From nobody Tue Sep 1 09:49:35 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C22E3A0A66 for ; Tue, 1 Sep 2020 09:49:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.233 X-Spam-Level: X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_SOFTFAIL=0.665, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YWF4IrEdrxCF for ; Tue, 1 Sep 2020 09:49:32 -0700 (PDT) Received: from smtp2.execulink.net (smtp2.execulink.net [69.63.44.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 70CAB3A0A63 for ; Tue, 1 Sep 2020 09:49:32 -0700 (PDT) Received: from webmail.execulink.ca ([199.166.6.210]) by smtp2.execulink.net with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1kD9TN-0002e3-LU; Tue, 01 Sep 2020 12:49:30 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="=_a216812388eec8878f3de555758d2445" Date: Tue, 01 Sep 2020 12:49:29 -0400 From: David Dolson To: Erik Kline Cc: Martin Thomson , Barry Leiba , captive-portals Reply-To: ddolson@acm.org In-Reply-To: References: User-Agent: Roundcube Webmail/1.4-git Message-ID: X-Sender: ddolson@acm.org Archived-At: Subject: Re: [Captive-portals] A final check on draft-ietf-capport-architecture-09 X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2020 16:49:34 -0000 --=_a216812388eec8878f3de555758d2445 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=UTF-8; format=flowed How do such devices obtain IP addresses? Arguably the domain of Captive Portal solution is limited to the case when the agent assigning IP addresses is controlling access to the network as well. -Dave On 2020-09-01 01:28, Erik Kline wrote: > One thing I realized that we didn't discuss in 7710bis, and didn't really discuss here either, is the issue of devices attached to routers which are themselves on the link with the provisioning service. > > Such clients would not have a way to receive an RA option nor any of the DHCP options since we didn't say what routers that observe these on a network should do (e.g. routers should/may include verbatim the 7710bis options in any of the applicable mechanisms for downstream clients). > > The section 2.5 captive portal signal might be able to come to the rescue here, but as we don't have such a thing. > > But...maybe that's a separate document? > > On Sun, Aug 9, 2020 at 5:11 PM Martin Thomson wrote: > >> The editors of draft-ietf-capport-architecture have put in a huge amount of work over the past few weeks in addressing the review comments. >> >> https://tools.ietf.org/html/draft-ietf-capport-architecture-09 >> >> As there have been quite a few changes, I would like to request that people take a brief look again before we proceed. I've been watching closely, and the changes look good, but I would like to confirm. The changes are: >> >> https://tools.ietf.org/rfcdiff?url2=draft-ietf-capport-architecture-09.txt >> >> Please send comments before 2020-08-16. >> >> _______________________________________________ >> Captive-portals mailing list >> Captive-portals@ietf.org >> https://www.ietf.org/mailman/listinfo/captive-portals > > _______________________________________________ > Captive-portals mailing list > Captive-portals@ietf.org > https://www.ietf.org/mailman/listinfo/captive-portals --=_a216812388eec8878f3de555758d2445 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8

How do such devices obtain IP addresses?

Arguably the domain of Captive Portal solution is limited to the case wh= en the agent assigning IP addresses is controlling access to the network as= well.

-Dave


On 2020-09-01 01:28, Erik Kline wrote:

One thing I realized that we didn't discuss in 7710bis, an= d didn't really discuss here either, is the issue of devices attached to ro= uters which are themselves on the link with the provisioning service.
 
Such clients would not have a way to receive an RA option nor any of t= he DHCP options since we didn't say what routers that observe these on a ne= twork should do (e.g. routers should/may include verbatim the 7710bis optio= ns in any of the applicable mechanisms for downstream clients).
 
The section 2.5 captive portal signal might be able to come to the res= cue here, but as we don't have such a thing.
 
But...maybe that's a separate document? 

On Sun, Aug 9, 2020 at 5:11 PM Mart= in Thomson <mt@l= owentropy.net> wrote:
The editors of draft-ietf-= capport-architecture have put in a huge amount of work over the past few we= eks in addressing the review comments.

https://tools.ietf.org/html/draft-ietf-capport-arc= hitecture-09

As there have been quite a few changes, I would= like to request that people take a brief look again before we proceed.&nbs= p; I've been watching closely, and the changes look good, but I would like = to confirm.  The changes are:

https://tools.ietf.org/rfcdiff?url2=3Ddraf= t-ietf-capport-architecture-09.txt

Please send comments befo= re 2020-08-16.

