Internet Engineering Task Force 112, 10 Nov 2021

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: IETF112-MADINAS-20211110-1200

Description

MADINAS meeting session at IETF112
2021/11/10 1200

https://datatracker.ietf.org/meeting/112/proceedings/

A

B

Can you hear me?

B

Yes, we can hear you. Can you hear me carlos.

A

B

Thanks a lot so hello, everyone good morning, good afternoon, wherever you are good evening, welcome to the madinah's working group. This is the first uh meeting that we're having as a working group, so very happy to be here with you.

B

B

So the usual etiquette for the virtual meeting. Please join the cube before participating and meet your mic unless you are speaking ideally turn off your video. Unless you are speaking as well, if you have any questions or doubts about how to use mythical, you can use those links next slide. Please.

B

The usual not well, so this is an official ietf meeting. So by participating, you agree to follow the ietf process policies.

B

If you are aware of any patent or patent application that is owned or controlled, you must close the to the etf or the chairs.

B

You acknowledge that the information that is going to be shared here, written audio video, it's going to be made public and the all the information that you provide to the idea will be handled in accordance with the ietf privacy statement.

B

Very importantly, as a participant, you agree to work respectfully with other participants and if you have any issues or feel harassed, please contact the office man next slide. Please a note on that. um A brief reminder from the ietf guidelines of conduct, so idf participants extend respect and courtesy to the colleagues at all times. So please be mindful of this. Whenever you participate or provide any technical criticism, we have all in personal discussions. So we talk about technology and not about personal issues.

B

We all have the goal to devise solutions for the global internet.

B

So we have to keep that in mind that we all have a common goal and make sure that you are prepared to contribute on the ongoing work of the group, so make sure you read and understand the drafts and the presentations before the meeting starts so that we make it more efficient next slide, please so the minutes are taken the minute the meeting is recorded and it'll be be streamed afterwards, so your business is locked uh by logging into data tracker and we ask describes to please contribute online minutes to the kodi md.

B

We have right now.

B

You that had agreed to help us with the minutes. You are you connected.

B

I don't see you yet in the call. So do we have uh anyone that can start taking minutes while you connect.

B

Can anyone help us with the minutes? This is important.

C

C

I'll have two minutes: it's rob wilson.

A

We all have audio uh juan carlos if you are muted. We will ask your idea thanks robert sir, for taking the minute.

A

B

I clicked on the mic by mistake when switching screens, so thank you very much bob and and yes, uh you will also help with the minutes, hopefully when he is able to join, but the more the merry makes like.

B

So this is the agenda that we have for today we're going to spend a few minutes just because this is the first meeting as a working group to to remind you about the status uh where we are. What are our objectives?

B

Then we're going to move to the status update from other seos, starting from the wba moving on to 802.1 802.11., uh then we're going to start talking about the the two drafts that we have at hand, the first one being the randomized and changing mac addresses, use cases by jerome and then the mac address, randomization amelia will present and then we're going to talk about next steps. Any questions or comments on the agenda.

B

Okay, here and now we can move to the next slide. Please.

B

So, as a reminder, we so far had been meeting as a as a buff, and the purpose of the of the buff was said to to inform the ietf community about the latest mac address, randomization activities and purposes.

B

uh We presented also the network and application uh service related issues that were uh related to to this mac address randomization, and um the idea was to identify whether any actions were required at the ietf, and we identified at least these three, which is the coordination with other ratios, documentation of use, cases and identification of existing solutions and gaps, and therefore we got charter next slide. Please.

B

So, knowing that the mac address randomization is here and now and that for some network services, the device identity is important, we want to understand and see how to still provide those services without necessarily endangering the the privacy features that were uh addressed by the market randomization.

B

So the idea here is mainly to explore the fact that so far, many applications uh make an implicit assumption that the device uh uses an i802 layer, 2 identification, also known as mac address. That is permanent and unique, and this is no longer the case.

B

So we will then work on identifying these scenarios and and see what is the effect of rcm on them.

B

Then we will also analyze uh identifiers that can be used beyond the mac address for network uh to provide the seamless service and also the scenarios where the identity is actually not required, that maybe we are misusing the mac address next slide. Please.

B

We are chartered to work on a bcp that will recommend means to reduce the impact of rcm on use cases, while of course still ensuring the privacy achieved with rcm is not compromised and also we are chartered to work together with other ietf working groups which have identified many like dhc or interior, as well as liaise with other seos, and also we have identified a triple eight of two, the wireless broadband alliance wba and we have already started some some discussions with them. That will be reported right after this.

B

So as far as deliverables, we have the documents about the current status or our current state of affairs and informal use information. Also our use case and identity requirements document and an information on mac address, randomization currents, state of affairs document. Then we have two drafts that try to respond to those so we'll talk about them and the idea is to adopt them by the working group and also we have a will be working later on on a bcp.

B

So I think that's it next slide.

B

Yes, so we can move uh next on the agenda to tim.

A

Tim, do you want.

D

Is my audio okay, this time.

A

Yes, it's a good thanks.

D

Excellent, thank you so, just as an overview, we have in the wba a wi-fi devices, identification project that we set up back in january, to look at this issue of randomized and changing mac addresses and what the effects of this were and what we could do about it um insofar as it affects various services that wba members may be providing.

D

um Could I have the first slide. Please.

D

So the objectives are, as stated here, to to look at the mac address and find alternatives uh to identify typically users, but sometimes devices, and indeed look at whether identification is actually necessary. In some cases.

D

So uh the next objective analyze and look at the currently available solutions. That's because we're a high level organization, that's largely what we've been doing, then of course liaise with other standards. Organizations such as yourselves and then at the end of it all, explain and recommend technologies that are ideally are already present, so that people who are using mac addresses at the moment can move on to something more appropriate.

D

So next slide, please.

D

So we've we've looked at a number of use cases for where the mac address is currently or has been used as a long-term identifier and where this is going to cause issues with service and we've previously liaised the document with you covering those yeah. Following on from that, we we've gone through those use cases and looked at the various requirements that they present um in terms of you know the uniqueness of the identity, identity, it's its scope and duration.

D

Now, typically, although macs are being used, the uniqueness is really for the user within a particular network, and the duration very often is long term. These are people, who've signed up for a service, and it's about identifying the user of the service.

D

uh We've also spent quite some time discussing the issues of privacy and consent for identification and what happens if the user doesn't want to consent to use some alternative form of identification.

D

So, having looked at all those requirements and really the requirements covering everything from we just want to identify a device for a session right through to we want to identify a person and each of their devices for potentially years.

D

So it's not really anything ruled out.

D

So, having looked at those requirements, we've moved on to examining the obvious existing solutions.

D

Clearly, starting with the 802.1x based authentications, wpa2 or 3 enterprise passpoint, and over the top of that open roaming, we've also looked at the private pre-shared key device. Fingerprinting and other proprietary external identification, such as where an app or a website is used to identify the user, and that's then communicated back to the wi-fi network to either allow access to certain resources or maybe to set up perhaps something like a particular quas level.

D

And, of course, the the other alternative, which is doing nothing. There will be some situations in which not doing anything and just leaving them act to change is a perfectly viable option and we wanted to understand what the effects of that would be because of a lack of time and expertise.

D

We haven't really looked at wi-fi, easy connect or 802.1 ar which, which we don't understand, but looked interesting.

D

As a result of examining the solutions, there are some things that they don't really provide function. They don't really provide the functionality that we previously had available from an unchanging mac and we're currently discussing what the implications of that are next slide. Please.

D

So um the idea is that, having looked at all these solutions and and what they can offer uh that we will want to make recommendations for each type of network, so in in this case the type of network will be things like hospitality or in-home, or enterprise um public networks that are either paid or or free.

D

So those are the network types that we're talking about here and we've in the process at the moment of looking at each of those currently available solutions and suggesting which of them might be preferable for which network type. um Alongside that yeah, we find that, obviously, not not everything that we used to do with mac is covered.

