MADINAS - Thursday, July 28, 2022

MADINAS

madinas@jabber.ietf.org

Thursday, July 28, 2022< ^ >

Room Configuration

Room Occupants

GMT+0
[19:59:42] mcr joins the room
[20:03:34] dkg joins the room
[20:18:35] <zulipbot> (Massimiliano Pala) @Michael: I do understand your point of view, and what you are saying for static addresses is true if your environment is safe. In many environment, devices are mobile and used across environments where Privacy considerations are very important. Having a standardized solution (that you may support or not in your device) could be a very useful tool. On the infrastructure side, I think that the same way you propagate the information for 1 MAC address across the infrastructure, you can propagate 2 or more...
[20:19:32] <zulipbot> (Éric Vyncke) @MCR: RFC 5415 could possibly be used to transport this layer-2 among AP
[20:21:12] <mcr> Yes, exactly, CAPWAP needs to be extended to deal with the changes.
[20:21:15] <zulipbot> (Éric Vyncke) FYI: the MOPS WG also uses github to keep 'live data' once RFC is published
[20:22:01] <mcr> Massimiliano, if you carry a device around, then it should generate a new stable MAC address for each environment.  Not change it every 12 hours.
[20:22:50] <mcr> In environments like this hotel, the MAC address filtering is mostly *not* done at the AP. It's done centrally.
[20:33:02] <zulipbot> (Massimiliano Pala) @MCR: Mmm... difficult answer here :D I would say that even using an individual identifier for "environment",  (a) it might be difficult to distinguish among "environments" besides a network id, and, most importantly, (b) you might want to protect tracking users across your infrastructure. Given these two factors, it might make sense to consider transferring a secret after associating (a seed, a value, etc.) that is not known to "external" attackers and allows the infrastructure, but not an observer, to link sessions. Believe me, I think I understand where your objections come from ... but I think that having such a protection can be quite important (and force us to be better at privacy with the next gen of wireless protocols... ?)
[20:39:54] <mcr> @Massimiliano, yes.  One really simple way is to use WPA-Enterprise (EAP-TLS1.3) with certificates.  But that's not how home networks work today.  It's where we need to go.
[20:40:04] <mcr> (curious if that showed up in blue)
[20:43:24] <zulipbot> (Éric Vyncke) in black
[20:50:00] <mcr> I copied Massimiliano's name, and it was in blue, and the rest of the content was blue for me.
[20:56:44] <zulipbot> (Sri Gundavelli) Relation to MADINAS can be about the RCM.. since they are maintaining the MAC to IP relationship
[20:57:23] <zulipbot> (Éric Vyncke) Sure but not to the point of becoming a MADINAS WG document IMHO
[20:57:23] <zulipbot> (Yiu Lee) Please post the link of the draft into the mailing list. Thx!
[20:59:14] <zulipbot> (Sri Gundavelli) Agree!
[20:59:27] <zulipbot> (Éric Vyncke) Thanks to the chairs and participants
[20:59:27] <zulipbot> (Sri Gundavelli) Just the RCM aspect
[21:15:44] mcr leaves the room: Disconnected: closed
[21:17:18] mcr joins the room
[21:18:07] mcr leaves the room
[22:12:54] dkg leaves the room