_______________________________________________Captive-portals mailing list
Captive-portals@ietf.org
https://www.ietf.org/mailman/listinfo/captive-portals=

= _______________________________________________
Captive-portals mailin= g list
Captive-portals@iet= f.org
https://www.ietf.org/ma= ilman/listinfo/captive-portals
--=_a216812388eec8878f3de555758d2445-- From nobody Tue Sep 1 11:35:29 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62D593A0ED7 for ; Tue, 1 Sep 2020 11:35:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yx1DHFk4c3O3 for ; Tue, 1 Sep 2020 11:35:26 -0700 (PDT) Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ABFD3A0EDB for ; Tue, 1 Sep 2020 11:35:26 -0700 (PDT) Received: by mail-ot1-x32c.google.com with SMTP id 109so2049999otv.3 for ; Tue, 01 Sep 2020 11:35:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YzdNFwD7yhlzhxKaOPsodLks80JHUox6/TlxUkhTkVY=; b=tqZMsoDdKyCS3AKHEAZntSm2owPbk+rK3yMfSF+IXdJt5BV3UFqVIfMnG/86YxlJFH P5JbUeeAQzyYDv1yBT2877P5IlI4W0tsCTzGil6uuEmRXoQxwGOV6FbDWJjMo0F/FFLH WNevf0yp6Lce+42tg7g/xjzpWZ+585JvcNd2+2fGxrOVa9JsoqD7MAEMlpqlIvqptUFT oOkKifjGDUtR+5PkjZ45ZKmhbefRrpd4f4IfqIUTPi38ZAJS6ZY+8NtPvDoZEFCw9OBR sc/nJ8CDI7iCknUVUioyGW1Wj7BOB0TtY1eSJIMXRtbTzyUPu3ZgC2AQOOjvg1uOsJi4 VRxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YzdNFwD7yhlzhxKaOPsodLks80JHUox6/TlxUkhTkVY=; b=JWt94Y/yQxkAm2dk5dmNgfBsxInAh9lMgDk8Ed53LmXMjWHlS/hB+9pUKzBDyNTN9B Nu8Tstsxpqyc5vMsSqhQly2GvjAkT2OpG4r3aAouwZuQKp3E6wpVNb7+r9zIiV7eq4eo B/dgvA/ge0rCIneJm7gf52nNdDHlkE8NjbTYVPbrrtVXaN9QtT7qbk4ZuxynqKkRHID/ KmTn6SUXBXE6fUol2RriB9tH0FtKOdbZnrrUENWDduP4S0yQ7CrnBAuQ9Viu94JFlVMV xiE9fSBCzXwCtVMCrDcDkSHWB6mRBLvcJHoVS589f2YWXky+tMfHWQ1SGQOvXcHTHXQT 6G/g== X-Gm-Message-State: AOAM530I21MjNghAMqOhKKje+uOohBF/r52xyeioJpSkm+n+cEOv6YGs TWaDVaWehtiSuuuciHFQRJssOzROp1E32dImUBQ= X-Google-Smtp-Source: ABdhPJwJvE7SJLwpZYyW7Y6yoRn0Ikqfy09IjB/ruH/vphfdEFqLEiWMzHBiw1LUffU/LOAR9fQfER3/8AokG57AP3c= X-Received: by 2002:a9d:7319:: with SMTP id e25mr2559402otk.155.1598985325490; Tue, 01 Sep 2020 11:35:25 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Erik Kline Date: Tue, 1 Sep 2020 11:35:14 -0700 Message-ID: To: ddolson@acm.org Cc: Martin Thomson , Barry Leiba , captive-portals Content-Type: multipart/alternative; boundary="00000000000053b54e05ae44c864" Archived-At: Subject: Re: [Captive-portals] A final check on draft-ietf-capport-architecture-09 X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Sep 2020 18:35:27 -0000 --00000000000053b54e05ae44c864 Content-Type: text/plain; charset="UTF-8" On Tue, Sep 1, 2020 at 9:49 AM David Dolson wrote: > How do such devices obtain IP addresses? > > In IPv4, this would be NAT. The first host to connect would probably pass the captive portal for all other devices, but only because of the HTTP-intercept technique. No clients would see the API URL, and they would never be able to learn the venue URL In IPv6 it's more complicated, and largely not yet addressed. With Proxy ND, the downstream clients would see the RA/DHCPv6 option(s). With 64share, the same is possible but would, I suspect, be implementation-dependent. Arguably the domain of Captive Portal solution is limited to the case when > the agent assigning IP addresses is controlling access to the network as > well. > > -Dave > As we've currently scoped things, I agree. The more I think about it, the use case I had in mind (capport implementation in an ISP's modem/CPE) would probably require things we've not yet completed. --00000000000053b54e05ae44c864 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Tue, Sep 1, 2020 at 9:4= 9 AM David Dolson <ddolson@acm.org> wrote:

How do such devices obtain IP addresses?




--00000000000053b54e05ae44c864-- From nobody Wed Sep 2 06:43:15 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B5F13A102D for ; Wed, 2 Sep 2020 06:43:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 69O6uezidgaa for ; Wed, 2 Sep 2020 06:43:06 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 181E53A0E57 for ; Wed, 2 Sep 2020 06:43:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 3BDB5389C3 for ; Wed, 2 Sep 2020 09:21:56 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id dVSIs9qv2YXH for ; Wed, 2 Sep 2020 09:21:55 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 5F854389BA for ; Wed, 2 Sep 2020 09:21:55 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 9486C69B for ; Wed, 2 Sep 2020 09:42:59 -0400 (EDT) From: Michael Richardson To: captive-portals In-Reply-To: References: X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] A final check on draft-ietf-capport-architecture-09 X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Sep 2020 13:43:13 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Erik Kline wrote: > One thing I realized that we didn't discuss in 7710bis, and didn't re= ally > discuss here either, is the issue of devices attached to routers whic= h are > themselves on the link with the provisioning service. So, I agree with the thread that the options need to be passed on like DNS. I guess architecturally maybe this needs to be specified. From=20an implementation point of view, the router, whether IPv4 NAT44 or I= Pv6, acts as a layer-2 "NAT", keeping the policy enforcement point from seeing t= he end device's L2 address. As such, mechanisms that whitelist^Waccept-list the client by L2 address won't work, or will work wrong. I think that many of us geeks have the experience of throwing our own route= r onto the hotel LAN, then accepting the Terms using our laptop, and sharing that with our other devices. That accept-lists the router for IPv4, but IPv6 won't work that way. And now temporary addresses uses for privacy each get caught. > The section 2.5 captive portal signal might be able to come to the re= scue > here, but as we don't have such a thing. > But...maybe that's a separate document? Our current solution isn't perfect, but it is a significant step forward. Let's worry about this situation later. =2D- Michael Richardson , Sandelman Software Works -=3D IPv6 IoT consulting =3D- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9PoWMACgkQgItw+93Q 3WXB9gf+KhWb2dMbRPiU7vdxElrgiPQxKLpbibWn4obUEqs4MGogHv4KokMVNR5u iAlX9YC0YTicUY3FS+eRelgAv6y5XRRwp9GBwYEgUuoDIvivoaJeHKTfM6keuNft +hzWLYzEyKGfKgn09yH3dY5EjUFg8MQ4LddwHOlwgQcQQWsyGt51XzJ81aW3hjYt MYNaA8OGkKROoAB6e3u6pZm6oWR48PtUII8R2+zrgmOUpOaUv6Glweasp5P23+Rk 6sT8slTpYFypok9CuBRYLv5Lsyfj4+CQ7wFWiw+YlsoADGzD0/npEWytxT6TrBYO Ho/8S0ucTf1kktHwajC98ChNuyg2Xg== =OcJ8 -----END PGP SIGNATURE----- --=-=-=-- From nobody Mon Sep 14 16:38:24 2020 Return-Path: X-Original-To: captive-portals@ietf.org Delivered-To: captive-portals@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F2DFB3A0D3C; Mon, 14 Sep 2020 16:38:22 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Benjamin Kaduk via Datatracker To: "The IESG" Cc: draft-ietf-capport-architecture@ietf.org, capport-chairs@ietf.org, captive-portals@ietf.org, Martin Thomson , mt@lowentropy.net X-Test-IDTracker: no X-IETF-IDTracker: 7.17.