D

The main things we find, I think, are wi-fi network diagnostics such as yeah is used for the home or enterprise where devices are unable to connect and not that they simply can't associate, but maybe they're not even attempting to connect.

D

We we have no. I no means of identifying that that device belongs to the network and perhaps should have been attempting, um but equally we don't want to be connect. Collecting information about devices that have no relationship with the network and shouldn't be connecting anyway, and it's it's very hard to distinguish those two and and without the mac. Currently we don't have a solution for that.

D

um There are also issues where, because the mac is based on the randomized mac is peculiar to an ssid.

D

We may have a service provider with multiple ssids and the example here you know there's one for the hotel and one for the cons conference rooms. So a delegate at the conference staying in the hotel may have to deal with two different ssids.

D

And their device will appear from the point of view of the mac to be two different devices so that that issue needs to be considered.

D

uh There's also the issues of lawful, intercept and obtaining icrs.

D

Sorry, that's internet connection, records.

D

The law enforcement may come to an operator and say we need the connection records and currently they may use a mac address to specify the device that they want to do that, for obviously that's going to be completely unviable.

D

But the legal obligation to provide those records is still going to remain.

D

There's a just just a brief outline as far as we've got at the moment of some of the things that we don't feel are covered, um and the next step um follows on from item five here is to uh so we're going to make recommendations about the solutions and the way we've written them at the moment is looking at the solutions and what they can do we're now in the process of looking at the network types and assigning the solutions to them.

D

All of this is going to be bundled up into our white paper.

D

Which is supposed to be completed by the end of this year will be published at the end of the process, so I won't bother. The next slide is just a thank you all very much for listening.

D

So that's it from me. Thanks.

B

Thanks tim: are there any questions for tim.

B

E

If the wb has come up any um proposed solutions, it sounds like the mac address is still the the the best way have you thought of using uuid and the ie information, or something like that.

D

uh We certainly we're not considering that the mac address is the best way most of the solutions at the moment for larger, more public networks. Hospitality enterprise, um we're suggesting that one of the 802.1x based methods is the way to go for home networks. There may be some applicability for ppsk or even device fingerprinting, but neither of those are standards, and we don't really like recommending non-standardized solutions.

F

D

As regards the other items, here, there are things we haven't covered and that's mostly because we don't have the knowledge at the moment to cover them.

E

So will this uh white paper be available to the public or shared with the ietf at least.

D

Typically, the executive summary is made public and the white paper itself is available to members and liaisons, so it could well be shared with the ietf, but we will have to discuss the implications of that if the ietf were to be making it public.

E

Okay, thank you.

B

All right, so uh I talking with you uh thanks tina for that uh question and indeed, uh as you can see, there's quite a bit of overlap on the on the use cases identification. But this is uh rather a good thing, uh seeing that wba has taken a good, quick start at the at the issue. So the point is here not to reinvent the wheel, but rather to to work together to make sure that uh we consider the use cases that have already been uh identified by wba.

B

We can extend them, of course, in medina's uh to other use cases. That may not be interesting for for wba and also, of course, uh regarding the the solutions we are uh going to talk to uh ieee, 802 or uh other etf groups to make sure that uh that the solutions are are also considered.

B

So, yes, I guess to work together with wba and uh as tim mentioned, that we have the the means to to also work with the liaisons to make it official. If ever we need to get access to some documents or we can reference them and put information in our draft or something like that, but but for sure we want to share information and make sure that we work together with them.

D

Yep super. Thank you.

B

Thank you very much tim. So next in line is glenn and.

B

If you want to share preloaded slides clip, that's the preferred way.

G

uh Do you want me to share the slides or or can you do that? What's the.

B

If you, if you click on the on the icon, that is right next to the to the hand on top it says, share preloaded slides. You should see your slides there and then you can. You can control the the presentation.

G

uh Share pre-loaded under meeting materials is that where it is no.

B

G

No uh below your name below my.

B

Name on the left top you have a hand to join the queue and then next item. I.

G

Only see ask to share screen, ask to share slides and join queue.

H

B

And then you will see the list of slides that are being reloaded.

G

Okay, okay: ask to share slides and then uh oh I see so then the eight or two dot one update is that uh great you're, wrong?

G

Okay, is that, uh can you see the slides, I'm I'm I'm not so familiar with this.

B

H

See advanced high resolution, okay,.

G

Okay, very good, okay. So thank you very much uh for um for giving me the time to present here. um My name is glenn parsons, I'm affiliated with erickson, uh and uh I'm also the uh the chair of the 802.1 working group within within ieee.

G

But I as the chair because I'm the chair. I have to give this disclaimer that that this is a personal presentation um and is not a formal presentation of ieee or the eight or two dot working 8301 working group, uh because they have not uh approved um this presentation, uh but be that as it may. This is my view of uh the situation um in in 802.1 uh and just to give you a quick background of of what 802.1 is within within ieee um we're.

G

The uh the architecture and bridging uh working group uh traditionally called the higher layer. Interface, we've been around since the beginning of the 802 standards committee and uh and we are part of the uh the landman sanders committee, along with 11.3.15.

G

and so on, um and uh we um operate at what what we call the the higher layer of uh of the data link layer here, which um is effectively the the higher layer of uh of the the mac um and and that's the uh the protocols that we deal with.

G

This is the organization on the right of the um of the 802.1 working group. Most of our work right now is focused on time-sensitive networking. um However, we do have uh work on uh security, which I'll mention uh and we do have uh architecture work that has happened in the past and we'll start up again and we currently have a study project underway uh in our industry connections, activity uh nendica.

G

So just uh I guess a brief background if you will on the the reference model- and this is a reference model that is uh defined within uh ieee standard 802, which is our base overview and architecture standard and- and this defines the interfaces between the different layers um uh with the terminology of access points. And so you see physical access points and uh mac access points and and so on, and the uh the mac address uh is defined at the uh the mac um address point and is common uh to all uh 802 um technologies.

G

So the mac address, as I'm sure you know, is a 48 or 64-bit number used to identify the source and destination um and uh may also be used. As I said as this at this mac sap that I showed in the previous figure, there are a number of bits at the beginning of the mac address.

G

The individual group address identifies whether it's an individual address, which is the typical case or a group address which is like a broadcast address, and then the universal and local bit uh identifies whether it's universally administered, which means the ieee registration authority, assigns that number or whether it is locally administered and locally uh locally, was originally not so defined, but was recently uh defined and I'll talk about that uh in a minute. uh You can see that the uh the way that the address is structured is that a subset of the address is a so.

G

This is for the universal addresses. A subset of that address is assigned by the registration authority, the ieee registration authority uh that currently assigns addresses in either um large, medium or small, depending on how many uh universal addresses that uh that are desired uh for the use case. So, whether it's you know, uh 4, 000 or so, or up to 16 million per um per block.

G

So, as I had mentioned, um there is some organization that has been added in standard 802, and this was in discussions that that we had with the registration authority that they're concerned that there was an impending exhaustion of the uh mac address space, uh mostly due to virtualization, uh and the the view that uh going forward um mac addresses would no longer be just for a physical devices, as was the original intent.

G

But there would be many virtual devices so that a single physical device could have numerous virtual instances of whether of end stations or bridges um or or other devices within them. That would require mac addresses, uh and this would lead to exhaustion if the universal space was used.

G

And so uh what was done was uh a more structured use of the local space was, was defined, and so the local space was previously just whether the local uh bit was uh was set, which is uh is shown here, is the the x bit um and uh what was done was that uh two additional bits were identified, uh y and z here, which are the next ones in uh to uh identify an optional, structured, local address plan, and there are four different um different regions of the local space that this plan has identified.

G

The first one is an extended local space, and this is using uh an additional identifier um that the registration authority uh has offered, and so this this specifically was intended for uh those virtual environments, um and then there is a standard assigned, and so a standard could assign reusable addresses, for example, in uh in a particular range within the standard assigned space administratively assigned is intended so that the administ.

