►
From YouTube: IETF96-IEEE802-20160717-1500
Description
IEEE802 meeting session at IETF96
2016/07/17 1500
A
B
A
A
Doesn't
matter
yeah
it
doesn't
matter.
Oh
I,
don't
care
about
that.
It's
just
I'm,
just
thinking
which
is
faster
for
the
changeover.
Okay,
all
right
and
all
right,
it's
301
I!
Guess
we
will
go
ahead
and
get
started.
So
this
is
a
tutorial
covering
two
topics
of
emerging
work
in
I,
Tripoli,
802,
so
I'll
do
the
first
part
and
then
switch
over
to
Juan
Carlos.
For
the
second
part,
we're
gonna
the
two
topics,
we're
covering
our
local
address,
use
and
privacy
and.
A
A
Providing
some
structure
to
the
local
address
space
and
providing
for
our
address
distribution,
I'm,
Pat
Thaler,
chair
of
the
data
center,
bridging
test
group,
which
also
handles
the
addressing
work
and
a
distinguished
engineer
at
broadcom.
I'm
also,
I
triple
e
802
vice
chair,
but
I
didn't
put
that
on
here,
because
it's
not
as
relevant
to
this
topic.
A
A
These
at
the
the
two
types
of
addresses,
are
both
48
bits
or
64
bits.
We
have
both
kinds
to
find
I'd
say
the
vast
majority
of
address
is
actually
in
use
today
are
from
the
universal
address
space
by
the
way.
In
some
cases,
they're
called
global
addresses,
so
I
might
slip
up
and
say.
Global
addresses
as
well,
but
but
universal
addresses
is,
is
the
more
is
the
more
usual
term
for
them.
A
They,
the
universal
addresses,
have
the
UL
bit
set
to
0
and
they're
called
an
extended,
unique
identifier.
That's
a
term
that
came
along
later
so
but
you'll
hear
eui,
48
or
eui-64,
depending
on
the
length
80
to
16,
uses
eui-64,
and
there
are
some
uses
of
eui-64
as
global
identifier
for
products
that
aren't
where
it's
not
a
mac
address
where
it's
just
a
product.
Identifier.
A
The
other
actively
802
standards
primarily
use
48-bit,
addressing
local
addresses
bits,
have
the
you
UL
bit
21,
and
up
till
now
they
haven't
had
any
of
any
other
defined
structure.
It's
just
a
flat.
A
flat
46
bit
address
space
plus
the
lope
universal
local
and
individual
group.
A
dress
fits.
A
A
That
value
is
called
a
no
you
I
and
an
organizational
unique
identifier
and
has
some
other
uses
as
well
as
address
blocks
and
and
the
other
two
sizes
are
2
to
the
20th
addresses
and
2
to
the
12th
addresses
just
just
so
that
if
somebody
only
needs
a
smaller
amount
of
addresses,
the
we
don't
consume
all
the
address,
the
full
block
of
address
space
to
give
them
some
addresses.
So
the
the
let's
say,
the
I
Triple
E
assigned
bits
include
the
universal
local
bit
and
the
individual
group
bit.
A
Now
we
are
starting
to
put
network
ports
on
things
on
central
sensors
and
actuators.
We've
got
LED
lights
that
are
getting
power
and
control
over
the
ethernet
cable.
They
use
power
over
ethernet,
which
can
provide
enough
power
to
to
run
an
LED
light
and
and
some
sensors
and
things
as
well
as
the
network,
and
some
of
these
things
are
even
disposable
or
short-lived
devices.
So
there's
some
medical
sensors,
for
instance,
and
some
things
are
virtual.
You
know
there's
a
lot
of
virtual
machines
that
want
mac
addresses.
So
when
we
start
using
mac
addresses.
A
At
that
rate,
we
can't
do
a
global
MAC
address
for
every
one
of
those
things
a
it
would
run
through
the
address
space
too
quickly
and
be
it's
it's
a
manufacturing
headache
to
have
to
give
each
one
a
unique,
a
unique
address
and
make
sure
mistakes
aren't
made
in.
So
how
do
we
enable
using
local
addresses
without
having
users
or
administrators
have
to
configure
an
address
in
each
device
when
they
get
it
and
the
solution
seems
to
be
to
locate
to
enable
local
addresses
that
can
be
used
without
configuring
them?
A
So,
in
order
to
do
that,
we
want
to
have
some
structure
to
the
at
the
local
address
space
right
now.
It's
a
big
flat
space
and
basically
the
only
usage
of
it
right
now
as
a
local
administrator,
assigns
out
addresses
from
it
as
they
wish.
