Internet Engineering Task Force 109, 18 Nov 2020

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF109-MADINAS-20201118-0500

Description

MADINAS meeting session at IETF109
2020/11/18 0500

https://datatracker.ietf.org/meeting/109/proceedings/

A

Okay, so here I have the the hour starting so welcome everyone to the madinas uh buff uh madina stands for mac address device, identification for network and application services, and this is a non working group forming buff we're going to be chairing juan carlos suniga myself and carlos bernardo's next slide. Please.

A

So a few points here about the tips and an etiquette for this uh meeting. So please, if you want to join uh or raise your hand if you want to say something, join the queue by raising your hand in the middle the little hand on the top left that you see there.

A

That way, we will acknowledge you and let you speak. Please mute your microphone unless you are speaking and preferably turn off your video. If ever you want to have some information about the the mythical features we have some links there.

A

The node well as usual, this is a an official atf meeting. So please uh make sure that you understand that participating and this meeting you agree to the processes and policies of ieee itf. Sorry, if you're aware that ietf contribution is covered by patents or patent applications, please let us know as participant or attendee. You acknowledge also that you are going to be recorded.

A

Personal information that you provide to the etf will be handled in accordance with the privacy statement and please be respectful with other participants.

A

If you want to have more information, there are some links there about the the vcps that will give you more details next slide.

A

So as a reminder, minutes are going to be taken, so we have minutes taker minute takers already assigned this meeting is being recorded. Your presence is locked. There were some questions there. So, yes, your presence is already locked by uh logging into data tracker describes. uh Please contribute the minutes to the code dmd, you have the link there and you also have a link on top of the of the mythical meeting.

A

The recordings and meetings are public and maybe subject to discovery in the event of any litigation.

A

Okay, so moving on to the to the agenda, uh we're going to have a a couple of minutes here discussing uh the agenda and the way we want to work this off.

A

Then we are going to move into the background of the mac address randomization.

A

For this we're going to have a amelia understood, presenting the background and status about mac, address randomization activities in ieee, 802 and wba, followed by dave teller uh talking about mac, address randomization in windows. 10, then we're going to have some minutes for clarification. Q. A only on this background part so that you can get those out of the way as we move on to the next section, which is going to be the use cases for this.

A

We're going to talk about home network community, wi-fi hospitality cloud management use cases that are potentially impacted by the mac address randomization, and for this we're going to have jason uh malay and chris presenting then we're going to start I'm going to have enough minutes for you to have clarifications about the details of uh this use. Cases before moving on to the open discussion uh for this topic, then we're gonna talk about what is the interest of the group and what potential next steps we may or may not want to take.

A

So, do you have any questions about the agenda so far.

B

Okay, so can we move to the next slide? Please.

A

So the purpose of the buff first of all uh is to inform the ietf community about the latest mac address randomization activities and purposes so mac address randomization. As you may know, it's not necessarily something that happens inside iets because it's in lower layers, but of course, as part of the stack it affects some of the services that are provided by protocols defined in ietf.

A

So then we're going to present the network and application service related issues that are related to this mac address randomization activities, and uh we want to finalize uh identify whether any actions are required at the ietf.

A

In this case actions can it's open discussion, so it may be coordination with other seos uh documentation of these use cases. Identification are of existing solutions that may be there or gaps that may be solved may need to be solved.

A

Are there any questions about the scope of the.

A

Buff, okay, I see no one raising hands here.

A

So if that is the case, then moving uh to the next point in the agenda, we're gonna have amelia presenting.

A

Oh sorry, yeah eric, you want to say a few words.

C

Yes, thank you gc for the introduction for this buff. I will be the responsible ad. We will wait and see what's happening with the buffer later. I would specifically like to thank the initiator of this buff, so it's you jason and jason, as well as yari and stephen that helped to scope a little bit better.

C

um This buff and, of course everything here is done with the ieee coordination and I've seen a couple of people that are also representing the ieee here, including ujc, so, and thank you for the two chairs for accepting to take this buff sharing. So thank you, carlos and thank you gc. That's all for me.

A

Thanks eric for that uh clarification, yes, so uh perfect. Moving into the the next topic, which is uh amelia that is going to talk about uh what has been done at uh ieee and elsewhere regarding mac address, randomization.

D

We have amelia, I don't see her on the.

D

A

Okay, so uh eric do you want to say something. Otherwise, we can probably present the slides on her behalf.

C

Yeah, I was about to say that indeed the best thing to go forward is to go through the slide, hoping that she will be joining um gcf. As far as I know you are also quite uh this is your draft first and it's also quite acupully focused and you wear as well part of the activity effort. So maybe you are the best person to take the role over all right, that's important. It needs to be done before the use case, so better do it yeah definitely definitely.

A

Thanks so uh can we move to the next slide? Please uh carlos?

A

So uh then, uh starting with some uh history here, uh the the whole uh work on on privacy and mac address randomization started after, uh if you remember the strength uh workshop that took place uh a long time back in the ietf, iab and w3c, and from there uh we there was uh some follow-up work that uh where we realized that layer, two identifiers that were assigned uniquely to devices uh were uh posing a privacy threat uh and then uh the work uh was moved, of course to ieee 802, where uh this uh they actually are the ones defining mac addresses uh the the at the rack in I ieee and uh of course, uh then, uh since then, several projects have started working on on how to solve the issue of mac address randomization.

A

We had uh different issues where the mac address. Randomization was something clear in plain text, for instance uh when, when searching for an ssid after some uh period of time actively, uh then possibly during the communications and so on, uh there's extensive research and then in the draft. We have plenty of references that show all the different issues that are show from this mac address. Randomization.

A

Can we move to the next slide.

A

Then well, I've already mentioned this w3c iab privacy tutorial that was given at the ieee 802 plenary uh it's uh thoroughly documented and then that led to a number of initiatives uh which are also mentioned in the draft.

A

um If you remember around 2014, and so we we had some experiments at ieee and 802 uh meetings where we were randomizing mac addresses and trying to see the effects on different uh services and since then, now mac address randomization is a default privacy feature in major major mobile operation operating services systems can can we move to the next slide? Please, then uh they work in ietf inspired on uh research project, uh which is uh a project 802 e. uh This is uh the study group uh in this work uh map the privacy features.

A

So basically it was uh privacy recommendations for all ieee 802 protocols uh recommended practices and considerations that can be used when defining ieee protocols. Afterwards, there was also the the 802 c slot that assigns dynamic addresses to devices upon need, and this is made for industrial sensors and so on next slide. Please.

A

There was also the ieee 2 11aq amendment, which introduced robust recommendations for mac address, randomization and now uh just this at this time, it's happening in ieee, 802 11. There are two pars project: authorization requests, uh 8011, bh and bi that are going to look at privacy features and network operation, in absence of a clear test, permanent layer, 2 identifiers, so very relevant to to this work.

A

uh This these two are uh just starting now. So uh is a perfect time basically to start talking about this uh topics in in like ietf as well, can we move to the next slide? Please, then we have a wba that is also relying on a higher layer, identity management which is kind of an extension of the past point in wi-fi alliance and that they ring the bell for people that are familiar with that rom architecture.

A

So the idea there is also to make sure that there are ways to to authenticate users and allow them to connect to wi-fi networks more freely in different domains.

A

Next slide, please.

A

This table shows just a summary of some operating systems and some of the features that uh already use mac address randomization.

A

uh As you know, there's uh android, ios and windows already using mac address, randomization and well, you have there the details. uh Basically uh operating systems today use uh dynamic, mac addresses or or randomized mac addresses to connect to networks, but they don't do it in a in a standard way.

A

There's different ways to to do it depending on the operating system, and I'm not going to talk about the details, because then uh we're going to have uh more uh later on by uh dave taylor, who's going to explain how this works in windows and- and we are going to hear in the use cases.