G

This is where an administration would assign its uh addresses, and the intent here was that um any randomization would be within uh this administratively assigned space um and then there's reserved- and this was reserved for uh for uh for future um specification of uh of the local space.

G

So, just uh back again on the uh on the registration authority committee uh and identifying the the registries, and so this is uh the the registry that ieee maintains, uh indicates that uh standard 802 um is um the the standard definition for uh what a mac address is uh number one and for what the uh different assignments uh that are given here. You see with the the mal mam and mas and the showing here.

G

This is a 48-bit address and then the the different local extensions that um a particular um you know vendor or manufacturer who acquires uh so the mal. They would then have 24 bits to assign- um and you know, assign it to 16 million odd different uh devices, and so, in addition to um the mac address, there are other identifiers that are also defined uh in standard 802, uh including the company id uh oids, the urns and and so forth.

G

So what uh what results here in the in the unicast space? So this is not the group addresses which is the the first bit, but in the unicash space we have the the global space, which is effectively the oui plus an extension, and so the oui was the original term for mal.

G

um And so that's the the global space, and then you see the the other four quadrants uh that I had just mentioned, uh which have uh which this is an organization, an optional organization of the local space, uh to help uh the administrators um uh assign addresses in that space. One of the activities that we have underway as well uh in 802.1 is, uh is a protocol that would allow administrators to actually assign mac addresses to devices on on boot up, and so that's that's another activity uh we currently have under underway.

G

But one of the things that is recognized in standard 802, that's indicated here, is that there is a presumed guarantee um of uniqueness within uh 802 networks and that's uniqueness of the mac address, and so this is facilitated with the global addresses and the globe the universal space.

G

However, if the local space is used, it's the uh administrators uh of that network responsibility to ensure um uniqueness and if there is uh not unique, addresses there, there is a potential of of disruption of the network um because of that, um and so uh and as I had mentioned before, the randomization was intended for the uh for the administratively assigned uh space. uh One thing I'd like to note uh is that uh we have uh currently a study underway uh within um our industry connections, activities on an evolved link, player architecture.

G

This is a precursor to uh the revision of standard 802..

G

One of the requirements within ieee is that standards must be revised every 10 years to remain active and so the current standard 802, I guess, expires in this 10 years at the end of 2024, and so we'll be starting a revision of that early next year, most likely to finish before the end of 2024..

G

One of the topics within the discussion is on mac addresses and the specific mapping of single or multiple mac addresses to to mseps from an architecture perspective, so that maybe may be interesting to this group going forward. um So uh so that's the the mac address uh status. Just to give you an update now on some of the security uh aspects that uh that we're working on here, um I I just gave a background on um a mac sec, which is uh security uh and privacy.

G

um As was noted in the previous presentation, uh we also um have standards on uh port authentication, which is dot one uh x and um uh secure id, uh which is dot one.

G

A r uh these have finished um some time ago and uh are are both widely used, um but I can provide a further update on those at a future time if that's uh desired, but I wanted to as a highlight on the the max act, because we have a project underway on this and and privacy itself is uh relevant for this discussion, um because what we had done in in 802 in this um standalone 802e document is specify a threat model uh for all 802 technologies against privacy um and the the point is, is uh what are the threats uh and and how uh can they be mitigated?

G

How can we protect um against them, and so this is a intended as a consistent approach for all eight or two developers, and so it's uh it's a worthwhile background information on the threat model uh so on on mac sec itself. uh That is intended as um as encryption, so data uh data protection um and, uh of course, uh counters to uh some uh man in the middle attacks that that had been identified some time ago.

G

But um the the point is: is that, uh with the new project that we currently have underway, uh which is mack privacy protection?

G

This uh is specifying um enhancements to mac security that um uh reduces uh the ability for uh observers to uh to um information, uh infer information about a particular stream uh based on the size uh and the user's identity, and so the way that it does. That is that it encapsulates uh the entire frame, uh including the the mac, addresses um and and pads the data out, and so that, for example, uh you would have a consistent, steady stream of traffic from the user to an endpoint, no matter what's been being transmitted.

G

um So that's an activity, that's currently underway and just as a and as an example, this is um a diagram of the the. uh What that uh user frame um encapsulation would be in this uh maxsec privacy frame, where you see that it's first encoded, you're encoding the whole frame and adding a a special uh one-time, um uh new uh essay uh mac address to the front, uh and then uh so that's the privacy step and then encrypting the whole thing. uh And so uh so.

G

This allows um uh the both a confidentiality and a protection um hiding the user's mac address, as well as the original frame sizes. um uh From everyone from the uh from where this is encrypted uh to the uh to the endpoint, where it's, uh where it's decrypted um and so uh because and the reason that this was done- is that uh there's actually solutions to do this already, uh but it was uh uh we.

G

We had um some uh some input that uh standard based common inter operable uh approach to this uh was desired and so we're about um halfway through this project and expecting to go to the final ballot on this um uh early uh early next year.

G

So uh that's all that I had to uh to summarize happy to take some questions, uh and this is a a summary of some some additional information. If you want to find out about the the dot one working group and the work underway and either nandica that I mentioned or the security group, um the 802.1 standards are freely available um through the uh the get program on explore.

G

uh So you can just link to them here um and then there are some tutorials, uh some additional technical tutorials, whether it's on tsn or the local mac, address concept or uh 802.1 bridging itself. And then I have a link from the the rack tutorial on this as well. So thank you very much. For the time.

B

Thank you very much glenn. Are there any questions for glenn, michael.

I

um This is uh really.

G

Great really great.

I

um One of the things that I observe as we move to people using randomized addresses is, of course, is that they um no longer many cases need any uh ieee assigned space, um so that seems to happen, on the one hand, for a lot of consumer type devices, um a group that I'm involved with in the iot security foundation.

I

um Actually, we would like the other way we would like to try. We would like for industrial uses, uh we'd really like to have um more clear identities or iot devices, um and specifically, um what we're wondering is uh you know with the ieee ever going to a situation where they would issue uh cider, like certificates, saying that this manufacturer owns this particular address space and that would allow them to issue certificates with mac addresses in them as the I, as the mostly industrial iot device identity.

I

um So it's sort of the other direction to more strongly strong identities for certain situations rather than the weaker ones. We have.

G

So I think what you're talking about is what we have in dot, one ar, which is our secure device identity, and so that that is a mechanism that um defines how authentication credentials dev ids is what we call them uh and how they're cryptographically bound to devices to support this identity. um Right.

I

So that's what we do have is that what you were well, we would be using one ars. The problem is: what is the identity? That's being asserted, because the only thing we can see over the network is the mac address, and so we would really like it if there was a trust path up to the ieee that allowed us to validate uh that. You know a particular oui was assigned to particular vendor and that that vendor had issued a certificate, and this is kind of the opposite of of randomized mac address.

I

But what we observe is that for certain things we really want to you go away from user specific um identifiable things, but for other devices we actually want to go the other direction. We want a stronger uh connection to the uh device identity um rather than weaker right.

G

Okay, so okay, so you're, looking specifically and you're, looking for the trust model to an administrator or ieee, because that one ar is kind of the user to the manufacturer. So that's that's right. You know.

I

G

We want so we want user.

I

To to through ie, to manufacture uh kind of stuff, all.

G

Right, so so what we're? What we're working on, which I didn't uh highlight here- uh a protocol called one cq, is mac, address, assignment and, and that is um one of the options within that is- uh is a trust relationship on that assignment. um But but this isn't it's not. I guess it's not decided yet whether ieee would be one of the trusted um assigners.

G

uh The the original intention would be that that would be an administration and so that uh within an administration and an administration I mean, if you're talking industrial networks, it could be like a factory, I suppose, and now within that factory uh there would be uh a trusted assignment of mac addresses.

I

Yeah they're not confident to do that, and they don't have the ability to install the certificate uh before the device is onboarded. But the, but part of this is also is to provide some anchor for all of the the nice security and the privacy enhancements that you did provide and so that they all would look the same at layer at a layer two. We would do all our layers to security and we would hide. We would hide the real real identities in some cases, uh but without a strong anchor.