A
Okay,
so
the
first
project
I'm
going
to
talk
about
is
I
Triple,
E
80,
to
see
on
local
address
usage
and
the
purpose
of
a
0
to
see
is
it
I,
Tripoli
802
is
the
standard
that
kind
of
gives
the
overall
architecture
for
the
itrip
Leo
do
family
of
standards,
and
so
that's
the
document
this
is
going
into.
A
A
Four
decades
now
we
don't
feel
we
can
say
here's
the
way
that
everybody
needs
to
use
the
local
address
space
and
we're
going
to
obsolete
all
the
previous
usage
of
it,
and
there
are
other
usages
of
it
going
around,
even
though
it's
not
heavily
used
right
now.
So
so
this
will
go
in
as
an
optional
structure
to
use
in
a
network
for
the
local
address
space
in
that
Network
and
part
of
the
objective
is
to
allow
for
coexistence
of
various
address
assignment
protocols.
A
So
so
some
people
are
likely
to
you
might
use
a
generic
kind
of
address
assignment
protocol,
but
there's
also
cases
where
people
want
want
to
do
a
specific
address
assignment
protocol
for
their
related
to
something
else.
They're
doing
so,
we
want
to
allow
for
there
to
be
multiple
local
address
assignment
protocols,
so
this
is
called
us
I'm,
not
crazy,
about
this
acronym,
and
this
this
might
get
changed
if
somebody
can
come
up
with
a
better
acronym,
but
it's
called
the
structured
local
address
plan
and
it's
currently
at
first
working
group
ballots.
A
One
is
for
a
standards
assigned
identifier,
so
that's
a
space
for
in
which
will
write,
I,
Triple,
E
80,
to
address
assignment
protocols
to
run
in
and
and
then
there's
an
extended
local
identifier,
which
is
a
space
for
protocols
that
assign
address,
is
out
of
a
company
ID
block
a
company.
Id
block
is
something
that
any
entity
can
get
get
a
block
from
the
I
Triple
E
for
their
use,
and
so
it's
it's
a
it's.
A
So
if
somebody
wants
random
address
assignment
too
aware
device,
just
randomly
picks
it
an
address
and
goes
and
uses
it
if
they
want
that
to
coexist
with
some
address
assignment
protocols
that
that
has
that
quadrant
and
then
there's
one
quadrant,
that's
reserved.
A
D
A
So
that
that
would
be,
that
would
be.
A
A
So
so
there's
two
mechanisms
for
forgetting
addresses
that
will
cooperate.
So
you
might
a
node
might
try
to
claim
an
address
and
and
get
told
hey,
I'm
a
server
on
this
network.
Would
you
like
me
to
provide
you
as
an
address
instead,
and
so
the
idea
is
to
keep
those
working
together
and
right
now
we
are
soliciting
protocol
proposals.
I
I
wanted
to
say
this.
This
also.
A
Applies
to
multicast
addresses.
There
are
cases
where
multicast
addresses
are
used
for
for
a
flow
ID
for
for
a
time
sensitive
networking
flow.
For
instance,
we've
got
I
Tripoli
1722
that
specifies
a
audio
and
video
flows
and
uses
multicast
addresses
and
they've
got
a
fairly
lightweight
version
of
a
a
an
address
society,
distribution
protocol
in
that
and
then
so
they're
interested
in
using
this.
So
we
added
multicast,
group
or
group
addresses
in
addition
to
individual
addresses.
So
that's
basically
the
outline
of
it.
It's
pretty
early
days.
A
We
need
to
enable
the
use
of
local
mac
addresses
and
we're
working
on
making
that
easier
for
people
to
do,
and
so
we
don't
want
people
to
assume
that
every
individual
MAC
addresses
in
a
UI
or
that
every
device
has
any
UI
and
then
I
think
I'll
hand
it
over
to
Juan,
Carlos
and
he'll.
Give
his
presentation
then
we'll
take
questions
afterwards.
Oh
actually
I'm
going
to
present
I'm
going
to
run
that
from
my
computer
just
one
second,
here:
okay,.
C
C
E
Thank
you.
It's
intricate,
so
hi
everyone,
Juan
Carlos
zuniga,
I'm
going
to
present
the
second
part
of
the
tutorial
on
emerging
technologies
in
802,
and
my
presentation
is
around
the
privacy
recommendation
project
that
we
started
in
802
actual
in
coordination
with
that
with
IETF.
So
I
am
here,
the
culture
of
the
internet,
their
group,
but
I
was
also
chairing
the
privacy
group
in
802
I'm,
also
working
with
the
internet
initiative
of
I
Triple
E
as
an
advisory
member
and
my
affiliation
is
with
sig
Fox
as
a
senior
standardization
expert.
E
No
thanks
so
I
like
starting
with
this
quote
from
from
all
of
Hawkman
who's
in
the
city
of
I
sock,
because
it's
interesting
to
to
first
take
people
out
of
the
technical
context.
