IETF Logo Mail Archive

Re: [perpass] Fwd: New Version Notification for draft-barnes-pervasive-problem-00.txt

Paul Lambert <paul@marvell.com> Wed, 08 January 2014 18:03 UTC

Return-Path: <paul@marvell.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83F201ADFCA for <perpass@ietfa.amsl.com>; Wed, 8 Jan 2014 10:03:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.967
X-Spam-Level:
X-Spam-Status: No, score=-0.967 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_12=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKHe7BlbNZQ4 for <perpass@ietfa.amsl.com>; Wed, 8 Jan 2014 10:03:08 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by ietfa.amsl.com (Postfix) with ESMTP id 8FBC81AE088 for <perpass@ietf.org>; Wed, 8 Jan 2014 10:03:08 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s08I2wO4030759; Wed, 8 Jan 2014 10:02:58 -0800
Received: from sc-owa.marvell.com ([199.233.58.135]) by mx0b-0016f401.pphosted.com with ESMTP id 1h919r9qdw-47 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 08 Jan 2014 10:02:58 -0800
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by SC-OWA.marvell.com ([::1]) with mapi; Wed, 8 Jan 2014 10:02:57 -0800
From: Paul Lambert <paul@marvell.com>
To: Eliot Lear <lear@cisco.com>, Stefan Winter <stefan.winter@restena.lu>, "perpass@ietf.org" <perpass@ietf.org>
Date: Wed, 08 Jan 2014 10:02:56 -0800
Thread-Topic: [perpass] Fwd: New Version Notification for draft-barnes-pervasive-problem-00.txt
Thread-Index: Ac8Mm9xPGXGBnqaCQZyMehqtqIQYzA==
Message-ID: <CEF2D09C.2BD88%paul@marvell.com>
References: <20140107021702.7140.81609.idtracker@ietfa.amsl.com> <CAL02cgRsBQNYd2n05548ZbK-ciPkSNJ=U2V0iv+080p9-1gQbA@mail.gmail.com> <7BAC95F5A7E67643AAFB2C31BEE662D018B7D6E1E4@SC-VEXCH2.marvell.com> <CAL02cgT5u1w-MJfxWHZOdiDQRU_Ov_wGYf7=0O-BH_td-Nis8Q@mail.gmail.com> <CEF1B205.2BC2A%paul@marvell.com> <52CCF598.3000605@restena.lu> <52CCF769.9080303@cisco.com>
In-Reply-To: <52CCF769.9080303@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-01-08_07:2014-01-07, 2014-01-08, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1401080094
Subject: Re: [perpass] Fwd: New Version Notification for draft-barnes-pervasive-problem-00.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jan 2014 18:03:09 -0000

On 1/7/14, 10:59 PM, "Eliot Lear" <lear@cisco.com> wrote:

>
>On 1/8/14 7:52 AM, Stefan Winter wrote:
>
>> In short: MAC addresses are NOT necessarily local to the LAN; if they
>> leak beyond, privacy is at risk. The LAN may be IEEE's domain; protocols
>> that transport information about MAC addresses on the layers above are
>> most certainly IETF work.

So Š this year as we introduce Œephemeral MAC addresses¹ into 802.11.
The IETF should be prepared to fix upper layers as they break :-)

The simplest change is for hourly or daily changes of a link local MAC
address.
This breaks the long term tracking and any usage of MAC address for
authentication.

Longer term, the ephemeral address could be bound to an authentication
process.
My favored key centric approach would be

mac_address = h(pk, nonce)[:6] | 0x800000000000 # upper 6 octets with
bitwise to set link local

Paul


>>
>>
>
>Indeed.  Mac addresses are also found in location registrations for some
>services.
>
>Eliot
>_______________________________________________
>perpass mailing list
>perpass@ietf.org
>https://www.ietf.org/mailman/listinfo/perpass

v2.30.2 | Report a Bug | By Email | System Status