purposes (e.g., filtering or authentication).
>    [RFC7217], summarized next, partially addresses the problems
>    aforementioned.

I am not sure I would say “The main problem with temporary addresses….”

If you want to be reachable, then you need a stable address.    This isn’t a problem with temporary addresses.    Clients should use temporary addresses, servers should use stable addresses.  You can be reachable without some sort of stable identifier.

> 
>    [RFC7217] describes a method to generate Interface Identifiers that
>    are stable for each network interface within each subnet, but that
>    change as a host moves from one network to another.  This method
>    enables keeping the "stability" properties of the Interface
>    Identifiers specified in [RFC4291], while still mitigating address-
>    scanning attacks and preventing correlation of the activities of a
>    host as it moves from one network to another.  The method defined to
>    generate the IPv6 IID is based on computing a hash function which
>    takes as input information that is stable and associated to the
>    interface (e.g., a local interface identifier), stable information
>    associated to the visited network (e.g., IEEE 802.11 SSID), the IPv6
>    prefix, and a secret key, plus some other additional information.
>    This basically ensures that a different IID is generated when any of
>    the input fields changes (such as the network or the prefix), but
>    that the IID is the same within each subnet.
> 
>    Currently, [RFC8064] recommends nodes to implement [RFC7217] as the
>    default scheme for generating stable IPv6 addresses with SLAAC, to
>    mitigate the privacy threats posed by the use of MAC-derived IIDs.
> 
>    In addition to the former documents, [RFC8947] proposes an extension
>    to DHCPv6 that allows a scalable approach to link-layer address
>    assignments where preassigned link-layer address assignments (such as
>    by a manufacturer) are not possible or unnecessary.  [RFC8948]
>    proposes extensions to DHCPv6 protocols to enable a DHCPv6 client or
>    a DHCPv6 relay to indicate a preferred SLAP quadrant to the server,
>    so that the server may allocate MAC addresses in the quadrant
>    requested by the relay or client.
> 
>    Not only MAC and IP addresses can be used for tracking purposes.
>    Some DHCP options carry unique identifiers.  These identifiers can
>    enable device tracking even if the device administrator takes care of
>    randomizing other potential identifications like link-layer addresses
>    or IPv6 addresses.  [RFC7844] introduces anonymity profiles, designed
>    for clients that wish to remain anonymous to the visited network.
>    The profiles provide guidelines on the composition of DHCP or DHCPv6
>    messages, designed to minimize disclosure of identifying information.
>    [RFC7844] also indicates that the link-layer address, IP address, and
>    DHCP identifier shall evolve in synchrony.

Just a comment, this section is titled "MAC randomization in IETF Protocol Standards”.  I wonder if the paragraph above is going beyond that.   It’s not only DHCP that has things that can be used for tracking.   Many of the higher level protocols such as used in the world wide web have things that are commonly used for tracking.  For example, “cookies”.   

Think about if this section is about MAC randomization” or if it is about the larger issue of tracking.   If the latter, there is a lot more to discuss.