When
we
talk
about
privacy,
he
was
asked
the
question
once
he
was
I,
think
visiting
a
lab
in
in
Africa
when
one
of
the
experts
asked
mr.
Cole
panda.
Do
you
think
we
can
opt
out
of
the
internet
of
things
in
the
future?
E
If
I
don't
want
my
data
to
be
available,
and
he
says
he
was
probably
not
the
truth
is
we
are
connecting
more
and
more
things.
People
devices
and
information
is
flowing
all
over,
so
we
have
to
do
this
in
a
very
contient
manner
if
we,
if
we
don't,
want
to
run
into
trouble
in
the
future.
So
the
idea
behind
this
project
is
specifically
to
to
make
people
aware
people
that
are
designing,
that
the
protocols
of
the
the
potential
issues
that
come
can
come
up
in
the
future
when
information
is
no
longer
under
control.
E
So
well,
that
has
already
started
talking
about
data
too,
but
just
a
quick
reminder
for
for
those
of
you
that
are
not
familiar.
802
is
the
group
that
is
working
on
the
lower
layers,
so
you
may
be
familiar
with
Wi-Fi
ethernet
zigbee
blue
too,
with
all
those
brandings
came
out
of
I
travaglio
two
projects
and
they
are
usually
assigning
the
number
so
11,
3,
15,
and
so
on.
E
These
groups
normally
define
layer,
2
layer,
1
technologies.
We
work
together
with
IETF
to
define
the
rest
of
the
stack
and
then
also
with
w3c,
to
define
the
application
and
upper
part
of
the
of
the
stack.
These
three
organizations
work
together
not
only
to
define
these
protocols,
but
also
in
the
in
the
privacy
side.
We
are
coordinating
efforts
so,
where
everything
started
out,
you'd
say
well,
privacy.
E
Then
we
had
a
workshop
between
the
three
organization
on
strengthening
the
internet
and
we
discuss
the
different
things
that
we
could
do
in
each
one
of
the
organizations
we
created
well.
There
was
already
an
executive
coordination
group
and
between
I
Triple
E
and
I
ETF,
and
we
we
have
a
topic
coordinating
privacy
issues
and
this
is
from
2014,
and
we
also
gave
a
tutorial
to
the
I
Triple
later
to
community
on
pervasive
monitoring
out
of
that
tutorial.
Basically,
we
created
a
group
privacy
in
I,
Tripoli
802,
coming
back
to
what
exactly
we
mean
by
privacy.
E
We
have
to
understand
that
this
is
basically
more
philosophical
if
you
will,
but
we
have
to
focus
on
the
individual,
so
by
privacy
we
don't
mean
we
are
going
to
defend
organizations,
we're
not
going
to
defend
infrastructure,
we're
not
going
to
defend
a
device.
We
are
going
to
defend
the
not
only
the
user
of
the
device,
but
individuals
that
can
be
surrounded
by
devices
that
may
or
may
not
belong
to
them,
so
that
that
is
something
that
we
have
to
keep
in
mind.
It's
it's
all
about
the
individual.
E
Then
our
discussion
can
very
quickly
turn
into
a
legal,
political
or
philosophical
discussion.
We
have
to
keep
technical,
so
we
define
protocols
in
these
organizations.
We
define
Internet
protocols,
so
we
have
to
understand
what
exactly
are
the
issues
that
we
have
to
attack,
and
this
is
first
of
all,
identifying
the
privacy
threats
and
then
meaty
gaining
those
threads
one
by
one
and
then
basically
that
way
we
don't
get
into.
E
What
is
the
reason
of
the
threat
where
it
was
a
threat
originated
if
it's
legal,
if
it's
not
legal,
we
know
that
in
some
legal
frameworks
or
actually
in
some
countries
for
instance,
what
is
legal
in
another
country
is
completely
legal.
However,
the
same
device
will
probably
be
shipped
to
both
countries
or
will
trouble
with
the
same
individual
to
both
countries.
So
we
don't
want
to
get
into
those
discussions
about
legality
or
political
reasons
for
doing
or
not.
We
just
want
to
concentrate
on
defending
the
threats,
regardless
of
the
intention
of
the
attack
by
threats.
E
If
it's
in
the
City
of
London
most
likely
what
kind
of
income
he
would
have,
what
kind
of
age
range
so
the
moment
you
know
age
income
where
you
work-
and
you
know
where
you
live,
it's
pretty
easy
to
find
out
who
you
are
talking
about,
even
though
they
claim
that
they
didn't
have
a
specific
name
attached
to
each
individual
or
each
profile,
so
that
project
actually
got
stopped.
But
that
shows
you
how
easy
it
is
to
basically
build
a
system
and
start
tracking
people.