A

But if ever you want to have more details, there's there's a reference there.

A

Next slide so uh comments and questions, as I mentioned, uh what we would like to take after uh we finish with the presentation of this mac, address, randomization, uh background history and the presentation from dave. So if you don't mind, let's move now to dave's presentation and we will take comments and questions for both uh right after.

E

All right, testing audio. Can you guys hear me? Okay,.

E

Juan carlos, can you hear me.

F

Yeah you're good.

E

Okay, great just thanks for racking all right. So uh as juan carlos mentioned, I'm going to talk about what we did in windows 10, at least I don't know five years ago or so uh and you'll see a lot of it- overlaps with uh what one carlos showed for um ios and android, but I guess we wanted to have at least one drill down into examples, and a lot of these will be common across operating systems. Next slide, please.

E

All right, so I'm not going to talk much about this one other than um things are configurable which I'll get into in a moment here um it does depend on support being in hardware and drivers, and so it's almost always present. But if you have an odd uh hardware or old driver or something like that, you might not see it, but otherwise there's configurations on a global base, in other words on a per wi-fi interface basis and per network. So next slide I'll get into the details here.

E

Okay, so there's two types of settings like global: we mean um no matter where you are on your wi-fi interface, as your roam around global just means, as I roam around anywhere on the globe, um that's what the global setting is, and so there's a setting that applies to scans for nearby networks right and so uh in case you're new to the problem space.

E

One of the problems is this: just when you scan for wi-fi networks, the probes go out and the probes come from a mac address that uh is like an identifier and so in various public locations. They monitor the mac addresses of the probe. So even though you're not connected to any ssid you're, still broadcasting a unique identifier, and so what the global setting does is. It applies first of all to these probes that say when I'm not connected to any ssid right.

E

All the probes are coming from a random mac address and every time you connect or disconnect from any network or you restart the device that random thing changes. Okay, so this is the main tracking danger. Now, of course, this is only one of the pieces of it, but this is probably the most popular way of tracking people, because you can track that even when they're not connected to your network.

E

Okay, second part of the settings has to do with what happens when you do connect to an ssid okay, and so, when you connect to that ssid, then by default, the same address is used. So if you disconnect you reconnect, you disconnect you reconnect each time that you connect to that particular ssid.

E

You'll get the same mac address right. This is the default and, of course, you can forget the network and sort of clear that state, but once you connect to something it creates a piece of state that says what mac address, I'm going for that network. Okay. Now the reason for this is keep keeping use the same one over time and as you'll see on the very bottom here, there's uh three different um uh behaviors I've been default one, um and so the the main reason for this is a trade-off between privacy and usability.

E

Right now, there's a number of places.

E

You know hotels and hot spots and things that make you fill out a form when you first connect or even charge you when you first connect right and if you were to change the mac address every time you connected to that network you'd at least have to fill out a form, if not pay every single time that you change your mac address right, and so that's the usability aspect that users don't want that, and so instead, the very first time it will generate a random one and subsequent ones will reuse the same ones the first time so that you won't have to re-go through that form or paying or whatever.

E

So that's kind of the middle ground category. Okay, now any existing connection. So if you change the behavior which you've already connected to you know at office or at home or whatever it will continue using the one. In other words, once you join an ssid, it's remembered, even if it was the physical one. It's remember that with that ssid, until you change until you forget that ssid okay, so that's the global setting by by global, I mean again not ssid specific.

E

I mentioned that once you connect to an ssid right, it remembers the state for that ssid right. What's the mac address that I'm going to use that ssid says settings that you can store in that ssid specific state? Okay, there's actually three different settings that can be used, and this is configurable by users or admins.

E

The first one is to say off, which says: use the permanent hardware mac address. Okay means, don't use mac, randomization and an example of networks. Where that's important is, let's say you have a corporate network, that's using the physical mac address for inventory tracking right, and so they won't. Let you on the network unless you're letting your network getting on the network with the hardware mac address that they've inventoried. Okay. That would be an example of where that's kind of necessary on such networks.

E

The second option is equivalent to the default, one which is um use. The random mac address the first time that you connect. I've noticed use the same one and it's random when I first connect and then you store it there and you reconnect with the same one right. That's the default option when you're using mac address randomization.

E

But then, if you have a case, let's say you go to a uh internet cafe or a coffee house or something every day right you might say. Well, maybe I don't like the fact that they can tell that. It's me every single time. I appear there on this public network. That's what the change daily is for. It says every time that I connect, if I'm connecting on the same day as I last stored as I stored.

E

The mac address then keep using it, but if it's a new day regenerate a new one, okay, and so that way, I don't have to refill out a form or pay or whatever, if I'm connecting back the same day, but the next day I will okay and so that one's meant for cases where you're really worried about you know hot spots or something tracking you that you visit daily, and so the point is all three are configurable options and there each one is appropriate on a different category of network and since there's no clean way to know what the network's intent is, then we ask the user, but it's also configurable on an admin basis.

E

Next slide last slide. Okay, um now specifics, the mac address is a hash of a secret. The ssid right. You saw in that table that juan carlos showed that android and ios differ by whether it changes by ssid or bssid right windows is the ssid uh and the mac address uses a cryptographically random api, and so it really is cryptographically random.

E

But of course, since it's generating mac addresses, it makes sure that the bits are set in the high bit to say that it's locally administered and it's a unicast address so far, even though it was in there since at least five years ago, it's not enabled by default, and that's because there's still reports that there are some networks and no, I don't have numbers uh I wish I did. uh Maybe somebody does, but I don't have uh numbers on there's still some networks that have problems when you have randomization.

E

If you try to turn it on some networks with mac address, filtering or hotspots may have problems, and so that's why it's not on by default. We would love to turn it on by default. uh We're just not there yet, but we hope to get there once the numbers allow.

E

So the times that it's most likely on is where there's clueful users like people sitting in this audience that turn it on or more likely when there's an it manager that turns it on for all devices. So if you have corporate laptops and things that get the roam around, those are the ones that most likely have it on, because the it managers will turn it on um with any of those settings.

E

And so um that's the brief overview happy to take questions uh christian wiedema five years ago, when we first did it or shortly after it was done, uh wrote this blog article. That has a slightly longer explanation, but I've now pretty much told you all the highlights. That's in that article so uh and uh the slides here is still um accurate to what's shipping in windows 10 right now, so there you go. That's my last slide happy to take questions, but otherwise uh back to you um carlos and covers.

A

Thanks a lot dave, uh so uh eric uh you're on the queue. uh Okay, no, probably uh right. So we see daniel.

G

uh Hi there thanks for this presentation um in the the list of specifics here, you mentioned the the address. Calculation is a hash of secret, ssid and connection id, and I'm sorry, if I missed this, it's pretty early for me um is that a stable secret across the lifetime of the machine or a new secret every time.

E

uh I am not the best person to ask that question, um but my understanding is every time that it generates a new mac address. It uses all the entropy provided by the crypto api, and so, uh in other words, my belief is that the entropy isn't a one-time entropy that it's each time, but I don't know that for sure I can follow up and get you an answer. If you need it.

G

That would be great, because I mean if it's, if it's new new entropy every time, it's not clear to me why you would need to do this hashing even um like what the point of the hashing is. You could just apply the the entropy directly yeah.

E

You're right it could be that it's the same secret, that's generated at machine install time, that's possible. I'd have to check. I didn't implement this myself, I'm just reporting out on it. So sorry, I don't know the answer to your question, but I get your point. Yeah you're right.

E

um Yes, sorry was there somebody else.

A

Yeah we have glenn okay,.

