| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
Hi Amelia, Dan, Let's see the logic of the sentence "
any procedure that affords comparable security and privacy," the security and privacy are a high level term, then we must find some elaborated criteria to quantify whether other procedure can provide the comparable “security and privacy”. Amelia provides
the several details criteria based on 802E-2020. During the analysis, we find at least the first bullet has nothing to do with Annex Z.
If the so called criteria is nothing with Annex Z, why you thought that items can quantify and determine other procedure?
For me, a story like this “Dan is the top security expert in the world, you need find a comparable candidate member in security area”, the question is here how to determine the candidate member? The so called criteria are “1. Two eyes, 2. One mouth, 3. Two ears…”. And then you explain Dan has two eyes, one mouth and two ears indeed, so Dan meet the criteria of security expert.
I’m not sure only my logic is mess up, or any member can help me understand the logic first.
Thanks Best Regards Jay Yang -----Original Message----- On 2023-04-13 16:12, Zhijie Yang (NSB) wrote: > Hi Amelia, > > Thanks for the clarification. > > Temporary identifiers should be used or at least permitted, especially for the use of short-lived services such as network probes -> Annex Z established a (semi)-temporary identifier that is generated by an AP and transmitted to a
non-AP. > --><Jay> If I understand correctly, the first rule is about how the STA use the temporary identifier, nothing with how to generate the temporary identifier... > Of cause it's nothing with Annex Z. > > Let's continue to debate from the first rule, and then next till to the end. And see how long we can make all the rule clear enough.. > Do you think it will be helpful to you to have such a debate? 802E-2020 is a recommendation and is meant to inspire thought and reflection when making design choices in standards protocol development. Best regards, Amelia > > Thanks > > Best Regards > > Jay Yang > > -----Original Message----- > From: Amelia Andersdotter <amelia.ieee@xxxxxxxxxxxxxxx> > Sent: 2023年4月13日 21:04 > To: Zhijie Yang (NSB) <zhijie.yang@xxxxxxxxxxxxxxx>;
> STDS-802-11-TGBH@xxxxxxxxxxxxxxxxx > Subject: Re: [STDS-802-11-TGBH] TGbh language for Annex Z (WAS: Agenda
> uploaded - plans for call) > > On 2023-04-13 09:34, Zhijie Yang (NSB) wrote: >> Hi Dan, >> >> Please clarify which items the Annex Z meet according to the Privacy
>> Recommendations provided by Amelia? >> >> How to determine less or more “security and privacy”, what’s the
>> threshold, “50%--NOK, 100%--comparable”?, hope you can give more
>> clarification on them before adding them. >> >> Amelia came up with some new privacy points to 11bh group, I say the
>> 11bh group need carefully to review them one by one. Why you become
>> impatient? >> > They are not new. 802E-2020 was discussed in the beginning of this TG. > > If I could make a stab, it'd be: > > Temporary identifiers should be used or at least permitted, especially for the use of short-lived services such as network probes -> Annex Z established a (semi)-temporary identifier that is generated by an AP and transmitted to a
non-AP. > Temporary identifiers should not persist across different stages of
> the communication process and should be restricted to specific
> protocol exchanges -> Annex Z allows for this behaviour but doesn't
> require it, since the use-case for the identifier in Annex Z (and
> device ID in > general) is specifically to create linkability and persistence of the identifier. > When switching to a new temporary identifier, variable fields such as sequence numbers should be reset to their default value or to a non-deterministic value. Where multiple temporary identifiers are used concurrently, their replacement
should be synchronized to avoid correlation between sets of old and new identifiers -> The procedure in Annex Z can be applied at any time, but it is not up to the Annex to specify this behaviour. It would have to be specified in Clause 12. > A personal device persistent or temporary identifier should not be stored by any device specified by the standard other than the devices using those identifiers to provide or support the service. -> Annex Z and Clause 12 seem to fulfill
this recommendation. > Persistent and temporary identifiers should not be stored by any device for longer than is required to provide or support the service. -> The functionality to be defined by TGbh assumes "support for the service" to require a (semi)permanent
identifier. Annex Z is one way that such a semi-permanent identifier could be generated with a high level of security and privacy. > Periodic communications or transmissions of deterministic values or identifiers should occur at non-correlatable intervals. -> Not applicable. > Temporary identifiers should not be shared across services. -> Depending on your definition of service, not applicable. Else, the functionality to be defined by TGbh assumes "support for the service" to require a (semi)permanent identifier
(across services). > The use, persistence, and storage of identifiers by devices specified in the standard, and their configurability, should be described in the standard. -> This is what Clause 12 and Annex Z by the TGbh draft 0.2, does. > > But I don't think we need to debate or discuss this for 1 year. > 802E-2020 is meant to be a tool that enables asking the right evaluation questions for a given proposal - it's not an arbitrator of what is right and wrong, it's a recommendation with some loosely set directions. For me it was personally
helpful only to write this e-mail, I must admit. > > Best regards, > > Amelia > >> You know, this group spend almost 1 year to discussion
>> pre-association identification scheme, and have some consensus
>> finally. If we follow such working style, I’m afraid we need spend a
>> long time to discussion that part. >> >> If you or the group have enough efforts, let’s go on. >> >> Thanks >> >> Best Regards >> >> Jay Yang >> > -- > ^\...~...~...~...~...~.../^ > Amelia Andersdotter > ^\...~...~...~...~...~.../^ > > > ______________________________________________________________________ > __ To unsubscribe from the STDS-802-11-TGBH list, click the following
> link:
https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1 -- ^\...~...~...~...~...~.../^ Amelia Andersdotter ^\...~...~...~...~...~.../^ To unsubscribe from the STDS-802-11-TGBH list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1 |