E
E
So
the
way
we
do
that
is
by
identifying
what
are
the
PII
is
in
the
Internet
of
Things
in
this
case,
and
pis
are
well
known,
that's
personally
identifiable
information
and
are
well
known
when
we
talk
about
credit
cards,
medical
records,
IDs
passports
and
so
on.
But
when
we
start
talking
about
the
Internet
of
Things
and
all
the
new
technologies,
it's
an
interesting
question
with
a
light
bulb,
create
a
piii
with
a
microwave
oven,
a
trash
bin.
E
Well,
if
it's
in
the
middle
of
a
street,
probably
not,
but
if
it's
a
light
bulb
in
the
household
in
a
small
room
where
you
know
next
to
a
baby
and
the
baby
the
moment
the
baby
is
going
to
sleep
that
always
the
light
turns
from
on
to
off,
always
at
the
same
time
we're
revealing
information.
If
that
type
of
information
is
traveling
on
the
internet,
we
have
to
be
aware
that
it
may
be
misused
and
again
it's
not
necessarily
to
the
owner
of
the
device,
but
the
way
the
device
is
used.
E
E
E
So
basically
we
want
to
predict
or
as
much
as
possible,
try
to
attack
or
defend
a
threat
before
it
takes
place,
or
it
is
too
late.
We
want
to
have
the
privacy
as
a
default
setting,
so
we
don't
want
users
to
become
experts
in
configuring,
their
devices.
We
want
the
devices
to
be
privacy
enabled
we
also
want
to
have
it
embedded
in
the
design.
We
don't
want
to
be
an
add-on
that
you
may
have
to
purchase
to
be
privacy
enabled
we
want
to
have
a
positive
sum.
E
So
so
we
want
to
understand
what
all
the
lifecycle
protection
of
this
information
we
want
to
be
transparent,
so
make
sure
that
all
individuals
understand
that
this
is
happening
or
this
could
happen
and
if
ever
they
want
to
disclose
their
information,
because
that
could
be
the
casing.
I,
don't
know
medical
tracking
systems
and
so
on.
The
user
may
want
to
decide
to
be
tracked.
We
want
to
make
sure
that
it's
transparent
and
the
user
is
aware
and
again
keep
it
user
centric.
E
E
So
if
you
don't
need
it,
you
should
not
necessarily
have
it
or
produce
it
so
avoid
as
much
as
possible
the
collection,
the
disclosure
sensitivity
and
retention
of
pis
make
sure
again
that
privacy
is
the
default
in
our
protocol
is
not
something
that
it's
an
option
that
we
have
to
turn
on,
and
we
want
to
make
sure
that
the
user
is
allowed
to
opt
out
or
in
this
case
could
be
opt-in.
You
know
if
we
come
back
to
the
question
before
us
is
the
user,
though,
so
you
should
want
to
be
tracked.
E
I'm
going
to
speak
quickly
about
a
privacy
experiment
with
it
in
the
I
Triple
E
and
I
I
Triple
A,
two
and
I
ETF
networks.
When
we
created
a
set
up
to
two
to
test
the
feasibility
of
randomizing
MAC
addresses
and
that
actually
became
that
the
permanent
set
up
for
both
networks.
So
so
it
is
enabled
now
so
people
can
can
use
freely
MAC
addresses
without
disrupting
the
network
and
in
both
meetings.
E
So,
first
of
all,
as
I've
already
described,
a
Wi-Fi
02
11
devices
exposure
layer
to
address
which
we
think
it's
a
piii.
Well,
it's
actually
a
piii,
because
it's
globally
unique
and
it
it
can
be
used
to
identify
users
in
the
way
it
happens.
For
those
of
you
that
are
not
familiar
is
because,
for
instance,
the
phone
to
connect
more
quickly.
E
They
scan
actively
for
network,
so
they
they
continuously
broadcast
if
the
network
is
available
and
by
doing
so
they
disclosure
and
their
and
their
identity,
as
well
as
a
previous
network
that
they
have
connected
to
some
protocols
in
IETF.
Make
use
of
this
information
like
ipv6,
address,
autoconfig
to
to
create
a
layer
3
address.
So
that
is
again
propagating
even
beyond
the
the
identifier,
the
unique
identifier.
E
We
know
that
your
organization's
use
this
address
for
or
misuse.
Actually
this
address,
and
at
the
moment
we
we
thought
that
not
all
the
solutions
of
the
problems
now,
fortunately,
we
see
more
and
more
operating
systems
and
devices
that
do
support
the
mac
address
randomization,
so
I'm
just
going
to
quickly
go
through
this,
because
you
already
heard
from
Pat
what
what
a
MAC
addresses
or
how
they
are
generated
and
how
they
are
administered
by
my
I
Triple
E.