H

uh Thanks, can you hear me? Okay, yep, yes, yeah! This is a glenn parsons uh from erickson, uh so I just had a comment on the 802 um aspects. uh I just wanted to mention um one particular uh ongoing activity that wasn't mentioned, um which is called uh the 802.1 aedk activity. This uh the title of this is mac privacy protection.

H

So this is an amendment to the max security standard in 802.1 and it's specifically defining an encapsulation format um that can uh carry uh confidential protected data within a frame, and so it would hide the the original user's mac address, as well as the frame sizes, and so the frames would be padded to some consistent or random size as well to protect the privacy. So this is a project mac privacy protection, that's currently underway as well. I just wanted to note that.

A

Great thanks a lot for that.

I

Stephen hi dave just a question about the default on. Can you say anything about the kind of factors you would consider before going to defaults on for this? I I guess you can't commit to anything or give specifics, but just a guidance. What kind of things would you be expecting before turning it on as a default.

E

uh Sure uh can we go back one slide carlos.

E

um Okay, so I'm gonna look at if you look at like the three options down at the bottom, I said each of these would be applicable to a different type of network right. So the first one was an example of that would be a corporate network that uses mac addresses for inventory management right, and so you could say well on would break that.

E

But you can also say, if I'm using it for inventory management, then uh maybe that's a case where it's it managed anyway, and so this that you could have a the it administrator would send out off in that particular case and say so that one is not that big of a deal unless you start having things like inventory management on things that are not uh managed, and so, if you have a byod device, meaning you have your own laptop and you bring it in to work or whatever, and it only works.

E

If you've registered the hardware mac address ahead of time, then that would have problems there, and so I'm just saying what are the gaps or things that you need solutions to address, even if they're, social, workarounds or tooling workarounds right um second type of network is the ones for on would be there right, which is kind of where we want to get to was the default right and so um they're.

E

The only issues that I know of are the ones that were hinted at on the next slide, which is, if you have some public hotspot or things so an example would be if there exists hardware out there that doesn't work right. If the mac address that you use in the probe is different from the mac address that you use after connecting right.

E

So if, for some reason, they've made, it only work when those two things are equal, then of course on would have a problem and once that set of hardware, if the problems like that, once they go away because what happens when uh you say if you change the default or if you upgrade you buy, you upgrade an operating system to a newer version. It has a different behavior.

E

If you change that behavior people think that the operating system must be broken because it no longer connection it used to right, and so how do you prevent those regressions for cases that it was working before um now, at least once you've connected to something we store?

E

The mac address that you're using right so hopefully on an upgrade that you've remembered the fact that you're using the physical one which it does, and so, if you were using the physical one before then you'll continue using the physical one until you change the network setting or until you forget the network and then lastly uh change daily. um If you're thinking about you know the you know the starbucks style networks, you might be worried about people tracking you.

E

I think it's really the same uh thing, and so I guess that's my long answer, but hopefully that's enough to answer your questions here.

E

So it's really once there's existing tools. Once the the observed deployments of problematic networks becomes negligible,.

E

You know, and the the statistics might be different for something like mobile os's uh only because the types of networks that you connect to might be skewed compared to what say, you know a laptop connects to you right, they'd be close, but they wouldn't be exactly the same sample set.

E

A

Okay, thank you very much. uh Are there any more uh clarification questions for this first part? Oh yeah, see then yep done.

J

Would you like to okay, yeah, okay, great, thank you. uh Thanks for the presentation dave uh so does windows 10 do the other uh things that were specified in 8211 aq when you randomize a mac address, namely uh reset the uh the sequence, not the packet sequence, number and and reseed the ofdm scrambler.

E

I don't know the answer to that offhand. My belief is that um we change all the things that you'd want to change at the same time. Right now, you actually about very specifics that I don't know the answer to since I'm not one of the lenders on this particular team, uh but I work with them. So I don't know the answer offhand, but I know we do things like when you change the mac address.

E

You want to change the ipv6 address, even though the ipv6 address is not derived from the mac address right, so you change the things that could be correlated all at the same time rather than at different times, which would allow you to introduce correlations between them, and so my belief is yes, but I can't authoritatively say that yeah.

J

And for things that are not really layer, two but sort of like two and a half like the the dhcp client id. Is that do you change that as well?.

E

um Those are all great questions. I don't know the answer offhand, but my since um christian used to be the person that was driving this and which is why he wrote the blog on uh five years ago. He could probably tell you off the top of his head. My belief is that windows has spent a lot of time on the privacy aspects over the last five years and knowing what to change that when you turn it on that is trying to do the right thing with all the different identifiers so gosh, I hope so.

E

If not, then we'll fix it, but I I hope so. Okay, thank you.

A

I then uh we're going to move to the next on the queue and we're going to cut the queue with michael, so.

K

A

K

Hey: hey, hey dave! Thanks for the presentation I mean uh I had a few clarifications. How do you make it easy for an user to, for example, enable this randomization in untrusted networks like coffee shops, airports and then enable this interested networks? For example, I have I enable home network security, and I want my home network security service to enforce policies per device uh just to identify anomalous, behavior and various such activities right. So how does the?

K

How does the nav user right I mean, uh would enable these options or disable these options on a per network basis?.

E

Yeah, that's a good question um if you uh were to go into christian's blog, which is uh linked on the last one um that actually walks through uh the specific ui where you can find it yeah, if you would look in there because there's screens, screenshots and stuff in there, so that will answer your question. But um is it easy? Well, it's more for an advanced user.

E

If you because it doesn't say hey, would you like to be private on this particular network right, there's a button you can connect, you can click on that will actually take you to the settings uh that that you can change it, and so is it? Is it easily discoverable? Well, it's not hidden, but it's not in your face right, and so it could be better, um but it is there when you uh connect or when you look at the settings for any particular ssid.

E

You can find those three settings uh in the you know wi-fi settings for that ssid, so it's not hidden, but it's not great could be, could be more discoverable. But it's not you know, there's a natural path to click on to get there and again you'll find the details. You'll find the walk through in the actual blog there.

K

J

L

Dave um when you're uh windows 10 doing uh wpa enterprise or 802.1x or whatever you want to call it, um are you using the same mac address um as you would to connect, and how do you know what network you're really connecting it to at that point,.

E

um I'm not going to be able to answer your question authoritatively again because now you're asking a very detailed question and not being the implementer, I don't know for sure, and I can tell you you're not going to find that particular answer in the ones that I don't know. The answers are also not in christian's blog either, which means I actually have to ask the the devs who couldn't make this particular meeting, so I'm presenting their slides on our behalf. But um thank you uh so I don't know.

A

Okay, well, thank you very much uh for that uh dave. So we're gonna stop here uh for the first part of the buff and we're gonna move to the to the next one, which is the the use cases and just as a reminder again we're going to go through the use cases. Then we're going to take clarification, questions on the use cases uh before moving on to the open discussion.

A

So now we're going to have jason chris and malay present the use cases.

F

All right great, so this my name is jason weil with uh charter communications. um What we did is we took. We started this project. We uh got together a number of isps uh to come up with use cases.

F

um We actually ended up with, like a dozen or so that we uh tried to win you down to a few high-level ones so that it wouldn't. We wouldn't spend the whole time talking about use cases on this uh off.

F

uh So I'm gonna cover some of the isp use cases and then hand it off to uh malay and then we'll follow up with, uh but chris at the end, to get an overview. um Okay, first one. Our second slide.

F

All right so yeah, so the first use case is access control uh based on mac address. This is pretty common across most isps, I know charter. Does it and many other isps that do it as well? uh So for this use case you know, cpus are or we uh we create.