> On Feb 20, 2024, at 11:18 PM, CARLOS JESUS BERNARDOS CANO <cjbc@it.uc3m.es> wrote:
> 
> Hi Bob, all,
> 
> We have just posted a new version addressing your comments.
> 
> Thanks!
> 
> Carlos
> 
> On Sat, Jan 13, 2024 at 8:46 PM Bob Hinden <bob.hinden@gmail.com <mailto:bob.hinden@gmail.com>> wrote:
>> Thanks
>> Bob
>> 
>> 
>> 
>>> On Jan 12, 2024, at 12:33 PM, CARLOS JESUS BERNARDOS CANO <cjbc@it.uc3m.es <mailto:cjbc@it.uc3m.es>> wrote:
>>> 
>>> Hi Bob,
>>> 
>>> Sorry, I think I overlooked your previous comment. I'll update the draft next week.
>>> 
>>> Thanks!
>>> 
>>> Carlos
>>> 
>>> On Fri, Jan 12, 2024 at 1:38 AM Bob Hinden <bob.hinden@gmail.com <mailto:bob.hinden@gmail.com>> wrote:
>>>> I believe I made similar comments a while back.   Repeating myself.
>>>> 
>>>> 6. MAC randomization-related activities at the IETF
>>>> 
>>>> This title is ambiguous (and Section 4 and 5 the same problem).   “at the IETF” sounds like at an IETF meeting and “activities” isn’t clear.  Protocols are not “activities”   This should be something like:
>>>> 
>>>>           MAC randomization in IETF Protocol Standards
>>>> 
>>>> The text in this section starts with:
>>>> 
>>>> Several IP address assignment mechanisms such as the IPv6 stateless autoconfiguration techniques (SLAAC) [RFC4862] generate the Interface Identifier (IID) of the address from its MAC address (via EUI64), which then becomes visible to all IPv6 communication peers. This potentially allows for global tracking of a device at L3 from any point on the Internet. Besides, the prefix part of the address provides meaningful insights of the physical location of the device in general, which together with the MAC address-based IID, makes it easier to perform global device tracking.
>>>> 
>>>> This is wrong and out dated.   RFC 8064 "Recommendation on Stable IPv6 Interface Identifiers” published in 2017 formally updated IPv6 IID selection to prefer RFC 7217 IIDs and recommends against embedding stable link-layer address in IPv6 IIDS.
>>>> 
>>>> This section needs a serious rewrite.
>>>> 
>>>> Today, I also noted in third paragraph of this section a reference to [RFC4191].  The text is:
>>>> 
>>>> [RFC4191] identifies and describes the privacy issues associated with embedding MAC stable addressing information into the IPv6 addresses (as part of the IID) and describes some mechanisms to mitigate the associated problems.
>>>> 
>>>> RFC4191 is "Default Router Preferences and More-Specific Routes”.  This has nothing to do with embedding MAC stable addresss.
>>>> 
>>>> Bob
>>>> 
>>>> 
>>>>> On Jan 11, 2024, at 3:02 AM, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> wrote:
>>>>> 
>>>>> Internet-Draft draft-ietf-madinas-mac-address-randomization-10.txt is now
>>>>> available. It is a work item of the MAC Address Device Identification for
>>>>> Network and Application Services (MADINAS) WG of the IETF.
>>>>> 
>>>>>   Title:   Randomized and Changing MAC Address state of affairs
>>>>>   Authors: Juan Carlos Zuniga
>>>>>            Carlos J. Bernardos
>>>>>            Amelia Andersdotter
>>>>>   Name:    draft-ietf-madinas-mac-address-randomization-10.txt
>>>>>   Pages:   18
>>>>>   Dates:   2024-01-11
>>>>> 
>>>>> Abstract:
>>>>> 
>>>>>   Internet privacy has become a major concern over the past few years.
>>>>>   Users are becoming more aware that their online activity leaves a
>>>>>   vast digital footprint, that communications are not always properly
>>>>>   secured, and that their location and actions can be easily tracked.
>>>>>   One of the main factors for the location tracking issue is the wide
>>>>>   use of long-lasting identifiers, such as MAC addresses.
>>>>> 
>>>>>   There have been several initiatives at the IETF and the IEEE 802
>>>>>   standards committees to overcome some of these privacy issues.  This
>>>>>   document provides an overview of these activities, with the intention
>>>>>   to inform the technical community about them, and help coordinate
>>>>>   between present and future standardization activities.
>>>>> 
>>>>> The IETF datatracker status page for this Internet-Draft is:
>>>>> https://datatracker.ietf.org/doc/draft-ietf-madinas-mac-address-randomization/
>>>>> 
>>>>> There is also an HTMLized version available at:
>>>>> https://datatracker.ietf.org/doc/html/draft-ietf-madinas-mac-address-randomization-10
>>>>> 
>>>>> A diff from the previous version is available at:
>>>>> https://author-tools.ietf.org/iddiff?url2=draft-ietf-madinas-mac-address-randomization-10
>>>>> 
>>>>> Internet-Drafts are also available by rsync at:
>>>>> rsync.ietf.org::internet-drafts
>>>>> 
>>>>> 
>>>>> -- 
>>>>> Madinas mailing list
>>>>> Madinas@ietf.org <mailto:Madinas@ietf.org>
>>>>> https://www.ietf.org/mailman/listinfo/madinas
>>>> 
>>>> -- 
>>>> Madinas mailing list
>>>> Madinas@ietf.org <mailto:Madinas@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/madinas
>>

v2.23.0 | Report a Bug | By Email