E
This
is
the
structure
so,
but
already
talked
about
this
there's
a
first
part
that
is
assigned
to
organ
organization
and
then
the
second
part
is
the
organization
who
uniquely
assigns
it
to
to
a
device.
So
what
we
did
is
we
have
a
paper
describing
the
experiment,
but
we
created
this
small
software
to
to
run
on
linux,
windows,
android
and
iOS
to
allow
the
randomization
of
mac
addresses
and
we
experiment
how
it
would
work
and
in
general
there
were
simple
rules
like
you.
Don't
want
to
change
your
address
in
the
middle
of
a
connection.
E
You
want
to
keep
your
address
during
the
lifetime
of
the
connection
not
to
disrupt
the
other
protocols,
but
whenever
you
disconnected
from
the
network,
you
would
randomized
again
in
same
thing.
When
you
were
scanning
for
networks
and
not
necessarily
in
the
connected
state,
we
were
able
to
randomize
address
every
every
two
minutes,
I
think
so
we
carried
out
the
experiment
that
IDF
91.
First,
we
created
a
separate
network
to
make
sure
that
we
didn't
disrupt
the
our
own
network.
E
We
saw
that
it
was
quite
easy
to
to
support
just
by
tweaking
the
D
H
cps
ignition
and
not
running
out
of
addresses,
making
sure
that
we
are
assigned
a
shorter
lease.
The
HCP
list
to
two
mattresses
that
have
the
local
bit
set.
So
basically
local
addresses,
in
this
case
random
addresses,
and
then
we
were
able
to
use
the
same
DHCP
infrastructure
for
for
both
and
that's
what
we
started
doing
us
of
ITF
92
and
in
the
plenary
I
triple
802,
which
actually
happen
here
in
Berlin.
E
So,
interestingly,
we
saw
that,
even
though
we
were
randomizing,
the
MAC
addresses
there
were
some
IP
addresses
that
were
still
being
assigned
to
this.
To
the
same
device,
despite
the
fact
that
we
were
randomizing
the
mac
address
after
further
investigation,
we
realized
that
the
the
DHCP
binding
was
not
only
taking
place
based
on
the
mac
address,
but
also
on
other
identifiers
like
host,
ID,
client,
ID
and
so
on.
E
So
that
rang
the
bell-
and
we
are
doing
some
work
now
for
those
of
you
that
will
attend
a
sag
meeting
or
order
the
all
the
security
meetings
and
even
in
the
in
the
six-man
we
we
are
trying
to
to
get
rid
of
all
these
long-lived
identifiers
sing
our
protocols
because
they
can
be
used
to
bind
still
the
information
of
the
user
and
track
the
user.
Despite
the
fact
that
we
are
randomizing,
MAC
addresses
or
IP
addresses,
so
lesson
learned.
We
we
cannot
work
in
isolation.
E
We
have
to
make
sure
that
privacy
is
fixed
in
all
the
different
protocols
and
all
the
different
parts
of
the
stack,
and
that
was
basically
our
conclusion,
as
I
mentioned
in
this
case.
Well,
the
the
week
is
big
into
the
beginning.
So
if
you
hear
you
know
about
identifier,
societies
identify
using
the
DHC
group
in
the
sag,
we're
talking
about
the
mac
addressing
and
another
ways
to
get
rid
rid
of.
This
identifier
is
definitely
a
up
of
all
these
discussions
and
experiments
that
we
have
carried
out
and
the
future
work.
E
Well
again,
the
IAB
is
doing
some
some
statements
on
and
on
the
best
use
of
the
product.
We
have
specific
work
taking
place
in
different
groups
in
the
United
later
to
we
created
this
I
802
II
work
that
is
defining
the
privacy
threat
model
and
the
and
the
recommendations
for
I
took
later
to
users,
and
that
is
in
coordination
also
with
the
work
that
Pat
just
presented
data
to
see
which
will
take
care
of
defining
a
space.
As
the
question
was
asked
before
a
space
where
we
can
randomize
MAC
addresses.
E
Thank
you
very
much
so
I
guess
we
still
have
a
few
minutes
right
for
Q&A
and
there
we
were
asked
to
to
put
that
link
to
a
survey
monkey
for
you
guys
attending
this
tutorial.
If
you
think
this
is
all
of
us
or
not
that's
helpful
for
the
IETF
organizers,
they
want
to
understand
if
they,
if
it's
good,
to
keep
giving
these
tutorials
about
topics
that
are
not
related
to
ETF
or
if
there's
ways
to
improve
them,
get.
F
You
for
the
presentation,
both
of
you,
my
name-
is
banners
from
Greece
and
policy.
Fellow
it's.
