Thread Links | Date Links | ||||
---|---|---|---|---|---|
Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
--- This message came from the IEEE 802.11 Working Group Reflector ---
Hi Dan, I agree completely with you that randomized MAC addressing is with us now and text along the lines that you proposed in 14/0367r2 is appropriate, and I fully support it. My only concern is that 11md will take 3 to 4 years to be in existence and I like to investigate quicker ways to getting this accepted. Maybe your text could be tacked on to an existing TG Amendment, preferably one in Sponsor Ballot? Thanks Graham From: *** IEEE stds-802-11 List *** [mailto:STDS-802-11@xxxxxxxx] On Behalf Of Harkins, Daniel --- This message came from the IEEE 802.11 Working Group Reflector --- Greetings, Exactly 3 years ago I presented 11-14/0367r2 in 11mc. That submission proposed some language in the 802.11 standard to define certain behavior when MAC address randomization is used. There were a number of comments but the big one was that it was not necessary. Over time, implementations have come on the market that randomize MAC addresses and the results are in: we really do need some language in the standard that says exactly what to do when privacy is desired, both how and when to randomize a MAC address and how to remove information from 802.11 frames that can be used to perform tracking even when a randomized MAC address is used. Researchers from the U.S. Naval Academy have performed a study [1] and conclude with: “We propose the following best practices for MAC address randomization. Firstly, mandate a universal randomization policy to be used across the spectra of 802.11 client devices. We have illustrated that when vendors implement unique MAC address randomization schemes it becomes easier to identify and track those devices.” concluded the experts. “A universal policy must include at minimum, rules for randomized MAC address byte structure, 802.11 IE usage, and sequence number behavior,” Based on this sage advice, I plan on introducing a submission to 11md (when formed) to define a privatization policy to be used by STAs that wish to make it harder to track them. If you wish to contribute to this effort or if you have legitimate concerns on 802.11 privacy, please unicast me back. regards, Dan. [1] http://securityaffairs.co/wordpress/57076/uncategorized/mac-address-randomization-flaws.html _______________________________________________________________________________ If you wish to be removed from this reflector, do not send your request to this reflector - it will have no effect. Instead, go to http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11 and then press the LEAVE button. If there is no LEAVE button here, try http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-RO. Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________ If you wish to be removed from this reflector, do not send your request to this reflector - it will have no effect. Instead, go to http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11 and then press the LEAVE button. If there is no LEAVE button here, try http://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-RO. Further information can be found at: http://www.ieee802.org/11/Email_Subscribe.html _______________________________________________________________________________ |