F

uh We use the mac address as a as an identifier for uh devices on the network, uh and then we use that as a access control for that network, offering things such as you know, pause um uh given device nicknames things like that, and then we also do it's also used for uh dos mitigations uh and some networks for filters, putting filters onto uh cpu devices and and obviously what I'm talking when I talk about cp devices, I'm talking about the home gateway, routers that we deploy in home networks um and then part a lot of this falls underneath the frontal control as a service.

F

Okay next slide. Another use case is setting up a using dhcp to set up a sticky ip address for services uh such as a static port forwarding or setting up the dmz. A lot of this ties to ipv4 addresses uh more so than ipv6 addresses, uh but it's common for you know if you want to rdp into a device in your home or if you want to, if you have a child, that hosts a minecraft server. uh This is a good example of doing that.

F

um Using a the uh dsp server to tie an ik address and port forward to uh to a to a mac address all right next line.

F

So uh this is more of a use case of of a impact to uh to mac, address rotation, and a lot of it depends on how often the the mac address is rotated.

F

um But some uh some dhcp pools are fairly small on some devices, and so, if the, if every time you change the mac address, if it results in a new ip address and then the old ip address is still stuck in the dhp pool, uh depending how many devices you have on the network uh over time, you could run out the uh the ip address pool and the new devices uh would not be able to come onto the network.

M

F

All right go ahead. Next next slide.

F

uh So, there's a whole slew of use cases that fall underneath this I consider like diagnostics, along with network management.

F

So this is how isps help troubleshoot uh customer connections um a lot of times you'll you will use the the the mac address is an identifier for a device uh to help either try to figure out how much uh usage it's doing or uh if it's causing problems um you know it possibly has malware. How do we track that uh coming from that device?

F

um So there's definitely a need here. Well, there's argument for a need here for a persistent identifier uh to help help with doing this.

F

There's also so typically, the the mac addresses um per ssid is is fine in this case, but there is a use case uh where, if you move the device um say if it's on wi-fi, um as well as a mobile device on the same network, uh trying to track that device across multiple networks, there is an argument, or there is a use case there, where you need to go beyond just the per ssid. If you want to make that that use case, valid um performance.

F

um Yeah, that's good! um Look at the next slide. I can ask I'm sure, there's lots of questions that might come out of this, so feel free to ask away.

F

All right, um so this is the it's kind of like a follow-up to uh the printer control, slash uh using the mac address as an identifier for advanced uh in-home features uh like we use this today, for, like I was saying before, like pausing networks, uh schedule pause, grouping, the grouping uh devices say all the kids, all the devices that belong to a uh one of your children, you might want to put in a group and disable those uh at a certain time.

F

Each day, uh when it's time to go to sleep, um there's more advanced things you could do as well uh things like uh speed boost for certain devices they're. You know that you need to know the device's id um and then uh we call printo controls like I discussed as well. So if you, if you want to block content, uh you can a lot of some systems.

F

Use that are deployed today, use the mac address as the identifier and then more advanced uh uh terminal, well, more advanced features to figure out uh where that that device is going and then create like a white list or blacklist to block that type of content.

F

um Okay, I think that covers most of the isp in-home use cases I'll hand this over to malay for the for the next portion.

N

Malay from bloom, uh so a lot of home network management use cases are also uh go in line with the isp use cases. Like the previous slide, which was mentioned, and while doing the uh while you know providing such features, you know we managed devices from the cloud. So that means that.

N

N

And we we can't really. uh We can't really uh discard the devices which have randomized mac addresses, because you know there is a chance that user would like to add them to a particular person profile. Like you know, if the mac address is fixed by when associating to the ssid.

N

So that means that uh if the mac address was changing after associating, then the database across the entire network increases uh rapidly and that would have detrimental effect on the management of the database and then also uh you know the the clustering of the cloud devices which are referring to that device. uh That database will also be affected. So all of the management complexity increases by then next.

N

N

uh So mac randomizing mac address would you know, lead to uh the uh sign in to that public wi-fi each time, uh even if the device is in the same area next slide. Please.

N

uh This this goes about. This specific feature is about the roaming of uh the device across the public. Wi-Fi networks say I have a specific network uh cell phone plan, which you know lets me auto roam to that cell phone network providers, wi-fi networks, then, if I'm walking around in a community, then my mac address would be used to efficiently roam between the networks.

N

But if my mac address is randomized per bssid, then each time I am walking to the next home, which is providing uh the community wi-fi, then I would have to go through the process.

N

The network would have to go through the process of creating a new tunnel, and that would be also be detrimental to the experience which I would be having see. If I'm doing streaming, then I would, I would see, effects on on the internet experience on just by roaming around walking around a particular location. Next slide. Please.

N

Experience quality of experience for that particular device and it happens.

N

uh For for the.

N

Data and then measurement of qoe would happen and then would be.

N

N

Okay, uh I think uh chris can take over now. Thank you.

O

Yeah, uh hopefully you can hear me um so when you have an access point with multiple frequency bands um currently well, the the old way of doing things is the client always chooses which brand to connect to and which access point to connect you, which means you can end up with crowding of multiple devices on one band, but the other not really being used.

O

So in order to remedy that situation, there's something called client steering now the new wi-fi standard has something called multiband steering which does this in a fairly decent way. So it's it's. Take it's asking clients for measurements of the signal, strength of the different bands and then advising them yeah, which is the best for them to use, but uh for all the devices you know uh there has been a legacy mechanism. That's used, which is. um This is something that's only implemented at the access point end.

O

So it's it's really the access point, looking at the signal, strength that it sees from the clients and then if it wants them to move, it's essentially saying, go away, go away and hoping that they reconnect on the other one.

O

So if you've got that kind of older client access points, may then have to compare the signal strength. They see on a probe request on one band with the single strength they see for data traffic of that same station on other band.

O

Now, if those two use different mac addresses, then the access point can't then determine that the probe request is from the same device and be unable to perform that client steering action.

O

The other complication here is the access points also need to record which clients do not respond well to the legacy, steering attempts, because essentially, if, if you're just saying go away, go away, you know some clients will will take the hint and will will reconnect elsewhere, but others will not they'll just keep trying, and so the extra point need to track, which clients do that um and essentially stop saying, go away. So this requires um an identifier that is reasonably persistent, so you can identify.

O

Be assured that you, you know it is that same device that has the problem.

O

Pre-Association steering may also be affected um because, uh if client devices use a different mac address for the probe to the association, then again you can't use that in order to influence where they connect to next slide, please.

O

So that was all the use cases that we have in here um so in. In summary, when you look across those um today, many services rely on that on the device mac address being that persistent identifier. So the consequence of the introduction of mac randomization is that these services will stop working.

O

Some may be fixed by tweaking the implementation, but not for most of the use cases, so essentially alternative identity solutions are required to enable the services to continue to operate while also preserving reader's.

A

Privacy: okay, thank you very much uh chris. So uh we're gonna talk to you for for a second. So what we're hearing is that uh these use cases are uh highlighting issues that people have seen on the network and uh just as a clarification.

A

The idea here is not to claim back to uh fix mac addresses again, think people understand and acknowledge that the new normal is back, address, randomization, trying not to abuse the term, but uh but still they are highlighting uh problems that they have seen on. The network related to mac address, randomization that they wanted to bring forward.

A

So uh before moving on to uh specific ways to probably solve these problems or uh solutions that may exist there. We would like to stop here and take uh just clarification. Questions regarding the use cases that you have been presented here.

I

Stephen hi uh thanks. I have a question, for I guess malay, I'm not sure which slide it is, but two three back where you were saying that the mac address is stored in the cloud.

I

It wasn't clear to me what what what that's being stored for or by whom can you clarify.

N

Regular case uh we are, we are basically providing the features right like device policy, service policies and we are having. We are uh having a database right off. All the uh you know, device reports by.

I

Sorry, I forgive my ignorance, I don't know, I don't know who we is so pardon me.