My
first
meeting
here
and
I
would
like
to
ask
you
a
question
regarding
the
privacy
that
you
said
before,
and
here
you
are
producing
the
standards,
so
these
tendencies
are
going
to
be
used
in
all
over
the
world,
but
the
regulations
about
privacy
and
how
to
use
the
data
for
the
privacy
and
not
the
same
all
over
the
world.
Every
friend
in
Europe,
in
America,
in
AZ,
on
Dance
Crew,
so
are
either
a.
F
Security
measures
from
your
side,
so
these
standards
that
you
produce
here
about
privacy
to
be
a
would
say
adopted
according
to
the
regulations,
the
policy
regulation
that
its
country
have
a
blur,
because
it's
country,
as
I
said,
has
different
legal
environment.
That
is
my
question.
Thank
you
very
much.
Thank.
E
You
so
the
short
answer
is
no,
because
it's
very
difficult
and,
as
you
say,
there
are
very
different
legal
frameworks
in
the
world
and
often
they
are
even
contradictory.
So,
and
you
know
that
the
reasons
for
you
know,
one
country
tracking
users
may
be
completely
different
to
the
reason
for
another
country,
tracking
users
right
and
this
same
standard
has
to
be
used
in
engaging
in
Moscow
in
Washington
and
in
Ottawa
Mexico
City
right.
E
So
we
know
that,
unfortunately,
that
their
reasons
for
tracking
users
and
then
know
those
places
are
very
different
and
it
easiest
is
to
not
basically
take
any
any
party.
Just
say:
okay,
well
we're
going
to
make
sure
that
this
technology
cannot
be
misused
in
the
future.
And
then
we
don't.
We
don't
want
to
get
into
the
argument
of
whether
this
is
going
to
be
used
by
a
government,
an
organization
by
a
criminal
organization
by
a
commercial
organization
using
privacy.
Unfriendly.
E
You
know
ways,
so
we
want
to
avoid
all
those
legal
political
discussions
and
we
just
want
to
make
it
technical.
So
so,
when
you
talk
about
regulations,
you
know
complaint
or
regulation
that
that
is
different
because
it
could
be.
You
know
the
in
that
that
is
when
you
design
the
system.
Sometimes
you
have
like
legal
intercept
type
of
things.
You
know
that
are
well
known
when
you
define,
for
instance,
cellular
system,
you
maybe
have
to
provide
a
hook
to
the
to
the
enforcement
agencies
to
to
to
to
track
a
call,
for
instance.
E
Well,
that's
part
of
the
whole
system,
but
at
least
we
don't
leave
a
hole
in
which,
without
necessarily
wanting
to
a
user,
can
be
tracked
by
an
external
system
right.
So
once
you
put
the
system
together,
you
may
run
into
a
regulatory
issues,
but
I
don't
think
that
at
the
protocol
level,
this
is
something
that
we
are
going
to
face
or.
E
Yeah
so
again
the
protocol,
what
we
want
to
avoid
this
is
wasted
to
track
people
without
necessarily
the
intention
to
do
it.
If
you
want
to
enable
the
system
to
have
a
legal
intercept
feature
well,
then
you
define
it
and
then
you
make
sure
that
it's
worked
in
a
way
that
it's
correctly
used
and
for
the
purpose
that
it
was
assigned
for
in
a
closed
system.
G
Quility,
if
you're
building
a
a
client
operating
system,
you
have
to
weigh
privacy
against
maybe
other
parts
of
the
organization
or
the
team
or
whatever,
who
are
trying
to
optimize
connection
time
by
reusing
previously
used
a
tent
fires,
doing
things
like
DNA
and
you're
also
trying
to
perhaps
meet
some
entrance
requirements.
That
say
you
must
always
be
trackable
on
my
network.
Is
there
some
sort
of
place
where
we're
discussing
those
sorts
of
trade-offs,
because
at
the
end
of
the
day
exist,
doesn't
make
it
into
implementations
by
default?
G
It's
actually
not
gonna
go
anywhere,
and
personally
I
would
like
to
see
this.
For
example,
I
would
like
to
see
the
eight
the
mobile
operating
systems
to
mac
address
randomization
by
default
all
time,
but
there
are
system
level
challenges
that
you
you
dodged
right
now
when
you
said
you
know,
when
you
build
the
system,
you
have
to
deal
with
some
of
these
problems,
but
do
we
have
a
place
where
we're
discussing
these
problems
like?
G
E
So
well,
there's
I
carry
two
questions
so
to
first
the
you
are
talking
about
the
way.
The
way
we
can
make
this
happen
in
real
commercial
systems,
for
instance,
and
then
that
we
did
discuss
solutions
where
we
can
make
profiles.