I

um Well, we can't you know. We can't do that security randomly right.

G

I

I mean I mean that is a good point.

G

um I mean which is pushes for that done on uh on a higher level, and- and I can take that back to the group and see if that that's an ecosystem, that is uh that we'd like to uh encourage to be created within ieee. I mean that would be a registration authority, a piece, but um we can look at that because I mean what we have. The focusing on has been the protocols which I've been talking about like with ar and cq and such.

B

Great, so thank you very much glenn. Okay, thank you. We need to move on to the next presenter now. That was very, very good. um Next, in line is jerome hi jerome.

J

Alright good morning, let me try to.

B

I should be able to.

J

Share the slides.

J

All right, so, thank you, everyone. Let me try to send my video and, if it uh crashes, I'll I'll, stop all right. So um thank you, uh glenn for this presentation and and following on his lead, I should say that this is also a personal view. As a part, I see active participant in these two groups, not an official liaison or anything like that.

J

um So what I wanted to do here is to give you uh with juan carlos a quick update on what's going on in the 802.11 that some people call wi-fi right, but it's not what 802.11 calls itself um in that context of our cm, and this is this group, so we started in that environment to observe.

J

You know that devices as we discussed at the beginning, uh chair the mac address, and they tend to rotate the mac address before connecting to one access point um and also they more and more use randomized mac addresses when they connect to an access point with more or less stability.

J

um So that idea has been present along with the idea of privacy for for a while um and in the um year 2018 that practice of randomized mac address has been observed and studied a little bit in the context of a document called 8-11 aq, which is like many of the other amendments. You know improvements to the standard that are made every now and then and then integrated later in the standard, and what a211aq says is that you can use this randomized mac address.

J

You know there is no obligation to use the burned in mac address in your device if you're not associated, um but if you are associated and what we call you maintain a state with an access point. You cannot change your mac address within that context, because you would be breaking your state, so you break the state and then you you, you restart. So that was one thing that was looking at rcm, but at the same time you know this idea of privacy, nato, 2.11 and rcm.

J

You know was becoming a more important issue um that drove the creation of two groups: first, um a topic interest group and then a study group. It's the normal progression in the 8011 world, where you know a group of people are interested in a topic that may become some work and that was in 2019 and 2020 and then in the end, the outcome of that study group was the creation of two subgroups working test groups um in 1811, 8011, bh and 8.11 bi.

J

So what bh does is to look at enhanced services with randomized mac addresses? If I want to paraphrase what the idea is about is to say: rcm is happening in 802.11..

J

What do we need to do to maintain services in that context? Are there things that are going to break if devices change the mac address and, of course you know the answer, maybe no in most cases, but there may be some cases where, yes, you know some services that were possible before mac addresses were randomized and rotating would not be possible anymore. So the goal of 802.11 ambh is to come through.

J

You know the the use cases where we think that maybe services might be broken in the 802.11 sense um by this uh rotation of mac addresses and you'll see. If we can, you know provide some recommendation: how how to fix that it's intended to be a short term uh quote quote group. uh The expectation is that by 2023-ish, which you know pretty fast in these standard groups, uh they should come with some text.

J

You know, for you, know, remediation of whatever might be broken, of course, and you know pushing aside and listing what we think is not broken um as we speak. You know we we're. um We spend quite some time looking at the use cases that we should be tackling. You know what is really broken by uh rcm. I know in many cases we find that uh some services are not in 802.11.

J

You know you do additional stuff on top and you just write on the fact that you had the mac address, so you use that stuff to identify your device, but that's nothing to do with a2.11. So there are plenty of cases that came up initially as potential candidates um that we simply pushed aside, say well that that is not an eight to 11 function.

J

You just happen to take the opportunity of using the mac to identify a machine or even worse, a user, and you think the mac is a good way of doing that, and it's not uh so plenty of things are left aside, and this is, I think, important for us in madinas, because in particular anything which is above 80.11 on the mac layer is not necessarily something that 8.11 needs to solve. You know we're not dealing with dhcp dns whatever, so that is something I think important for our group here to to keep following.

J

So we we have a good view now on what use cases are probably broken and you see them at the top um most of the time they are about things where you did establish your states um and for which that state has consequence in terms of service, uh even if they are only related to 8011 and not directly related to 8011, for example, I.t support and troubleshooting.

J

um You know you place a a a call and then the service breaks at some level. You call it support and say: well phone was not working yesterday and they asked you. Okay. What's your machine ip about, I don't know it was yesterday. What's your mac address, I don't know it was yesterday it changed. So you know that kind of service is not directly a2.11, but we do see why a211 is involved in that idea of saying.

J

Well, if you have a wi-fi service that breaks or 8 11 service out breaks, then you know it may be related to the fact that you cannot identify the station anymore in the context of 82.11 that this service breaks.

J

But you know many others are- are not uh uh involved there and there is this other group, which is eight to eleven bi. So bh again is surviving. You know, eight to 11 with rcm is anything breaking um 811 bi is more around enhanced service with data privacy protection. So the idea is to say wi-fi a2.11 any of these radio technologies.

J

Has this characteristic that if you're in range of the signal you may be able to observe what's going on, whereas, as we were discussing the chat before, um if you're on a wire cable to um to a switch, you know you may be able to read. What's going on the cable from the electromagnetic field, it's very short range, you know, but really you know, you'll see it only if you are on the wire or if you are in the switch in it to 11.

J

If you're on range of the signal you may read stuff and of course the question says you know the question comes and say: well: does that you know have any impact on privacy.

J

So it's a common question that comes is what is the relationship between bh and bi, so bi is not necessarily looking at rcm itself, although rcm being the reason because of privacy concerns that it happened. uh You know there is kind of a relationship that keeps you we keep playing along uh uh in these two groups and of course, sometimes the ball bounces from one group to the other, uh because it's more you know the field of one or the other.

J

But the group of the goal of bi is to say what should we improve in 82.11? uh If, if there are some things in 2011 that have impact on privacy? So can we not list those? Is there something we can do about it? So the goal of bi, of course, as you can see, is deeper than bh and therefore it's a work stream is intended to be longer.

J

We expect some publication by 2025 two years more than the 811 bh, so at this stage in the bi group, what we're trying to do is to list the privacy related issues uh with a2011 and, as you can guess, you know there are plenty first. You know there are some elements that we reuse from one association to the other.

J

uh If we want to reassociate and come back uh to uh an access point to expedite the process, there are plenty of things that we can really say to be recognized by the infrastructure and, of course this could be indications. um There are tons of things in the frame at the mac layers. Clan was describing it, but even that lower layer that we tend to use which are mechanical.

J

That may be, you know, usable to identify a particular station in the crowd. So all these things are things that we are trying to list as we go along at the same time. You know because the problem is not entirely new. uh There has been quite some thoughts already on some privacy issues in 8011, so we see also some proposal coming up in the group about you know, fixing some uh points, issues that have been known or identified for a while.

J

So you know this proposal are you know, put aside, of course, you know listed and carefully kept so that once we have the complete list of use cases we can see if those proposals have solved. You know some of these use cases. What is missing, you know, emerge everything together.

J

So the goal is that by march 20 22-ish we should have a good idea of what the use cases are and what is broken in terms of or what is at risk in terms of privacy in eight to eleven from there try to get some requirement and some proposal uh to try to work on. So you know, I think, in the term of uh of madness. uh Both of these groups are probably very interesting for us to keep a liaison with. um You know, bi, because you know privacy is the source of the cause.

J

You know of rcm. It seems in the first place. uh So that's something we probably want to keep an eye on and bh, because it's clear that things that bh will fix will probably have an influence on what you know. The maddiness recommendations may be uh because you know maybe they'll decide to have a stable representation for the mac address when you know applicable under the controller of the user, all that stuff. In that case you know there may be some.