I

Okay, I mean, if you can, if you can put a link in into the jabra chat sometime, that that kind of explains, I I still don't really get. Why and presumably all I think about is the kind of dangers of doing that, so I'm not getting the the positive benefit of it. So maybe we can clarify it later.

N

N

You are assigning the devices and home to particular profile like if there are kids in home.

N

I

Okay, thanks for caring.

A

uh Next question.

B

K

Hello, hey. I have a question on same question on the cloud resource management so, for example, assume that there is no uh mac address randomization by the operating system, but still an attacker could easily spoof mac addresses an.

O

K

Could spoof the mac address of the parent? It could just simply pick a random mac address and, uh and then this this entire database that you're maintaining could be dosed with uh several random mac addresses an attacker could just fight you with that right. So how do.

O

You handle those.

K

I mean this is no different from how do you differentiate from a genuine os doing this versus an attacker doing this? Every few.

K

K

Don't hear me hey, thank you.

N

Okay, so while we are moving a little bit away from the mic randomization topic here, I.

N

Have the ssid and password information correct for the home and then attacker is meaning by spoofing mac address is attacker gaining the profile. Information is and then gaining access to that particular network right. uh There's, there's no additional gain here uh for, for that particular home.

K

Now, I'm going to say.

N

K

Device a device which is in the home that's a child's device which gets infected and it spoofs the mac address of the parent to bypass the parental control right or to bypass some other policies that you have right max seems to be a very weak identity for enforcing any such policies. Right, I mean it's quite easy. You just have. There are several tools to spoof the mac address, and you just pick your parents, mac address and hey.

K

I can now make sure that the restrictions of no internet assets or the censorship policies can be easily bypassed right. That's so that's a question. Basically any kid can do that too yeah yeah provided.

N

If parent had that enabled, but you know the child, child device can also use vpn in that case and still sure.

P

You wanna do this.

A

Yeah: okay, thanks uh victor.

Q

Hi, hopefully you can hear me um just commenting on the last item that was asked um probably perspective. Typically, those use cases are pretty easily uh found because they manifest as out of profile behaviors, so those types of devices can typically be found quite pretty quickly, based on simple policies enabled in the cloud and therefore isolated as necessary.

Q

So, although that use case does exist, um they they show us a significant pattern which can be isolated.

A

R

Yeah thanks um juan carlos at the top. You mentioned um open roaming and I was just curious if you or anybody can speak to the implications of this for open roaming like whether this creates difficulties or if there's a more robust uh device identity. That's used.

A

uh Well, yeah, I was using the slides from emilia. I know I know she. She had some more information, but unfortunately I cannot speak uh for that. uh We would like to answer that, but maybe we'll have to take it on the on the list and ask amelia or someone.

D

A

A

Okay, okay, so um if we have no more uh clarification questions, maybe we can move to the to the next slide. uh Chris, would you like to take us, through uh the use case, the right requirements, and then we can move on to the to the open discussion.

O

Sure, okay, so looking at that set of use cases, um it's clear, they do have different requirements on the identity, which of course implies a number of different solutions may be required.

O

So in the blue table, we've identified some key features to consider for each use case, we're not necessarily saying what the answers are, but here are some things to think about, so the first one is: how long, of course must the identifier persist and for some of them that could be pretty short for others longer um also, what level of trust is required between the client and the network? And how confident must the network be that the client is the true owner of the identity that will vary between the cases?

O

Then it's the same identifier required to be used. Pre and post association.

O

Next, one is, is the same identifier required on a single network or multiple networks.

O

Does the identifier represent the device or are we trying to represent the user here?

O

Must the identifier be provided in order to join the network or is it an opt-in?

O

And finally, the provisioning of any new identifier would create, must be low friction. So how could this be achieved?

O

So, on the on the left? We've got that list of cases and, of course there is a need to define what identifiers could be used to meet those cases. I don't have the answers, but it's it's food for thought, for the.

A

A

Right so this is basically food for thought and uh I guess uh well I see you do you want to say something.

S

I have a question for chris here, so when you say identify here, are you referring to the identifier at the upper application, layer or you're, referring to the identifier at the packet level like what similar to what map address now doing today,.

O

So, who knows what the right solution is, I mean essentially, what we're trying to do here is preserve makadesh address randomization, um but uh I I suspect we tru. In order to meet these use cases, we will need some other form of identifier, uh maybe multiple other forms of identifiers, and it is the question I some of those could be at different layers.

O

So it's not trying to predict what the solution is, um but just to say, yeah some identifiers are needed. They will appear at different layers, um let's figure out what is the right layer for them.

B

Okay, um color.

T

So I wish I sent this to the list ahead of time, but I'm wondering if we have a requirement around user input as well. So, for example, when using 802.1x and some of the various forms of that one of the problems we have for iot devices and phones, which are basically look like phones like a traditional looking voice phone, um is that there may not be a way to enter credentials on those devices and, and that becomes a problem.

T

So I think that, like solving this, you know trying to figure out from a requirement point of view um whether end user input on the device was part of this or not is used to be one of the things that constrains the solution. Space a little bit.

O

O

U

Store, you have a question. Please.

V

Go ahead best point in the table. Provisioning, uh the provisioning of any new identifier must be low. Friction for the user. I'd actually like to question that I think there are use cases in which the provisioning of a new identifier should be intentionally costly for the user, so that it is not trivial for users to create arbitrary numbers of identifiers that not only potentially impose a cost upon the network, but also facilitate their, for instance, constantly having a new identity from which to to spam or or whatever.

O

Yes, yeah. I can see that that that could be an issue. Yes, so maybe it's better phrased as uh how consideration of how uh the new identity uh ought to be achieved.

V

I think we need a means of achieving low friction, but ideally we should have a controllable level of friction.

O

Yeah, that's a good way of putting it.

R

uh Yeah thanks, so I just put this in the chat and was encouraged to say it out loud um and I on the slide, you kind and then and what you were saying.

R

um You talk about multiple different identifiers, but I think there's also some places where you just talk about the identifier and I think it's pretty clear from the discussion thus far that um there's like a great variety of um of uses of, I will say like this information and in some cases it sounds like what is needed is a device identifier and that is historically what was had.

R

But um but for some of these cases, uh that's really not what's needed right or you're just trying to prove that you're part of a group- or um you know this is the same um uh entity. That's that was presented at a previous time and these kinds of things. So I think some of the considerations on the right hand.

R

Side of the chart here are are good, but I I I don't think anyone should assume that, like a single identifier is, uh this is like even the proper place to start for the the solution discussion, um because it sounds like there's a sort of a whole um api surface. Almost that that you could imagine having that would serve lots of these different use cases, um but likely reveal different information to different parties, depending on the use.

O

The aim here is not to say that there um should be a single identifier that replaces the mac address. um The intention of this table is to say that for each of the use cases in the bottom left, we may need a different identifier and those identifiers will have different applicability and different properties.

O

um It may be that some of them can you you can solve multiple cases with the same identifier, um but certainly not saying that they they should all build on the on the same identifier, because that would essentially be a replacement of the mac address.

B

W

Can you hear me? Yes, okay, I just wanted to respond to the friction piece right. I think I fundamentally disagree with that. The number one problem today is that there is too much friction and there's no consistency on how you get a secure identity onto a device, specifically a a modern operating system, right, something what I would call a human-centric device like a laptop tablet or phone. That is the.

W

That is why we could never even think about introducing any of these secure authentication methods into a home, because we can't even get users in an enterprise to do it right. If you, the the shortest path to enroll as a user with a secure credential is 10 taps and the longest path on other operating systems is up to 27.