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Benjamin Kaduk Message-ID: <160012670268.20035.5295583799658667206@ietfa.amsl.com> Date: Mon, 14 Sep 2020 16:38:22 -0700 Archived-At: Subject: [Captive-portals] Benjamin Kaduk's No Objection on draft-ietf-capport-architecture-09: (with COMMENT) X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2020 23:38:23 -0000 Benjamin Kaduk has entered the following ballot position for draft-ietf-capport-architecture-09: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you for addressing my Discuss (and comment!) points. A few new notes on the -09: Section 1.2 has a new instance of "Captive Network" that didn't get caught up in the renaming of "Captive Network" to "Captive Portal" Section 2.1 Maybe s/navigate the User Portal/navigate to the User Portal/? Dave's suggested rewording (https://mailarchive.ietf.org/arch/msg/captive-portals/nMLJv4gzGjBQZN_5-TJyrfZZbkI/) is correct but not parallel to how we discuss the DNS-ID case. I'd recommend either rewording both cases or neither, but don't have much of a stance on which is preferred. From nobody Mon Sep 21 21:03:39 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49ED13A128F; Mon, 21 Sep 2020 21:03:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZL_AqN-ZpqYP; Mon, 21 Sep 2020 21:03:33 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 211483A0D9C; Mon, 21 Sep 2020 21:03:33 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 0D13BF40770; Mon, 21 Sep 2020 21:03:26 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, captive-portals@ietf.org Content-type: text/plain; charset=UTF-8 Message-Id: <20200922040326.0D13BF40770@rfc-editor.org> Date: Mon, 21 Sep 2020 21:03:26 -0700 (PDT) Archived-At: Subject: [Captive-portals] =?utf-8?q?RFC_8908_on_Captive_Portal_API?= X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 04:03:34 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8908 Title: Captive Portal API Author: T. Pauly, Ed., D. Thakore, Ed. Status: Standards Track Stream: IETF Date: September 2020 Mailbox: tpauly@apple.com, d.thakore@cablelabs.com Pages: 11 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-capport-api-08.txt URL: https://www.rfc-editor.org/info/rfc8908 DOI: 10.17487/RFC8908 This document describes an HTTP API that allows clients to interact with a Captive Portal system. With this API, clients can discover how to get out of captivity and fetch state about their Captive Portal sessions. This document is a product of the Captive Portal Interaction Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Mon Sep 21 21:03:49 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE643A12DE; Mon, 21 Sep 2020 21:03:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hNmSpasydiRt; Mon, 21 Sep 2020 21:03:40 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AB323A12D4; Mon, 21 Sep 2020 21:03:40 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 011E9F4077C; Mon, 21 Sep 2020 21:03:33 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, captive-portals@ietf.org Content-type: text/plain; charset=UTF-8 Message-Id: <20200922040333.011E9F4077C@rfc-editor.org> Date: Mon, 21 Sep 2020 21:03:33 -0700 (PDT) Archived-At: Subject: [Captive-portals] =?utf-8?q?RFC_8910_on_Captive-Portal_Identific?= =?utf-8?q?ation_in_DHCP_and_Router_Advertisements_=28RAs=29?= X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 04:03:48 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8910 Title: Captive-Portal Identification in DHCP and Router Advertisements (RAs) Author: W. Kumari, E. Kline Status: Standards Track Stream: IETF Date: September 2020 Mailbox: warren@kumari.net, ek@loon.com Pages: 11 Obsoletes: RFC 7710 Updates: RFC 3679 I-D Tag: draft-ietf-capport-rfc7710bis-10.txt URL: https://www.rfc-editor.org/info/rfc8910 DOI: 10.17487/RFC8910 In many environments offering short-term or temporary Internet access (such as coffee shops), it is common to start new connections in a captive portal mode. This highly restricts what the user can do until the user has satisfied the captive portal conditions. This document describes a DHCPv4 and