J

You know, resolution of issues that we may be identifying in marines, but in some other cases they may say. Oh, this is not our problem and they may throw their things on on our laps, and we may need to be aware of that to say. Well, maybe then we need to tackle that here in the itf all right. Let me pause here and see if we have any questions or feedback on these two groups.

B

Are there any questions uh for jerome on 802, 11, bi or bh stephen.

E

I yeah, I noticed that the what the wba is working on is very similar to uh the bh, so I'm assuming you guys, are closely collaborating on um on a general recommendation for this work group.

J

Oh, thank you steven. That's an excellent point, um so so 801bh a2011 in general is definitely um talking a lot with wba. um So so I would say that goals are probably not the same in that's in a trill of nbh. What we're looking at is the mechanics of 82.11..

J

You know: do you break anything if you change the mac, you know within within a connection uh wpa, uh because it's the wireless broadband alliance- and I don't want to speak for tim- is looking more about the uh effect of rcm on what they're trying to achieve with their members.

J

So there's definitely you know uh in interactions uh and the essence, because we're looking at the same problem and they also talk a lot with the wi-fi alliance, where there are some security groups and some other groups, you know impacted by rcm as well, but you know I would say that, although we look at the same issues, our angle is probably slightly different. But yes, we talk a lot yeah.

J

Okay, thank you.

B

B

Buff, do you want.

B

You're in the queue you want to say something new.

B

About masquerade.

B

K

Well, we've fixed uh sorry, okay, okay, that should work, hear me now: yes, yes, we can hey bob okay. My work in unmanned aircraft has the exact opposite problem, and that is that the identity must be known because you're in a a public space, the airspace and the design is to use the mac address.

K

To be able to associate the uh the message stream from the unmanned aircraft by the observer so requires two things: one that, for what we call technically called an operation or generally called a flight, must use the same mac address for that time.

K

But actually the problem is on the other side, the receiver application has to get the mac address, to be able to associate the messages together to able to say what is that, I'm an aircraft doing and what messages are saving and we've been finding that on many of the the the uh the smartphones, the api does not send the mac address up the stack, so the uh we're using uh wi-fi beacons, I'm using the uh vendor ie.

K

What's that 221, I believe uh glenn um with a uh pacific uh vendor that that's been been, uh I think, what's parrot is using their sign. Their uh their vendor id that they got, and so they would associate these together to make a stream. But then the api puts a pseudo mac address up to the application, which then breaks the whole intent to be able to link the messages together.

K

So here is a case where the mac address is needed in a broadcast media to be able to link messages in an environment where privacy is basically not allowed up to some level of definition of privacy. So it's it's a slightly different use case, um just bringing it here uh to point it out, and you can see.

L

It in my draft.

K

Graph ietf grip grid under uh the privacy section I talk about it.

J

Okay, I'll look it up, because you know it's an interesting case um and and you're right on the client side on the access point. Of course it's different, but on client side there's been a lot of effort to try to hide the mac address.

J

To avoid precisely that, um you know, applications would extract the mac without the user consent and just send it out, for you know, in tracking of the user, um so you're describing you know that scenario where we are in a point where we say well, it's important that the user has control, but also there are many scenarios where the user doesn't know that you know this is a problem.

J

You know that there would need to be ask a question, but then you know there is, of course this difficult question how many times you ask the user about what and do they understand the question. um So that's one of the things where, where edward bh is is looking into you know the is there's anything that breaks uh but we're looking at the 8011 side. What you're uh seem to be looking at is more in the application side of 802.11.

J

So I'm not sure which forum would be best for to examine this, but I definitely will look at a document you're talking about.

K

We also have a problem with the gps information on the uh smart phones and that's an fcc issue which doesn't come here that that we have to know where, where the device is um the receiver is and uh but that that's for another conversation, not not yeah,.

M

K

This one here, that's likely if you close too okay. Thank you. Thank you.

B

Thanks bob um thanks jerome for that answer, uh amelia.

N

Yes, hello. Thank you for this presentation.

J

Yes, you are okay,.

N

Very good um well so a lot of the um in many of the updates that we've heard from the standards development organizations um in this section and the problems identified are or the use cases um and challenges both in terms of identification and privacy. Protection are overlapping, um and so um maybe this is a broader question just for jerome.

N

But how do we envisage moving ahead with identifying the correct technical circumstances in which to address which problem?

N

um So do we have uh something like a foreseen way of saying, for instance, in in the ieee 802.11 tgbi working group that well, this is a problem that is not suitable to be solved here, but maybe we should be solving it in the ietf. And similarly, if we identify here in modern as a problem, could we is there a way that we could pass that either down 2.11 or up to wba, um etc?.

J

Yeah, thank you, emily and, of course, you're in all these groups. So so I don't know the answer, but thank you for allowing me to share our thoughts um yeah. I think it's it's something which is critical for us here and continue doing. You know, liaison with a bhbi and probably dolby and wfa, because in bh for example, we spend a lot of time looking at use cases and asking. Is that something that breaks with rcm?

J

Is it something that breaks and we care about, and in some time in many cases the answer is yes, it breaks with rcm, but we don't care. um So it's it's important that you know, as each group lists the possible issues uh we keep. You know sending those exchanges back and forth and I'm sure that it's at some point we'll say: well, we don't think it's any one of us to solve.

J

You know it's it's um you know you've been using the mac address wrong, stop using that, um but in some cases yeah my expectations that will be pushing ball from one side to the other, um so yeah so yeah. I think liaison between these groups and, of course, you know many participants. One group are also participants of the others.

J

So I think this is critical if you, if we don't do that, if we work in isolation, we'll fail.

J

B

Thanks a lot for that answer, jerome. uh So, let's move on then to the next item. um After seeing the updates from seos now um it's time to talk about the drafts that we have uh proposed for the group and we start with jerome.

J

Oh okay! Okay again, I don't want to take the mic for everybody. But okay, let me share the next uh slide.

J

J

Okay, so um this is something that.

C

uh Hopefully, most.

J

Of you are aware of you know: we've been working on this draft for a little while, um and so what we're trying to do here is in the context of maddinas.

J

We know that uh rcm, you know the fact that you change the mac address that is used to identify a station is going to affect services, and you know if it affects services for the station. It may affect the user experience of that station. So we try to understand what context these deals with and what is the requirement for that kind of of issue?

J

However, we also found that a very common problem we face when we encounter those conversations is vocabulary, and you know I've seen in the chats and it's a typical example of that, where you know we use terms in different contexts and, of course it becomes very difficult very soon to understand each other. You know if you say that you know they should not read my mac address. They who you know who who is they?

J

um You know if we, if we're not specific into what we're defining, um then it becomes very difficult to make progress, because we keep redefining terms all the time and each person has a different term. So what this draft does first, is try to say: uh can we define a little bit better? You know the environment where we operate, so we can refer to the same. You know kind of structure, environment. When we talk about problems and solutions, uh in particular, we reuse what glenn was describing, which is the 802 e.

J

You know, and others group that you use the terminology of personal versus versus managed devices. Your personal device is something which a device which traffic is directly relatable to a single user. You know, if you have your smartphone most of the time only you use your smartphone, so whatever traffic comes from, that smartphone is likely being associated to you directly, and you know personally shared service devices and what we call managed devices are devices which traffic is not necessarily directly associated to a person. uh Typical example.

J

We take you know at the infrastructure level is a switch or you know an access point in an airport. You know at some point you may see someone's traffic there, but if you look over time at the traffic of that access, smarter switch, you cannot really link it directly to one single person.

J

Also on the endpoint standpoint, if you have a you know: barcode scanner or tablet in a factory where you know you enter things about the production, the person that enters the stuff on the the information on that device is not directly it's not personal information. That's there.