For
instance,
we
understand
that
today's
network,
for
instance,
when
you
connect
it
to
the
hotel,
you
might
want
to
keep
the
same
mac
address
when
you
connect
to
the
hotel,
because
otherwise,
if
you
pay
for
the
you
know
the
Wi-Fi
through
the
week,
they
usually
recognize
you
through
the
mac
address.
E
So
you
don't
want
to
change
that
MAC
address
as
long
as
you
tell
the
user.
Well
do
you
want
to
keep
the
mac
address
for
this
network?
Then
it's
pretty
easy
to
make
a
profile
and
then
keep
coming
back
to
the
same
mac
address,
and
this
is
specific
use
case
and
and
that
can
be
used
also
for
connecting
to
an
enterprise
network
where
you
are
also
authenticated
through
through
the
sort
of
mac
address
and
so
on.
E
It's
not
in
the
real
of
us
to
define
that
profiling,
but
that
discussion
did
take
place
in
at
one
point
in
time
and
even
in
in
in
the
I
think
in
our
experimentation
we
were
talking
about.
You
know,
ability
to
make
profiles
so
I.
Don't
think
that
there's
a
there's,
a
forum
where
we
we
can
talk
about
it
result.
E
Would
there
was
a
presentation
and
I
think
that
there
then
result
well?
Christian
has
a
couple
of
documents,
one
of
them.
One
of
them,
is
a
th,
see
a
host
ID,
but
that's
more
specifically
just
talking
about
this,
this
this
one
nation,
probably
in
the
introduction
he
does
mention.
You
know
the
overall
problematic.
But
if
I
remember
well
in
interior,
it
was
only
slides
that
he
percent.
B
Yes,
I
met
Barrow
set.
My
question
is
whether
it
may
be
too
soon,
but
if
there's
a
way
that
you
can
generalize
what
you've
discovered
about
trying
to
bring
the
possibility
for
privacy
into
protocols
that
we're
working
on
here
or
any
any
things
that
you've
observed
that
if
you
were
going
to
say
if
we
started
originally
with
this
in
mind,
we
might
have
done
it
this
way.
E
So
so
I
think
that
if
again,
if
I
understand
your
concern
or
your
question,
it
it'll
be
around
the
privacy
by
the
sign
that
we
did
not
have
those
principles
in
mind,
and
we
thought
that
of
a
closed
system
that
did
not
have
any
risks
and
all
of
a
sudden,
though,
became
risks
so
we're
trying
to
patch
the
system
now.
But
ideally
we
don't
want
to
create
more
risks
in
the
future.
Yeah.
H
B
E
That
that
long-lasting
identifier
says
is
as
quickly
said,
but
actually
more
and
more,
we
discover
that
they
exist
in
more
and
more
protocols.
So
that
is
the
current
discussion
that
we
have
people
realizing
that
now
in
layer
screen,
but
oh
by
the
way
in
layer
4
as
well.
Actually
we
would
use
it
now
in
layer,
4
and
then
be
on
application,
and
so
on,
so
that
that
is
one.
But
you
know
probably
in
the
future.
We
will
find
out
that
there's
more
than
IDs
that
we
have
to
work
on.
B
H
Work
from
gist
of
what
I
got
is
that
you're
protecting
from
the
external
threat,
how's
the
pasta
in
general,
the
thing
and
I
still
believe
that
there's
a
need
to
for
some
sort
of
auditing
and
troubleshooting
engineering,
troubleshooting
vision,
particular
device.
What
you
say
not
working
properly
with
the
sort
of
techniques
they've
been
discussing,
that's
gonna
become
more
and
more
complicated.
So
what
provisions
are
you
thinking
to
maintain
some
sort
of
auditing
capability,
for
whatever
of
engineering
or
even,
for
example,
were
pricing
costs
cafe?
Thank
you.
E
What
does
this
question
is
usually
don't
take
place
here,
of
course,
I've
lying.
We
can
discuss
all
of
them,
but,
but
you
know,
the
commercial
implications
are
only
considering
to
the
point
that
if
we
talk
about
encryption,
for
instance,
you
may
need
to
have
a
more
more
processing
power
in
your
system
and
then
that
could
affect
the
cost
and
so
on.
So
we
may
want
to
consider
that
when,
when
choosing
different
type
of
of
encryption-
and
when
we
talk
about
specifics
like
that,
but
I
beyond
that,
I,
don't
think
that
this
is.
E
I
I
Always
thought
but
anyways
the
the
question
I'm
raising
is
out
of
curiosity
that
I
just
drive
from
what
you've
been
discussing
when
you
spoke
about
privacy
by
design
and
as
a
user,
how
would
a
person
make
sure
that
their
privacy
is
protected
when
they
take
the
privacy
box?
