Re: [STDS-802-11-TGBH] Agenda for TGbh April 18 teleconference

[Jarkko Kneckt <00000d5619618f4f-dmarc-request@xxxxxxxxxxxxxxxxx>]

Hi Mark, Kurt and Graham, 

I have two comments on the material that are part of the motion. The comment 1 was explained in my earlier emails. 

It would be good to solve these issues before the motion. 

Cheers,

Jarkko 

1) 129r5 IRM

- Currently 802.11 defines that a non-AP STA uses random MAC address in the Probes and ANQP queries that it sends in the pre-associated state. 

- IRMA allows STA to use the IRM MAC address in probes and ANQP queries. This is not following the guidance of the 802.11. 

- If the IRM MAC address is used in probes and ANQPs prior authentication and association, then an attacker can learn the IRM MAC address and the attacker may use the IRM MAC address to authenticate as the victim STA. 

- 802.11bh has no limitations or recommendations for the network security, in some networks the attacker may steal the STA identity by authenticating to the BSS. The AP even tells to the attacker whether the device id was successfully stolen.  

Recommend resolution: Please add the following note to clause 12.2.12.2:

“NOTE: In States 1 and 2, the IRM MAC address is recommended to be used only in authentication and association frames. 

To ensure good STA privacy, a non-AP STA is recommended to change its IRM MAC Address in every 4-way handshake."

2) 1329r17 allows AP to send a zero-length device ID in the 4/4 message of the 4-way handshake. There is no description what does this zero-length device ID means to the non-AP STA. 

- Does this mean that STA has no device ID with the AP? Or does the STA continue to use the old identifier in the next authentication/association. This should be clearly defined. 

- I recommend to change the Device ID after every 4-way handshake. This complicates device ID use to track the STA. 

    

On Apr 17, 2023, at 11:07 AM, Mark Hamilton <mark.hamilton2152@xxxxxxxxx> wrote:

All,

 

I have posted a proposed agenda for the April 18 TGbh teleconference, here: https://mentor.ieee.org/802.11/dcn/23/11-23-0653-00-00bh-agenda-tgbh-2023-april-18.pptx

 

REMINDER: This includes consideration of a motion to approve the “Ready for motion” CIDs in our comment tracking spreadsheet, here: https://mentor.ieee.org/802.11/dcn/22/11-22-0973-23-00bh-cc41-comments-against-d0-2.xlsx , which would approve these CIDs: 

• CIDs 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 15, 16, 17, 24, 25, 26, 27, 30, 31, 32, 33, 36, 40, 41, 42, 45, 47, 49, 50, 51, 52, 53, 58, 61, 62, 63, 64, 65

 

Please come prepared to consider this motion.

 

Work will then continue on the (3) remaining CIDs.

 

Thanks.  Mark

---

To unsubscribe from the STDS-802-11-TGBH list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1

---

To unsubscribe from the STDS-802-11-TGBH list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBH&A=1