J

No, it's only work stuff, so it doesn't identify the the user and we'll try so to you know, make difference between the user and the device they're, not the same entities right and then, of course, they who are they that are looking at these mac addresses and we may want to protect from and of course there are some network functional entities and that's where 8011 bh comes in and maybe we come in as well, where we say you know some devices in the infrastructure use the mac address, just to know where to send stuff back and to know which services is given by by by which entity to what other entity.

J

So those are functional entities and, of course, uh changing the mac may have uh the um uh the uh some issues um and there are also some human related entities and that's where probably you know many times. We we talk about things uh where um you know you may have over-the-air observers, uh observers on the wired uh inside the network, that's the ltlei or x outside of network utility, but also some entities managing network. Like um you know, wireless network operators or networks providers.

J

So we try to list all these possible actors and I see in the chat, yeah ipv6 uh dhcp. You know, of course, we're not saying we're not defining functions here. We are listing uh the functions where uh we have entities that have an action or an interest in in the uh the mac address, then, of course, uh moving away from who is they uh that's? You know one thing that can be useful.

J

We also try to look at where um the mac address is a problem, and when it's not, and to do that, we need to define two elements. One is what we call the trust um you know our. Can you trust everybody, uh for example, are there environments where you and I'll ask the question again at the end of this presentation?

J

Are there environments where you you can show your mac address without the fear that the other actors seeing your mac address, are going to be using that mac address against you or to track you or to spy on you, um so that would be an environment where you have a full trust on the other side of a spectrum. Of course, you may have zero trust. You know a place where you say I don't trust anybody here and that could be.

J

You know a public place or something like that, and there may be in the middle some gray area that we'll probably need to work on, which is the selective truss, where we say well, I may need to trust.

J

I don't know the mac address the access point, for example, because I need that thing to make me connect to the internet without billing me every 24 hours every time I change my mac, but I don't trust you know something behind, so there may be some areas where um a selective trust may be set so defining which level of trust we're seeing for each environment is, I think, important and, of course, defining those environments. Where are we looking at um for the mac address problem is important because the requirements and the exposure might be different.

J

If you are in your home, you know the exposure is probably different than if you are in a busy airport or in a coffee shop. If you are the managed residential setting, for example, you know these places where there is an itc stand, for. You know extended living, for example, where there is an I.t system that manages the wi-fi they may have. You know view on the need to understand what mac address you had. That is different than if you are an enterprise network, for example, any enterprise. Are you bringing your own device?

J

It's your personal device that you also use for work, or is it an enterprise asset? You know they give you a laptop and it's their laptop. You just happen to use it, so you know these environments um have different assumptions in terms of not only privacy, but of course you know the relation of knowing who is doing what.

J

So we try to list those um to try to to understand when we discuss which area are we talking about which trust level do we think it matches so that we understand what is the effect of rcm and then in the end, uh we try to list the requirements that we think are a consequence of the usage of rcm for the manuals group, and here you know, I'm not going to to read uh all these uh together because it's uh it's going to be a bit uh boring.

J

But you can read the draft yourself and we will try to list uh the possible steps that we could take from that assumption in the mighty astro group to try to see where our services are affected and what recommendations we we can. We can make um one thing I would like to add here, uh which is not today in the draft and I'll come back on the next two slides. Also on things which are not um in the draft um is that um iot is something we were not observing.

J

Looking at in the draft and final conversation we had earlier today here, but also some feedback we have uh on the list, it seems that iot might be an interesting case to look into you know either. You know, as a michael was referring to a strong identification enterprise, but also you know what is the effect of iot changing their mac if it's your iot at home, so that may be something we may want to to envision as well.

J

So we are today at version three, and I would say that uh since we posted versus three of the draft we uh uh and the preparation for for this uh uh meeting, we receive a ton of feedback. So I'd like to you know thank everybody who took the time and care to read this document and provide feedback. We'll of course, will respond to it.

J

But in those comments I think there were two things that I think would be worth bringing to the attention of this group, maybe to discuss you know today and have your view on this. One is a full trust. You know this environment about full trust. I was discussing before uh so remember: that's the environment. In the draft we define it as the place where you are not concerned as a user that the mac of your personal device- you know your your smartphone, for example- would be seen by others.

J

um You know, there's no threat to you. If others see you know your mac address and others could be services around. You know dhep and the others whatever, but also users in range of you. You know, looking at your mac and being a naive guy living in the us, where my closest neighbor is about a mile and a half away, I say well, probably a home would be a typical example there, because I don't really care.

J

If my dog sees my mac address, even my wife or my kids, I don't think they are going to attack me and all the services where the mac address is seen to me is going to be in my house, because it's going to be my dhcp server is going to be my wi-fi, etc. So I tend to see that as being an environment where full trust is possible. In the early conversation of this draft we had some comments, saying yeah, but what? If you suddenly turn into an rbnb?

J

And of course we said? Well then, in that case it's not really in the home environment. You just turn your home into hospitality. So it's not really a home environment anymore, but then you know we had more and more feedback saying yeah, but you know it's because you you american, live with that middle of nowhere. But if you are an apartment building, uh you know your neighbors hear your mac because you hear their mac and they you know everybody hears each other. um So you know the more. We get this feedback. The more.

J

I begin begin to doubt uh whether you know residential would be a good application for full trust scenario. And that brings a question to this group and I have another one on the next slide. So I'd like, maybe to take five minutes here and five on the other. Do you think that home?

J

If we qualify it, you know, supposing that you don't have neighbors around sneaking on you behind your wall could be a full trust environment and, if not, um do you think of anything any place that could be a full trust environment where you would not be afraid of showing your mac address, because you don't think that there would be a threat to your privacy in that environment?

J

Let me post there to gather some thoughts on this question.

A

Michael, please call me.

I

Hi, I I can't see, even if you have a mountain and you don't do airbnb, I don't see that you want to reveal your mac addresses of your devices to these service people that will drive up your driveway may or may not be legitimately um the place where I think that maybe you could have a full trust.

I

Environment is actually an in-enterprise um where all the devices the enterprise wants to know that all the devices belong to the enterprise and, if there's anyone else that comes along with something else, they're going to flag it and maybe there's going to be security detail that goes to remove the device from the thing. um So I actually think that home is almost never ever going to be a full trust environment.

J

Thank you. Thank you. That's very useful, yeah. I like the idea of enterprise. You know if it's an enterprise asset, yes yeah.

M

That makes sense. Thank you.

B

Thanks, uh you join.

O

Thank you um yeah. I pretty much agree with what michael said. um I also think that uh home environments uh cannot be fully trusted, uh not only because there could be diverse attackers or um people trying to listen into your home network, but precisely like you said also because there's uh there absolutely is uh a lack of security mechanisms right, especially we're talking about um well regular homes that don't really have like, um um I don't know, like knowledge or resources to uh to put like secure mechanisms at their home.

O

um I also agree that in in this scenario, enterprises could be seen as much more secure than home devices uh and in home devices. I would I would even like to mention like my phone and um if I trusted both my phone and my laptop, that are using my home network. I would not be interested in things such as uh encryption of the dns, for example, because I should be trusting that network and- and I don't um that's it thanks.

J

All right, thank you very much. Thank you. Thank you. Thank you. Thank you. Yeah.

C

J

Thank you thanks a lot so we'll probably so, we'll probably we will correct that section of the draft uh and suggest and suggest a different view. Anyone else in the queue before I move to the next one.

B

Yes, uh we have uh two people and then we move all.

J

Right yeah, I don't see the queue, so please, please guys.

C

I met you speaking um thanks for inviting us to comment on that, so.

D

My first remark.

C

Is um uh I don't think we can trust any place in the world where you will have other devices? I already mentioned that in the mailing list, but uh we are seeing a trend where any kind of device you have in your pocket, especially the smartphones. They are running all kinds of applications uh which are often including uh features that are scanning nearby devices, whether they are bluetooth, low energy, wi-fi and some companies are already interested in.

C

um I mean collecting all those identifiers to to track and profile you- and this is only for I mean the commercial entities trying uh to do some marketing profiling, but I'm sure there are many other um scenarios here, and um so my point is as long as you have all the devices I mean that you even the one you are controlling, um you cannot really trust uh the environments and finally, I think I mean do real really needs um a specific scenario where um food trust is required.