Basically,
and
with
the
reason
why
I'm
asking
this
question
is
because
with
the
buzz
Pokemon
go
game
is
going
around,
I
was
one
of
the
the
people
who
fenced
oh
downloaded
the
application.
I
The
first
day
the
the
game
was
launched,
but
I
was
too
scared
to
use
it.
After
the
the
controversial
discussions
have
been
coming
out
about
how
data
is
going
to
be
used
or
may
be
used
in
terms
of
tracking,
so
guidelines
in
such
a
way
might
be
helpful
if
possible,.
E
So
we
want
to
avoid
the
fact
that
you
know
users
become
experts
and
they
have
to
search
all
over
the
place
and
tick
tick,
tick,
tick,
tick
to
to
make
sure
it
works.
You
raise
a
good
point
that
you
know
what:
how
can
we
protect
the
future
applications
popping
up
and
then
disrupting
the
whole
the
whole
privacy
protection
system?
And
would
we
think
that
a
certain
point
we
would
like
to
have
a
correlation
so
that,
if
the
user,
who
has
a
profile
that
says
I,
don't
want
to
privacy
to
be
enabled
and
he's
reminded
okay?
E
Well,
if
you
download
this
application,
be
aware
that
you
are
against
your
own
decisions
in
the
past,
that
that
could
be
a
solution,
but
but
again
that's
pretty
much
an
application
layer.
W3C
has
something
to
working
on
that
with
it
with
the
web
browsers,
for
instance,
the
privacy
that
the
privacy
mode
or
the
this.
This
other
checks
that
you
do
on
the
browser
where
the
browser
tells
the
website
that
came
out
of
those
discussions,
but
still
not
enough.
Unfortunately,
yeah.
A
I
I
Tripoli
802
is
dealing
with
the
layer
to
protocol,
and
so
our
objective
is
to
avoid
the
your
device
leaking
data
kind
of
to
the
world
as
you
carry
it
around
at
layer
2,
which
is
a
totally
different
question
than
whether
an
application
that's
using
GPS
and
that
you're
logged
into
as
a
user
of
that
application.
A
G
To
say
that
the
problem
is
a
bit
above
layer
to
because
but
ends
and
therefore
cannot
be
sold
at
layer,
2
and
the
reason
I
say
that
is
that
I
think.
If
we
have
strong,
if
we
have
strong
security
and
privacy
at
the
lower
layers,
it
becomes
much
easier
to
build
a
lot
of
the
higher
layers.
To
rely
on
that,
because,
like
one
discussion
that
we're
having
right
now
in
the
6-pound
working
group
is
like,
we
can't
trust
mac
address
randomization
to
be
in
place.
G
So
we
must
randomized
our
own
identifiers
and
if
you
look
at
it
from
a
holistic
point
of
view
like
if
you're
building
an
operating
system,
you
say,
look,
that's
a
stupid
thing
to
do,
because
I
have
to
randomize
it
to
different
layers,
because
I
want
to
protect
against
the
lower
lay
against
layer
to
threats
because
they're
very
dangerous,
and
I
also
want
to
protect
against
the
layer.
3
sets.
G
So
now
I
have
to
implement
randomization
to
places
where,
as
if
I
can
rely
on
their
to
randomization
its
way
stronger
than
doing
it
on
their
three
right.
There's
that
there's
a
good
reason
why
we
don't
implement
check
sums
in
HTTP,
because
it's
done
by
the
you
know,
and
so
it
would
be
nice
if
we
could
rely
on
this
stuff
beings
robust
at
layer,
2,
I,.
A
Agree
and
and
I
wasn't
saying
that
we
shouldn't,
but
given
that
you
have
your
your
own
device
knows
your
GPS
location.
A
J
And
oh
good
afternoon,
my
name
is
Gregory
I'm.
Also
public
policy,
fitter
and
we've
been
talking
a
lot
about
privacy,
and
there
is
also
a
similar
concept,
which
is
also
equally
very
important
for
society,
and
this
is
anonymity
and
I
was
wondering
whether
ye
are
do.
You
have
a
registrant
on
trying
to
protect
anonymity
as
well.
Or
is
it
something
that
you
don't
give
way
that
oh
I.
E
Think
well,
I
think
we
can't
be
included
in
parts
part
of
the
privacy.
So
definitely
if
we
want
to
keep
users
anonymous,
then
that's
a
way
of
providing
privacy
there's
different
ways
to
do
it.
We,
but
we
don't
I,
don't
think
we
necessarily
talk
about
the
fact
that
anonymity
because,
as
we
said,
sometimes
we
want
to
turn
it
on
or
off
or
tracking
or
not.
So
we
want
to
be
a
little
more
specific
about
that,
but
you
know
I
think
privacy,
identifiable
information,
yan
globes.