W

There will never be success in getting a secure identity onto these devices. If that continues, and so I fundamentally disagree with that. There's there needs to be more. Friction like there needs to be way less friction, because at the end of the day, you have to separate out the device identity and who you know what what you know directory or what user account that's bound to. Ultimately that that ends up being really more of an authorization decision right.

W

You can use the same device identity across 9000 networks, but potentially have it tied to a different user identity based on context right. So I I less friction not.

A

A

I

Stephen uh just wanted to know what the like this slide is presenting a set of requirements derived from use cases for people who have who for whom mac address. Randomization causes some issues, so it's inherently incomplete in that it doesn't kind of include the use cases for which mac address randomization was kind of designed.

I

So you know if, if there's something going forward, we need to kind of try and figure out what is a more complete set of requirements, including things like you know, better privacy, and I'm not saying people are ignoring that. I'm just saying that there's a there's a possible danger in saying that the set of use cases being considered.

I

So if you look at the the list on the left there, it's kind of the set of things that get problematic in the face of randomization, and I don't think the requirements should be derived only from that sort of problematic things. If we decide to requirements, analysis is useful.

O

So on that um I was kind of assuming that yeah we all we all agree that yeah privacy is, is the aim in terms of randomization and that that is a given. um It needs to be achieved. So that's the reason why it's not really listed on this slide. um But yes, in order to do a proper consideration, I can think yes, it probably should be listed as uh I guess. A kind of it is a requirement in there that needs.

O

It is probably an overriding requirement, but it or at least it is the default position, and then you then, are trying to figure out how do you? How do you modify that in order to to meet various cases.

I

Sure I understand that I guess you know it seems to me that to do a good job on this, one would also have to kind of consider what you might call abuse cases, so the kind of in-store tracking that apparently some devices do and for advertising purposes and then, because, if you're going to propose some kind of change, you also want to check. Does that change, work well or badly for the things you don't want to happen as well as the things you do want to happen,.

B

A

Thanks uh tell me.

X

All right, hello, um yeah, so oh can we actually go back to the table slide if that's, okay, yeah! Thank you so yeah, following up to steven's point, I do think it would be useful to add more of the client privacy needs into this list as we're thinking about this as a whole, and specifically so, I'm speaking from the um apple client side, right and what's important for me- is that, like any identifier metadata, that's going to be shared by the client that would be consistent across networks or across different associations going forward.

X

It needs to be based on trusting the identity of the network and trusting the identity of the particular entity in the network. That's going to receive that metadata so like here we you're listing security and trust, and it's saying you know: how confident must the network be that the client is the true owner of the identity and, I think reflexively we need to talk about. How is the client confident about the network or the particular entity on the network?

X

That's receiving this metadata or this identity um I mean sharing metadata, needs to be done always with explicit client intent going forward. I think, and it needs to be sent in a secure way to a specific entity and not just blasted onto the network like the mac address is so.

X

I think we could also put on this table that we need to specify for any given piece of metadata or any identity that the client shares like exactly what entity on the network really needs to see that to operate on it and what are the um transport and security properties that we're using to communicate that metadata.

O

Yep agreed yeah, it makes sense to me yeah. The client needs to have confidence of who it's transmitting, that to.

B

A

U

Yes thanks, uh so this is interesting, um I think um I'm still like. I agree with what thomas has said, um but I I think we also went uh down to this this level quite quickly. We started designing like what you know, what are the requirements and and this new identifier system and so on, and I was still struggling to make a decision at the higher level which is like what do we actually need in this this situation, because it seems to me that we have a lot of technology.

U

We have randomization, we have non-randomization, we have lots of uh sort of user or network acceptable configurations and defaults.

U

We have uh identifiers at many levels like the mac, and uh you know the login id at the web, page iap, eap, uh identifiers and so on. So so I'm still struggling to figure out like exactly what do we need in this space? So it isn't entirely clear to me that the solution obviously is a new identifier system. So it is, of course, true that people have uh different needs like you have.

U

You know people who want a total privacy and don't suffer from parental control or enterprise network issues and and and the people who have those things in this enterprise network.

U

You have to behave in a particular way, but uh you know why wouldn't, for instance, um that the various defaults and settings be the right answer here or or perhaps some more information advertised by the networks that I I do or I don't do these kinds of tricks and and therefore the clients could make a better decision instead of introducing a new identifier system, and I have to say that I'm also always a little bit scared about this new identifiers. I I'm already identified by too many parties.

O

So um I'm wondering whether any of the other contributors want to respond to that.

O

Yeah, personally, I'm not immersed in in in ieee enough to to know to be able to respond properly to that.

S

Yes, you're here can I can I can I come in please, okay, yes, I think uh jerry. I think what we try to say here is not about creating a new identifier sort of speech. I think uh if there is any existing technology that we can leverage here, we're happy to use it. I think we are more like looking for guidance or looking for inputs uh to see what, based on the use cases now we have and based on some of the use cases is broken. What we need to do.

S

I think I need to echo what tommy said. uh We often saying that hey the network trusting the device, but we also want to see how the device can trust the network so that then they can, and in exchange they can offer something for the network to say hey.

S

If I know who you are meaning that if I know this is not what I'm going to join meaning, for example, I go into the hotel, I pay for it, and then I have I want to join the I want to join the hotel network and then the network may be able to say hey in exchange like let's say in that period of time, you can give me some uh persistent data and I'll. Just let me rephrase it I'll, send a respectable system, some of the data that we can use for that particular time frame.

S

That is the service that I can offer you and based on that contract, which, if that contract expired by time or the user can revoke that contract or even the uh the network can also revoke that contract, then that that that that contract goes away. So I think that is something that I mean, especially for the home of the home user. They don't have likes, they don't have a lot of technical backgrounds.

S

They don't want us, they don't understand when they have a problem, say connecting a printer to the network or the printer change, uh the identity and and then now suddenly it doesn't know that hey. This is a printer or this is something else. So those are the friction that we've tried to see. I try to try to help the users to see if there's any better way, to help them uh we're not like try to reinvent the wheel.

S

If there is any existing technology that we can use, and I think what uh the chairs already begin, I mean in the beginning, when they, when I mentioned the buff, we are not. It's not working group form involved, we're more like gathering information and want to hear the community well how they feel about like.

S

Is it something that we should put some energy to try to, at least, for example, like try to build a best practice or bcp, or something that can help the community to ease the easter to east the fiction or the challenge in the.

D

A

A

If you have in your play uh yadi or should we move to target.

U

Yeah, I guess um yeah much of that reply was about the details of the what the requirements are and, of course, you're not necessarily deciding a new thing, but but maybe also think about pcps. But I I guess I'm asking like why. Why isn't the you know, defaults and settings enough of a response for the market need that we have because we we have the people who want this home to be totally privacy uh sensitive and, and they know what setting to use.

U

We have the people who need to do their corporate network thing and they have the setting to use already and then there's, like you know, maybe some people in between a smaller fraction of of the market, and it isn't clear to me like why would those people need some new technology or new identifiers, then perhaps uh versus you know? Why? Wouldn't it be? You know enough for them to. You know, set just set things correctly or improve the settings or defaults.

U

But but that's just the question that I have so that's fine, let's move on.

A

Thanks and uh by the way, just uh as a reminder, we have a mailing list assigned for this uh medina's discussion, so please feel free to ask more questions later on or during the time on the mailing list thanks, so we can move on.

Y

Yeah, so one tactical remark about the friction right, so reducing the friction doesn't necessarily mean that you immediately open yourself up to denial of service attack, because I don't necessarily need to have arbitrary, many and arbitrary, fast, changing identities. Right I just want to have you know, frictionless identities, and you know I probably prefer to have a lot more insight into you know. What is my user experience right now? This may be the generic uh suggestion.

