jlivingood / ietf109bof Goto Github PK

For draft-lee do we need xrefs over to the 802.11 Randomized and changing MAC address Study Group? See https://www.ieee802.org/11/Reports/rcmtig_update.htm

Some resources that may be helpful where I said refs needed or otherwise:

https://standards.ieee.org/products-services/regauth/mac.html
https://papers.mathyvanhoef.com/asiaccs2016.pdf
https://www.cablelabs.com/mac-address-randomization-how-user-privacy-impacts-wi-fi-and-internet-service-providers
https://source.android.com/devices/tech/connect/wifi-mac-randomization
https://blog.elevensoftware.com/how-mac-address-randomization-can-affect-the-wifi-experience
https://appleinsider.com/articles/20/09/17/ios-14-mac-randomization-privacy-feature-may-cause-cisco-enterprise-network-issues

Some minor feedback. Feel free to ignore - none is critical.

• s/MAC-Address/MAC Address
• Add informative references to the IEEE standard http://www.ieee802.org/
• Note that MAC address is a unique link layer address and local to the physical network to which a device is connected.
• MAC addresses are only necessary and visible on a LAN, and are not visible on the Internet unless forwarded inside of another communication flow upstream, such as may be the case with management protocols such as TR-069 (ref https://www.broadband-forum.org/technical/download/TR-069_Amendment-5.pdf).
• Each device has 1 or more MAC Addresses. For example, a given IoT device may only have a single WiFi network interface and therefore a single MAC address. In contrast, a laptop may have three network interfaces that encompasses two wired Ethernet ports and a WiFi interface, and therefore will have three MAC addresses.
• The device manufacturer typically assigns the MAC Address to an interface. Unless the user or operating system modifies the MAC address, which is sometimes the case, the MAC address follows a defined format & uses 2 parts. Those are Manufacturer ID and Interface ID. In a typical MAC address, the first 3 bytes correspond to the organization that created the device, called the Organizationally Unique Identifier (OUI). This OUI portion uniquely identifies a manufacturer, vendor, or other organization, and is assigned by the IEEE from their IEEE Registration Authority. The second 3 bytes of the MAC address, the Network Interface Controller (NIC) portion, is an identifier assigned by the manufacturer (or whatever organization was assigned the OUI).
• Because of how MAC addresses are constructed, a MAC address may contain information from which an actor/service on a local network can infer the type and/or manufacturer of the device, which is useful for a variety of operational and troubleshooting reasons. For example, a MAC address can be used to determine to which device on a LAN to permit or deny access at a particular time of day (e.g. child's tablet may not access Internet after 22:00 hrs until 06:00 hrs). Such services often rely on a database or other method to map MAC Addresess to a likely device make and model, such as using a commercial service from Fingerbank, https://fingerbank.org/about/, after which the user would then label the device (e.g. Jane’s iPhone).
• Start Sec 2 (prob stmt) with a clear statement of fact such as "MAC Address randomization can be pro-privacy for end users but can also break or significantly impair security, trust, personalization, prioritization, access authorization or other services on which users depend."
• Add refs to OS docs on randomization, such as https://source.android.com/devices/tech/connect/wifi-mac-randomization
• Note that MAC Addr randomization does not prevent tracking and that research continues to describe ways that tracking is still possible. This calls into question the validity of randomization. At least one citation here is https://petsymposium.org/2017/papers/issue4/paper82-2017-4-source.pdf
• Random other source to read FWIW - https://blog.elevensoftware.com/how-to-address-mac-randomization-today-the-future-of-seamless-wifi-access

This came up in the discussion. Is bullet a knows issue due to MACr? 'Static NAPT policies - (PRESENTER TBD)'