C

uh I mean what would be the benefits of that of having this specific case can't we apply um the rules that we have in non-fully trusted scenario uh to this one. Just in case uh there is a news dropper in range, whether it's someone outside your house or just your smart smartphone. Listening on your other devices,.

J

Yeah, thank you, mateo, and you know it's interesting because I I agree also going backwards in your inner statement. I don't know if there is a place that is, uh is a full trust environment um and maybe you know the conclusion is that you know full trust environments. These place don't exist and that's fine and from from what I heard from the two previous commenters, joey and michael, is that the enterprise environment is such because it's control environment, but also because they provide you their devices.

J

So the pii exposure here is, you know close to none, not because it's a it's an enterprise asset um so, but also I I do see that in an enterprise there could be physical security, where you know you cannot just stick on the wall and- and you know, sneak inside uh et cetera, but yeah. I see your point. Maybe there is no full trust environment at all. I mean it's it's I mean it's good to define that environment and just say well on this planet. Sorry guys there is no such place.

B

Okay, thanks uh next in line is the ball.

P

Now the the notion that you enterprises are very secure and all the same is just wrong. There's a whole range of enterprises, very big to very small, some very open. Some very close. You can't make these general characterizations and the other thing I would note is that that um you, um you know the only way an enterprise or anywhere can validate who's connected to. It is actually to do a real challenge where the user has to identify themselves.

P

You can't do this at the device level, many enterprises allow people to bring their phone and connect to the local network and they do it by challenging it and causing the person to use their credentials to log in you can't do this just at the network layer um with mac addresses or whatever that may have been a convenient way to track people before, but, as we know no longer and there's, there's just not a simple solution here that you can do at uh you know layer two anymore, and you can you just can't assume say: enterprises are secure and trustworthy because they're not and we've all read the reports about ransomware taking down very large enterprises.

P

So it's the world is much more messy. Thank you.

J

Thank you bob and- and this is you know, one of the big reasons why we have this draft. You know when we say there are enterprises where you know there may be full trust. We're not saying all enterprises are full trust because everything is fine everywhere and I think it's you know it's critical to define where this this would be set if it would be set- and I fully agree with your statement here- we're looking at rcm right, so we're saying uh exposing the mac address.

J

Does that have consequence in terms of pii um in those environments? And of course you know if the enterprise assets is the enterprises, not yours, uh and there is no pii there. uh Well, you know you don't really care about exposing your mac, because really there is nothing of you on on this device, um but I also fully agree with your points on the authentication being being changed all right. Thank you very much. Thank you for this input. Another one I'd like to like.

J

If that's okay,.

M

J

Four four more minutes sure go ahead. Please, okay! Thank you very much. It's what I call the race conditions, um so you know going back into this: a total 11 eq in 2018, um I'm you know I'm making a shortcut saying it's four beats changing the mac during association. It's I mean it's not entirely true. What it says is that the non-mp state connecting to an infrastructure bss shall retain a single mac address for the duration of its connection across an ess. Now to make it simple, bss is one access point.

J

Ess is when you move from one access point to the other, and you know the context of that is to say if you change your mac. Well, you break state and therefore you have to restart okay. um So so that's the context where we operate, where we say well once you're, connecting to an access point. If you want to be the same device on that access point, you must keep your mac address, because if you change it, you're not the same device anymore and we start from scratch.

J

So that's where we were in 2018 since then, there has been a lot of questions coming both in 8-11 bh and in 8-11 bi, where um you know some authors have come and said. Well, you know I may want to go out to lunch. Come back and reassociate, which is, you know, regain the while still changing my mac address, or you know, for privacy reasons.

J

If I'm in a public environment I may want to have you know a secure connection to the access point within which secure tunnel I can maybe give an identifier but for the rest of the world. You know the observers, I'm going to change my mac, every few minutes who knows so from the outside world. You know my mac is changing, but the ap still knows. It's me somehow.

J

So, knowing that these conversations are happening in the draft, you know we do not make any assumption in the fact that your mac address has to stay stable as long as you're connected to an access point. We don't don't mention this requirement anywhere and we had a couple of feedback. Saying dude, you don't know you're not aware of it 11aq, um because you know you cannot change your mac there.

J

So you know you are living up in the door to a problem doesn't exist, um and you know of course, every single time to every single contributor responded. Well, it turns out. We are aware of it, but we don't know if that's going to hold true uh for the upcoming years uh and we don't make any provision there, because it's not our problem in marinas. It's an 8011 problem, so we don't define whether the rotation happens within a connection or not, but because we we come back to the these comments.

J

um I I wanted to bring the question to the group and ask: do you think that leaving this door open as we do, knowing that things are not necessarily carved in stone, is okay or do you think that we should say well hold your horses you're riding here in you know, 2000? um What is that 21 november? uh Don't you know be specific about what happens is allowed in 2021 november and if things change in three months, then you'll change your draft.

J

um So what is, what do you think is the right direction, keeping the door open, as we do uh today say not specify here, because that's our mininus job or should we, you know, be specific about what is today available and you know, and to change the draft or revise it. If, if things change.

B

Thanks, uh let's go with dan first.

Q

Can you hear me now we can hear you okay thanks!

Q

uh So, yes, aq assumes that you've got a single mac address that you you return to when you connect back to the ess, but that's I think, going to be addressed in bi when the pmk id uh privacy has been been addressed, because that will allow a stay to reuse. A pmk id identify secure state on the ap using a random mac address. So from the point of view of what what madness should do, I would say nothing: we should just let let bi continue doing what bias said. They're going to be doing.

J

Thank you dan, so so, if I hear you correctly you're saying we should not be specifying any known or expected product projected behavior right. We just lift things to the group that deal with it and not. You know make a new assumption about what trudeau should not happen. Right.

Q

Yes, that is but that's my suggestion, but okay. Thank you. Thank you very much, good idea thanks. Thank you. Thanks.

B

And I I put myself in the queue uh I think uh I agree. I think that this is the real mafido, 211 and uh vi specifically is going to want to talk about this pmk id.

B

But I guess my take would be that probably for for the documentary when, when you mentioned the draftsuniga, the uh from the informational point of view, I think uh it doesn't hurt to say there are this type of conversations in uh like next steps or or follow-up uh section of the draft just so that we we we remind people that it's not uh uh written in stone and and it's something that it's never going to change, but rather that it's evolving at that point in time.

B

The purpose of the of the draft being to to say what is this current status? I think that if these conversations are taking place, uh it's fair to at least mention that the conversation is taking place and where.

J

Makes sense, thank you very much. Thank you very much thanks all right and that's it for this presentation. So thank you again for everybody uh to to everybody who who took the care to provide feedback, will integrate the changes and propose you know an updated version of this draft within the next few weeks.

M

Great. Thank you very much. Jerome and.

B

As expressed in the in the mailing list by by some people uh thanks michael, uh the idea is to uh to adopt this this draft and and we'll go to that uh at the end of the meeting. If that's okay, uh we'll go now to present the other draft that we have and then we'll do the call for adoption for both drafts at the end, so amelia.

N

Yes, hello, I expect invisible um uh audible. I was going to ask if you're the catalyst of one. Could you just play this? The slides.

A

N

N

A

Do you want to do it or sorry or do you want.

N

Me to project this um go ahead and project. I think it will be easier to reduce the risk of me having software problems, um so this is an updated version of a presentation that we already saw in july um of this year. So for those of you who are already in the july meeting, a lot of this will look familiar and it's a quick run-through of the draft on mac address randomization, with some updates that next slide. Please.

N

um uh And so the goals of this draft is uh simply to document the current state of affairs regarding mac address randomization at the iedf and other sdos. What's been going on so far next slide, please um we have a table of contents um with the uh yeah that goes over all of the activities that most of them we've already heard about today.