Y

I would give what is done here is very much trying to analyze the situation from the perspective of the provider of the use case, not of the consumer of the use case right, so it might be good to to to start up putting together the aspects of what is the user experience right? What is the friction?

Y

What is basically, you know the privacy that I have right. Whom do? I need to trust to keep that privacy right? uh What are my processes to create the identity?

Y

um You know what are the options for this identity to be broken in terms of to somebody mapping that identity back to me right so that user experience view uh you know would help a lot to put together. uh You know exactly these user experience aspects and then basically map between what the proposed solutions are and what the user experience is, and that's kind of you know competing to uh what what the provider of of of the use case, of course, wants to get.

B

Okay, next, in the queue andrew.

Z

Yeah hi, um I I think there's a lot of support for for to be mindful of the user experience and less friction, um but really all I wanted to say um just having been encouraged to echo.

Z

A point I made on the list is seems to me that this discussion is another example of where currently, it's clear, that developers, network operators don't really understand each other's needs uh and ways of working, uh particularly well, and one observation for the this discussion is achieving is at least helping bridge that gap a little um so that rather than saying how people shouldn't do things understand what the actual reality is um and then see if there's a better way of doing things rather than ignoring the reality, that's that's there.

Z

So I just wanted to comment that I think the discussion's really helpful in getting developers and network operators talking to each other. So thank you.

A

Okay, thanks for that, um uh jerome.

AA

Follows um I also think it could be interesting to um look at these use cases from a layer standpoint, and you know I may be biased by by the fact that this slide comes in the context of us looking at multiple operating systems behavior before and how you know, there seems to be no consistency between different operating systems on how they generate random mac addresses and by the way, there's an uh typo in ios uh in the ios table. Ios does not rotate in the final version.

AA

It's it's more like android, q and r, it's sticky to the ssid, but with a you, know, slight slight differences, um but then you know we talked about mbo and it seems to be an ieee problem. More than itf problem. I see here uh association and post association that smells a lot like 80.11 as well.

AA

um The mac rotation scheme uh for the client, also to me, is something that the is probably very interested in looking into, at least in the 802.11 context, um so it might be interesting for us also to triage a little bit. uh Those layers to you know to see what is probably taken care of at the ieee and what the itf could do.

A

Yes, thanks uh jerome, indeed, that that's part of the questions that we would like to to to answer and therefore we were very keen on highlighting uh the the work that is uh that has happened at I triple the 802 and that is going on right now, but uh please feel free. If you have more details uh to to let people know on the mailing list.

A

That will be great.

A

W

Hey um so tommy uh tommy, maybe kind of start turning this in my head a little bit, I think you know I. I will be fully blunt here that I don't. I do not think ietf is the right place to address this, um which I said in the chat, but if it does continue, I think we have to step further back and look at right. One thing that's concerning to me is you know, and this is the problem you know, while I do believe something like passpoint and secure wi-fi roaming is the go forward option.

W

It does not eliminate the fact that the local network operator can see the traffic right. It protects the identity, but it doesn't stop the fact that a local network operator can see the traffic traversing their network and users. Don't know that users do not understand when they go to mcdonald's or the home depot and their phone automatically connects to a network that that venue can see all of their traffic and sure many will argue there are technologies coming tls, 1.3, etc.

W

That would make that harder, but think about how many devices spew out device names at l2. That are unencrypted right, it'll, be very easy for me to figure out, even without passing a device identity you know at a and for any form of authentication or authorization that this is john's iphone right. It literally yells it to the network. So I think we have to step back and look at.

W

You know to tommy's point: how does the network identify itself to you and what level of consent does the user actually give to to to these layers and kind of to jerome's point in a way like where you know what am I consenting to when I connect to a network, and so I, while I you know, I think we have to address these together because ultimately, I think otherwise we're gonna end up in a loop solving different problems, but at the end of the day like today, there's really is no great way for a network to prove who it is like.

W

There's no, I mean it's the age-old problem of you know you can't you can't really put an ssid into a cert right and passpoint and hot spot too, and all these things have ways to potentially address them, but they're, not perfect, right and- and you know it kind of- brings back the you know the thought of like. Could you bind a domain name to an ssid right?

W

Should ssids just be domain names right and the user can be assured that when they connect to this they are using an identity from that domain or that's protected or that they've, given the appropriate consent for both their identity be shared and their traffic to be sniffed right, because that's ultimately, what's.

A

Happening yeah, I think that those are good points and just uh to to step in here quickly, uh the we are making sure that uh we don't step onto other organizations grounds, uh as mentioned before by by eric. We are making sure that we coordinate uh as much as possible, if need be, with ieee 802, for instance, if it's about uh mic addresses or procedures on how to associate authenticate or and so on, for a wi-fi or the the usage of an ssid.

A

um However, uh we still want to understand if ever there's something uh an ietf that has to be done, even if it's just informing about issues that may be open up by identifiers that are.

A

Misused so moving on.

AB

AB

Okay, all right, I think it's working, so I'm just gonna start talking, even though I.

O

AB

With okay, thank you, even though I agree with team, um I think that the lack of end user knowledge uh shouldn't really prevent us from working on at least informational documents or additional options that can that can be used for at least some of these use cases.

AB

um The purpose of the buff seems to me that it's eventually to come up with new identifiers, uh like chris said. I think that for the use cases where, where the end user can simply not use mac address randomization, I think at least for those.

AB

We should try to establish a clear baseline of trying to strengthen the user experience and also to make sure that there's going to be informed consent when they choose to not use the randomization options for some of the specific use cases that were explained before.

AB

That is the minimum baseline, as we probably work towards coming up with new identifiers or at least informational or bcp documents. That would address what would happen if new identifiers become available and if the, if they become target for different types of user.

A

Tracking, um yes, I'm just going to to reply uh to the comment about uh the purpose of the buff is to come up with new identifiers uh just to want to clarify that.

A

That's not the purpose of the buff, uh because uh we, in fact what we want to make sure is that we first of all understand the work that is happening elsewhere, uh so that we don't duplicate if ever, uh there's uh work happening and as as mentioned earlier on uh already there's uh work about privacy and how to deal with my contrast, randomization that I triple eight or two specifically in eleven there's two new parts.

A

um uh Also, uh the purpose of the buff is basically to to first of all inform of these new activities and then inform about the the issues that are happening, and it's true that, right now the discussion is moving uh very much around around the identifiers, but rather than saying that the purpose of the buff is to define new identifiers. I think we want to understand, uh as, for instance, yari said, do we need identifiers?

A

I think what we want to finally finalize achieve means to to provide services, uh and we have heard both views so far. uh There's a device view, there's a network view and there I would actually add the the user view.

A

So uh right now, we are just having an open discussion trying to understand what exactly is out there and both in terms of uh solutions and in terms of uh issues, uh so that we we can then uh take a decision on how to move forward specifically on the ietf, but also perhaps just informing other sdos about things that they want. They may want to.

A

AB

AB

Addressing that specific question like, should the ietf get involved, at least in informational documents? For this, uh then? Yes, I think I think yes, we should and that's it. Thank you.

A

Okay, thanks thanks jerry, we, we will actually try to to get into uh those type of questions, but that's uh useful feedback thanks. So moving on uh chosen.

AC

um I think the mac address net iph is mostly widely used in the consumer device or in business daily business or in the evening in industry. Isn't that used in mac address? So there's a so if we make some changes, I think where a lot of changes to the the based on this mechanism, like we change ipv4 to ipv6, it takes a very long long time also also. We also need a consideration from the same story from ipv4 to ipv56.

AC

We need a consideration. Some device does not support this magnet's change and, and we need a consideration- maybe some yeah supported change other than not supposed to change.

