[radext] Re: New I-D: draft-seralathan-radext-persistent-devid-00
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 04 June 2026 17:08 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: radext@mail2.ietf.org
Delivered-To: radext@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 56DC4FB0DAF8 for <radext@mail2.ietf.org>; Thu, 4 Jun 2026 10:08:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780592882; bh=NCRRvWM50wbRLeTUmu6T4BC4rDCZwfpV4/FDex8Iaa4=; h=From:To:Subject:In-Reply-To:References:Date; b=aKGi1pBwO0wylxFwF3AImU/32lSqomOjlQmpHu49DyOVBChnUIkEYJ8dvWsbRuKfz lCDEjYFlQHYpnnCk61yl65wew+/UsIpefmjLeXxrPofFNBRAw8sWOSOlHaJUg6tO6F OS1NV4EQ/qwBE56lCKZ8cawt7O+/mGV1Pfcd8hNQ=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.4
X-Spam-Level:
X-Spam-Status: No, score=-4.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=sandelman.ca
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aw15yhEtEcS4 for <radext@mail2.ietf.org>; Thu, 4 Jun 2026 10:08:01 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 023C1FB0D935 for <radext@ietf.org>; Thu, 4 Jun 2026 10:05:43 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 875B218015; Thu, 04 Jun 2026 13:05:42 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavis, port 10024) with LMTP id uYRqIZxoGzEf; Thu, 4 Jun 2026 13:05:41 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sandelman.ca; s=mail; t=1780592741; bh=aGZRW03vTLEOTjontYCYpNSyY3my4bWa3DoBuTcNiEQ=; h=From:To:Subject:In-Reply-To:References:Date:From; b=crPwXVe9ojUD3YzdvOja5/4WQnrjeDYCFMc2vQs/9ga0KaF0uqqv/nS74xjakuhAj efSWDNMsAXM1ERJngYVDfO8Kneelfhn+Oll98gIYG4K/LX26Nm80zYN0Oc05+D3B/3 waycPzZfryO0XG391/Mo7OYA15cOU1wcZ/6KBe3lLFqMz7ix4LSz+h7gSq9PEPtxp1 HIS+ZT58lMCzFw+cf6gY2hothoPc0JzQKUCUOpMRVqX2pyeZzRwFj5omHoECmtXeVn dT2pbpBaWuC32yfLoQ26bsZ6qg4BSGbUUx+6BtvUxj29mEauSVMPVUe/1ZAH3uahgN Pt8Z4KUoRIC1A==
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id C4D1D18013; Thu, 04 Jun 2026 13:05:41 -0400 (EDT)
Received: from obiwan.sandelman.ca (obiwan.sandelman.ca [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id C152A180; Thu, 04 Jun 2026 13:05:41 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Alexander Clouter <alex=2Bietf=40coremem.com@dmarc.ietf.org>, "radext@ietf.org" <radext@ietf.org>
In-Reply-To: <f3a87583-cefb-4f13-bab3-6635cc06452a@app.fastmail.com>
References: <BYAPR11MB37689273BC46B447843F3516CC352@BYAPR11MB3768.namprd11.prod.outlook.com> <C035972D-A954-4449-B1AA-194C7954F27B@inkbridge.io> <BYAPR11MB3768995A3F905845409EF032CC0B2@BYAPR11MB3768.namprd11.prod.outlook.com> <4C8F2356-BE1F-43AC-AC9A-3AAAE136D906@inkbridge.io> <861b4431-a032-40ac-8d2b-a0b2c8ef33ee@app.fastmail.com> <92499196-F354-47B7-91EF-30F98CA2C80E@inkbridge.io> <BN8PR11MB3762DB90B15DD7FAA600102CCC122@BN8PR11MB3762.namprd11.prod.outlook.com> <cca09fd4-7aeb-4af1-bbb0-bedd190a42e5@app.fastmail.com> <BYAPR11MB3768DC028D0502BADA6E9EF0CC132@BYAPR11MB3768.namprd11.prod.outlook.com> <f3a87583-cefb-4f13-bab3-6635cc06452a@app.fastmail.com>
X-Mailer: MH-E 8.6+git; nmh 1.8+dev; Emacs 30.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0;<'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Thu, 04 Jun 2026 13:05:41 -0400
Message-ID: <16163.1780592741@obiwan.sandelman.ca>
Message-ID-Hash: MJ2OR25E7IVPK64HEMOOZEIFM6PJU2QW
X-Message-ID-Hash: MJ2OR25E7IVPK64HEMOOZEIFM6PJU2QW
X-MailFrom: mcr+ietf@sandelman.ca
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-radext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [radext] Re: New I-D: draft-seralathan-radext-persistent-devid-00
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/3XhVa_p_-6TjWtW_Ks-2hwaVZF0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Owner: <mailto:radext-owner@ietf.org>
List-Post: <mailto:radext@ietf.org>
List-Subscribe: <mailto:radext-join@ietf.org>
List-Unsubscribe: <mailto:radext-leave@ietf.org>
Alexander Clouter <alex=2Bietf=40coremem.com@dmarc.ietf.org> wrote:
> This central service that ultimately returns the persistent ID to the
> NAS will, or it can trivially be arranged to, know the MAC address in
> use by the client at the time of authentication.
> Other systems wishing to access the persistent ID should query the
> central service with "at this time what had this MAC address?"
Yes.. it would be even better if this was shrouded via selective disclosure.
> My view is undermining device (and user) privacy to avoid an extra
> table join is not a good compromise.
I like how you've reduced this problem to one of some extra SQL :-)
I think that the access points that collect this information, should sign it,
and then encrypt it. If there is a mandate somewhere to do something with
the information, then it can be sent encrypted (notarized by the service), to
be decrypted when it's actually needed.
--
Michael Richardson <mcr+IETF@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
** My working hours and your working hours may be different. **
** Please do not feel obligated to reply outside your normal working hours **
- [radext] New I-D: draft-seralathan-radext-persist… Premanand Seralathan (pseralat)
- [radext] Re: New I-D: draft-seralathan-radext-per… Alan DeKok
- [radext] Re: New I-D: draft-seralathan-radext-per… Premanand Seralathan (pseralat)
- [radext] Re: New I-D: draft-seralathan-radext-per… Alan DeKok
- [radext] Re: New I-D: draft-seralathan-radext-per… Alexander Clouter
- [radext] Re: New I-D: draft-seralathan-radext-per… Alan DeKok
- [radext] Re: New I-D: draft-seralathan-radext-per… Premanand Seralathan (pseralat)
- [radext] Re: New I-D: draft-seralathan-radext-per… Alexander Clouter
- [radext] Re: New I-D: draft-seralathan-radext-per… Alan DeKok
- [radext] Re: New I-D: draft-seralathan-radext-per… Premanand Seralathan (pseralat)
- [radext] Re: New I-D: draft-seralathan-radext-per… Premanand Seralathan (pseralat)
- [radext] Re: New I-D: draft-seralathan-radext-per… Alan DeKok
- [radext] Re: New I-D: draft-seralathan-radext-per… Premanand Seralathan (pseralat)
- [radext] Re: New I-D: draft-seralathan-radext-per… Alexander Clouter
- [radext] Re: New I-D: draft-seralathan-radext-per… Michael Richardson