N

So I'm not going to spend so much time reiterating um what is already been said during this meeting um I'll. Just let you reflect upon this table of contents for a while and then ask carlos to quickly step ahead to slide nine with os current practices.

N

um Actually, it should be on slide seven, um because this is the most recent um update, and so uh what we've done since july is basically map out how mobile operating systems are currently randomizing. Their mac addresses.

N

This can be either done by randomizing the mac address between connections to an ssid.

N

Or- and this is the most common um that a mac address is kept for the same ssid or within the same network, um and we've checked whether this happens on, for which platforms this happens and how different implementers are doing that if you go to the next slide on slide eight, you can see what capabilities are available in linux, android, 10 windows, 10, ios, 14 plus you're, invited to review these slides um so fairly descriptive table already.

N

The draft has also been updated to a version uh one to reflect these uh new investigations, um and uh I think we've also addressed some comments from jerome hungary. So next slide please um and next slide. Please, if you have any further comments and reviews, please share them with me or juan carlos or carlos. Thank you.

B

A

Yes, this is as a chair here, so just to complement what amelia said regarding the changes we we made some editorial changes uh to uh to basically match or better adapt to the to the madinah charter that is now approved.

A

We also changed the name of the draft, so it now draft suniga madinas to, although that the other, the other name was also representative enough, but just to to follow the typical practices and then regarding the mobile oss changes. Let me go back just to that. uh To that slide, we added this, which basically the vbs to document and is related to the discussion that we had just had with jerome on the what the oss are doing today. So this is an attempt to kind of characterize what they are doing. Of course, these are these.

A

Things are very much alive and the the practices are changing, but this was an attempt of basically see what they are doing in terms of if the address is uh stable or persistent per network per connection, if the changes daily or not if it depends or allows to do a configuration different pair, ssib or not, and also looking at what how they behave in terms of the mac addresses that they use when they are doing scanning not yet associated to any specific network.

A

We already got some comments from jerome uh on things like the table and some uh corrections, so please we would like to get as much feedback as possible, not only in the actual content that maybe there are some mistakes. We we try to be as rich as possible, but of course we there may be some errors, but also in the way we could uh keep that documentation, because it's since things may change, we may want to reflect in the document a bit the the evolution not only the current state.

A

The current picture at as as the moment of the the document is, is released. uh Well, that was just it's just too complicated with amelia said thanks.

B

Thanks for that, carlos indeed, I think again, this document being informational. It provides a good snapshot, but also a historic of how things are evolving and, as we can see clearly the uh lack of consistency in the behavior of different uh implementations. It's also something that we need to be aware.

B

Great. So, thank you very much amelia.

B

I guess we can move now to the.

B

Yes thanks the last part, uh and the idea now is to to adopt these two drafts. So, let's start with the draft uh henry medina's framework zero, three, the one presented by jerome. Previously again, this document has been discussed at length on the mailing list, so the idea is to adopt it as a working group item and uh for that we want to just ask here: if there are any questions or comments regarding adopting this draft.

B

Of course, we will be confirmed on the mailing list, but first let me ask uh the group: are there any comments or anyone, speaking in favor or against adopting this draft.

B

No comments: we did see some proposals in the mailing list to get it adopted, but yes,.

R

Rich, uh so my only concern- and we can address that somehow- is you know the informational slides about well, this is what android 10 does or what windows 95 did that stuff tends to get out of date.

R

um It also means we have to be very careful about surveying a large part of the community, like you know why android and not safari or books or you know ios.

R

So I'm just worried about that issue, which I think the working group can address, because once it's published as an rfc, then it's in stone forever and people will not notice that the information is now two years out of date, just to concern not arguing against adoption.

B

uh Thanks um right now we're we're on on draft henry, which is the previous draft uh you, I guess, you're referring to the to the second draft, but uh the point is well well taken, so we will address that when we move to the next. uh The next draft, uh sorry about the confusion.

B

K

And that is these tables, which you don't want them to be locked down in an rsc we now have github and github can be tied to the work group and the rest of it. You can reference the github in the document point to where it is and then maintain these tables as a living thing, instead of just a static in rfc. Consider doing that.

B

uh Thanks uh bob, that was an answer to to reach uh comment ballot, but also addressing the the other draft, not the one that is being displayed right now. Sorry about the confusion, maybe we should have made a call for adoption right after the the draft uh henry, um but again uh we'll go back to to to that uh point about the the table on the on the second draft. Now moving back again to the first draft uh draft, henry medina is the one presented before by by jerome.

B

uh If there are one last call for for comments, otherwise I guess we can move to the to the mailing list. The call for adoption.

B

All right, so if there are no more comments on on draft hearing medina's we'll call for adoption on the mailing list and we'll see if we can get it adopted there uh next slide. Please.

B

So this is the second call for adoption and for draft swimming and latinas, uh and this is the one that uh we've already got two comments uh regarding the the table showing the discrepancy between behaviors and operating systems when it comes to mac, address randomization, being a co-author of this draft, I will move myself away from the mic and I will let mature coach uh run this call for adoption matthew. Do you want to open your mic? Please.

C

Yes, okay, uh so I'm gonna uh and all that from now um joey you're. The next in line.

O

Actually, I was trying to get it uh active for the previous draft. I'm sorry all.

P

O

For the delays, sorry, um I just wanted to say that I would support adoption of the henry medina's draft just after after making the changes specifically about the trust and how to set the levels of trust and yeah. That's that's what I wanted to add thanks.

K

I

So um I will echo what bob said about the tables and things like this, but I think that actually the useful thing that this document could do rather, like I think one of the early behave documents for nat- is to just give names to the different policies that we have seen over time. Not say who does them at one point in this document, but rather to say these are the policies that we've seen and that way we can talk intelligently about.

I

You know things even if we just call them type, 1 and type 2 and type seven, or something like that. At least. We could have a better conversation about. um You know if the devices and it does type one policy, then you expect this kind of thing to happen um and the table later on could tell us what versions of what os's did. What things in the past.

F

Dave yeah, so I'm actually going to say very similar things to what michael said, and I guess, as a past behaved working group chair, that's probably not surprising. um I think I have no personal opinion as to whether there is a snapshot of a table in the document or only on github right. I'd find either way with that one, but I think the main value that can be provided, as michael said, is, if you look at the table, the definition of the rows right is kind of similar to what michael was saying right.

F

You can define a set of the types of behaviors that you've seen out there, regardless of exactly which operating systems and stuff they map to or which versions of which operating systems. If you can define the taxonomy by which uh the github or whatever the table is whether it's in the document or github, if you can define the taxonomy of what behaviors are that you've seen so far, I think that in and of itself is valuable to adopt in the working group. So thanks.

C

Any of the comment questions.

C

All right, um if there is no other questions, um I suggest we continue the discussion to the mailing list and there will be a call for adoption on the mailing list.

B

Great, thank you very much uh matthew and thanks everyone for, for those comments, very valid, very good points. um As an author um now um going back to to the meeting well, this is uh we're arriving to the end of the agenda, so we're gonna ask any last question or comment. Anyone would like to make eric.

L

Yes, sorry for wearing a mask, I'm basically in my desk home and there's a technician nearby, so I apologize for the noise. It was unexpected anyway, I would love, let's say for the first meeting, seeing about 60 to 70 participants in the meeting with many interactions on the chat. It's really a proof that this working group needed to exist just to clarify. I would also like to thank teams for wba and glenn and ieee for presenting their sdo point of view.

L

It's always interesting when multiple sdo works and now removing my ed hat just participants of this working group. I would really love to get this code for adoption done and like many others, I don't care what this github or an rfc. There are many rfc that says a snapshot dated, of course, in 2021, 2002 or whatever. So, let's continue the job. Thank you.

B

Great thanks very much eric and thanks everyone for for participating and all your comments. uh So we look forward to seeing your interactions on the mailing list thanks everyone and have a good end of the day.

A

Bye-Bye thank you. Bye-Bye.

A