AC

Also, if we support this new tent, we need a major introduce an additional signaling traffic to identify who you are because you change your mind us and either identify you who you are, and maybe you also needed to detect a duplicated mac address, because we assume the mercury is never duplicated, but now making a duplicate, and in that case where you can interrupt or deny service to others, I produce a duplicate address to interrupt your communication.

AC

So inside the case, we need to also consider the user experience and keep the safety and keep service continuity. Also, I said that the mac address is widely used in a lot of standards. I think, even in inferiority in cvp standard, they they use. The faculty in immunity is a network. They use the ue mac us to add to the authentication, identification or the packaging and the routing. So I think just said before previous people that ietf maybe is not the only standard organization to do this job.

AC

Maybe we need a coordination with a lot of standard organization to do this. Thank you.

A

AD

A

Thanks for the feedback, um bob.

P

Hi um yeah a couple of thoughts, um so I'm not really sure exactly that. This is something the itf should do or exactly what it should do. It seems like in the examples on this slide.

P

A lot of these are just you know, bad implementations, if I can use those words like a dhcp server that doesn't have enough big enough tables to handle a lot of devices- and you know, mac addresses were used for a lot of things they weren't intended for for a long time, and so now they're not stable, but some of the issues that are being talked about are not just mac addresses like in ipv6, which, by the way, we've sort of have built support in for random mac addresses a while ago.

P

Now you know we always had the notion of there being multiple ip addresses and devices could have many, and you could change your interface identifier, but some of these same issues about identity and so forth apply at the ip layer too. It's not just use, you know, mac addresses, and so I think this needs to be thought about. You know broader than just you know at the link what happens at the link layer, um and so I I think you know, there's a lot of work here to do to sort of scope.

P

Well, first of all, is there a problem the itaf can solve, um because this is sort of the boundary between what the itef it's sort of it's not exactly itaf, it's not exactly ieee, I'm not sure, there's a good fit somewhere. So we need to be very careful to just if we're going to do work that it's something we can actually do and make successful, as opposed to just writing a bunch of drafts that don't have any effect on the industry.

P

A

Thanks a lot all.

A

A

M

And here I tend to agree that look at the other features and the example use cases. It could be possibly related to a bunch of standardization standardized organizations. So if we want to focus on the ietf work, probably we can look. We can start from looking at how it is related to the dhcp, because in the especially in the fixed network access uh there there are a lot of implementations like dhcp snooping and the proxy.

M

I use the mac address and ip address together, try to filter the the traffic, so that could be a possible solid case that would be solvable in ietf. That's that's what I thought.

A

Okay, thank you very much.

A

A

Can we move to the next slide, so we have a few questions that we would like to ask, and now that we have had a little more understanding on the different uh issues and uh status of things.

A

uh Some of these questions already we've heard, but we would like to ask them a little more formally so that we can capture a race of hands.

A

So the questions are: uh is there community interest on this topic, and here we just ask openly uh for the whole community, meaning people attending here then. The second question.

AD

Is going to be.

A

Are there any actions required at the ietf? We don't know actions uh so don't read uh beyond those actions, uh it could be uh information uh interactions with other seos, uh informational, graphs, pcps or so on, and finally uh people will be interested to work on this topic.

A

So, let's start with the first question: is there community interest on this topic.

A

A

If you click on the show of hands tool,.

A

You will see there, uh people are already clicking.

G

This is just a reminder: if you want to not raise your hand, there is an active choice in the show of hands tool to actively not raise your hand, don't just wait and assume that that means your hand is not being raised.

G

A

Okay, so the numbers.

O

Are still moving.

A

The show of hands tool is on your left top side. The graph next to the.

G

Chat panel, the icon looks like a bar chart, yep.

A

A

A

We close it now, and uh so we have 53 people raising hand. uh Five people not raising hand out of a hundred great.

A

So the next question is: um are there any actions required at the ietf? And here again um we don't necessarily know what type of actions we are asking openly uh whether an action is simply informing other sdos about uh issues or highlighting things that they might want to consider.

A

uh It could be informational drafts, it could be vcps or something else that we don't have not considered yet. So do people think that there are any actions required. Are the idf?

A

Please raise your hand if you think so, or do.

A

A

Okay, so we can close it now. I think it's stable.

A

We have 36 10 100.

A

P

You really can't answer this question because there's nothing on the table. It needs more work.

P

A

Sorry, sorry, is that uh which question are you referring to.

P

Does the second.

AD

Question I mean it's it's way too open-ended. In my opinion, okay, yeah and and by the way we.

A

Kind of left it open-ended because this is a non-forming uh working group uh buff and we just wanted to get the high level feedback, but indeed, uh depending on the the results and the discussion here, uh we have to do our homework and perhaps uh going to into more detailed questions.

A

So the final question is: would people be interested to work on this topic? Is this a topic of interest to people to actually do some.

A

A

It's still moving.

A

Okay, I think this we can close it. Now we have 39 10 98.

A

All right, so this gives us a very good feedback. uh There has been a lot of very interesting points actually from people, and uh I think we we need to. We look at all this uh information and then uh see how we can consider it, but we are getting close to closing and I see yari at the queue gary. Would you like to say something.

U

Yeah just a brief comment that at least for me, the last two questions were really really difficult. So so maybe I would like to work on this if I was convinced that there was a sort of a market need to address uh successfully, and I think we didn't explore all the questions that uh we would need to explore for us to answer that. But but certainly more research is needed, like let's try to figure that out what would make sense in this space and not not just design new identifiers.

G

I would echo yuri that like without knowing what specifically we're planning to work on it's very difficult to answer these questions, but in addition to yara's point that he's interested in working on it. If there's a good proposal, I'm also interested in working on it. If there's a bad proposal to try to make it less bad, I think you know something coming out that that is problematic. I do think we need to engage and um reduce the harms.

A

Okay, thanks good point: uh alisa.

R

uh I was thinking that maybe an action item um that people can can take uh after this is it would be good. To I mean we got a good overview about the work, the related work in ieee. It would be nice to have something similar for wba and wfa, just to know like the scope of what's going on over there, because it does seem like one part of this is just uh maybe motivating the industry to adopt some of the existing technologies.

R

So um I'm happy to work with people uh offline to you know, get get something authoritative from from those groups as well. We don't uh usually work as closely with them directly, but I'm sure that we can make that happen. I think that would be valuable.

A

R

A

To put as much.

O

Information as we could on.

A

The on that informational draft, so that we can inform people but but yeah if you can send some pointers or give us a name, it will be nice to to get more information on that.

A

A

Next high angle,.

A

Wonk, we cannot hear you.

A

Sorry, we cannot hear you, you need to press.

O

A

A

All right, so we have no one else on the q. um I don't know eric. Would you like to say a few words.

C

Indeed, and and thank you jc and carlos for running this buff, I think it's pretty clear to everyone that many people are interrupted by the topic and by the way, a lot of information was exchanged into the chat and, as we all know, the chat I recorded. So I put the link on the to the chat log into the menu, so we can go back there and see the useful information that was exchanged there.

C

Now the real question is indeed: what do we need to do and do we need to do something, and it's pretty clear that we have not an ideal view right now.

C

This could come as multiple sets from documenting informational draft bcp, either for operators or even bcp for the ietf community, uh because it changed somehow the the layer two and the interaction that the iplayer can have with the layer two, so this could be documented somewhere.

C

So it's clearly no final decision here we mostly discuss a little bit more on the meaningless. What to do next, but again, thanks jc and carlos for running the.

C

A

A lot for that eric and uh yeah. So that's.

E

A

That's a good reminder that uh please uh people interested uh join the mailing list. uh That's going to be the best way to to move on uh for now with the discussion and deciding on what, and if uh are the next steps required.

A

So with that, uh thanks, everyone and good night good morning and good evening to wherever you are.

Z

X

X