DHCPv6 option and a Router Advertisement (RA) option to inform clients that they are behind some sort of captive portal enforcement device, and that they will need to satisfy the Captive Portal conditions to get Internet access. It is not a full solution to address all of the issues that clients may have with captive portals; it is designed to be one component of a standardized approach for hosts to interact with such portals. While this document defines how the network operator may convey the captive portal API endpoint to hosts, the specific methods of satisfying and interacting with the captive portal are out of scope of this document. This document replaces RFC 7710, which used DHCP code point 160. Due to a conflict, this document specifies 114. Consequently, this document also updates RFC 3679. This document is a product of the Captive Portal Interaction Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Tue Sep 22 05:54:54 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB5673A1677 for ; Tue, 22 Sep 2020 05:54:52 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.099 X-Spam-Level: X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=agilicus.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hlrGqIT88uFG for ; Tue, 22 Sep 2020 05:54:51 -0700 (PDT) Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1C9F53A0E19 for ; Tue, 22 Sep 2020 05:54:50 -0700 (PDT) Received: by mail-io1-xd33.google.com with SMTP id j2so19364840ioj.7 for ; Tue, 22 Sep 2020 05:54:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=agilicus.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YGaRfr1Zy0+4/4a/c51ZyL4OKC9fNij3qYU8KOUPlyw=; b=OST//wZ/2qGD/reOgW0lGxdI9YSnYEwVL+547XnOY2Q0Bx0FT0aPR7oU0LGpw7JUt5 m1FupE7q9CcWKyYi73ynyOF5s883ZhLSPWaEJwZyPhusZRA/drh2a2av0odjUQoHk4Hq H24lr6aYM3EJ2RxTZ+Zy+643v3p7tQNzu27cjae4upHK625wQ334Uj/UWzcmYFtleF6Q zDIoLnKCdkcX40QNw0qklZLbaiCNAlUx+GoIVHTuqSF84HmJs30qeCDvR8BjMPz2ANo9 jj9ZndZMnGK/NlFiw98Uns1IwQabrmdyAW7x4g2I7XwwxIReTvmoRx74TNExh6Z3hTn6 rRtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YGaRfr1Zy0+4/4a/c51ZyL4OKC9fNij3qYU8KOUPlyw=; b=ZehvANHoRMqWkd/OOW19mq3dM81jbA7vdojXogSJZfn2hNYgkNaRKxKY4MmQVonI8K Zr2wEg0+h6RBftP2gcqt99aBKhcrRTuXC+TDyguedKz6lHXtwaD6Y4+g1OoQxpBeds+E YKBRh863UfMfD7iVDK+aZ68YyoQjGpP2rUBUmnfNrL/ZjYwjgOg6i5Q9JCIC9swqa1Rd 82yZ+vgyDMnbQeNrE+Diu4vg1VcKWyT+tglcBpr8ayxCtqp7uqAQy6GYr2Hvxqqmgbbv HqqUdE/nVdJJtxGMRGtJk0zv6XNnYPCiZaNCWNNx6i20f9bg/SBvRDsgbWYESc6Bu57L dx7Q== X-Gm-Message-State: AOAM530yKsEbDZV/2bQM1T6vqsD39sJn05N0sdzr5ErSV04LRZfoFXwA 8DElj3yZRmfV06Z43s2jEIStcQesOxVoQ8LMi21R X-Google-Smtp-Source: ABdhPJyBdHTD4K7l2OFW4AWCtvNkfQTec1PhuUoz51FXl5n5wjqttNQHaeHRV+RcgoTAYTEPhdjXBB3T+hYR0q5yJqs= X-Received: by 2002:a6b:6c0c:: with SMTP id a12mr3213582ioh.40.1600779290203; Tue, 22 Sep 2020 05:54:50 -0700 (PDT) MIME-Version: 1.0 References: <160012670268.20035.5295583799658667206@ietfa.amsl.com> In-Reply-To: <160012670268.20035.5295583799658667206@ietfa.amsl.com> From: Kyle Larose Date: Tue, 22 Sep 2020 08:54:39 -0400 Message-ID: To: Benjamin Kaduk Cc: The IESG , draft-ietf-capport-architecture@ietf.org, capport-chairs@ietf.org, captive-portals , Martin Thomson Content-Type: text/plain; charset="UTF-8" Archived-At: Subject: Re: [Captive-portals] Benjamin Kaduk's No Objection on draft-ietf-capport-architecture-09: (with COMMENT) X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 12:54:53 -0000 Hi Benjamin, Thanks for the review. Responses inline below. On Mon, 14 Sep 2020 at 19:38, Benjamin Kaduk via Datatracker wrote: > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-capport-architecture-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you for addressing my Discuss (and comment!) points. > > A few new notes on the -09: > > Section 1.2 has a new instance of "Captive Network" that didn't get caught > up in the renaming of "Captive Network" to "Captive Portal" > > Section 2.1 > > Maybe s/navigate the User Portal/navigate to the User Portal/? > These have been fixed (https://github.com/capport-wg/architecture/pull/162). Thanks for pointing them out. There were quite a few missing captive networks. I think I got them all now. > Dave's suggested rewording > (https://mailarchive.ietf.org/arch/msg/captive-portals/nMLJv4gzGjBQZN_5-TJyrfZZbkI/) > is correct but not parallel to how we discuss the DNS-ID case. > I'd recommend either rewording both cases or neither, but don't > have much of a stance on which is preferred. > I think we should leave this as-is, unless someone else objects. I don't think what we have is wrong, and I prefer to minimize churn at this point. Thanks, Kyle From nobody Tue Sep 22 13:40:11 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C8EE3A198A; Tue, 22 Sep 2020 13:40:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HuMVZEHYVuIZ; Tue, 22 Sep 2020 13:40:08 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 995753A1976; Tue, 22 Sep 2020 13:40:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 10328389D2; Tue, 22 Sep 2020 16:18:44 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 7J4-OSu2JIWg; Tue, 22 Sep 2020 16:18:40 -0400 (EDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:103c:9eff:fecb:2eac]) by tuna.sandelman.ca (Postfix) with ESMTP id C912B3899C; Tue, 22 Sep 2020 16:18:39 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 080A94F5; Tue, 22 Sep 2020 16:40:02 -0400 (EDT) From: Michael Richardson To: captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org In-Reply-To: <20200922201317.097C3389D4@tuna.sandelman.ca> References: <20200922201317.097C3389D4@tuna.sandelman.ca> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 20:40:10 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Damn. Spelt captive-portal without the s again. Reposting, sorry for dupli= cates. I hate when WG names and list names do not match, and that we can't have al= iases. And I think that reply-to gets filtered. Archived-At: To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org From: Michael Richardson Date: Tue, 22 Sep 2020 16:34:33 -0400 This thread was started today on the INTAREA WG ML. While I don't object to a BOF, I don't know where it goes. What I see is that much of this problem needs to be resolved through increased use of 802.1X: making WPA-Enterprise easier to use and setup, this changing core identity from MAC Address to IDevID. My understanding is that Apple intends to randomize MAC every 12 hours, even on the same "LAN" (ESSID), and that they will just repeat the WPA authentication afterwards to get back on the network. If the per-device unique policy (including CAPPORT authorization) can be tied to the device better, than the MAC address based "physical" exception can be updated. But, WPA-PSK doesn't work, because it does not, in general, distinguish between different devices. It can be made to work if every device is given a unique PSK, and there are some successful experiments doing exactly that. Mostly it just works, but the challenge is communicating the unique PSK through an unreliable human. BRSKI can certainly do this, and it can leverage that unencrypted ESSID present at most hospitality locations to get onto the encrypted WPA-Enterprise. Or BRSKI-TEEP, or some other BRSKI-EAP method. The unencrypted SSID is not going away at those locations. Thus QR-code based methods are best, yet those do not work for many IoT devices. EMU's EAP-NOOB can help in certain cases, but we, as a community need be clear on what direction we want to go. One answer is that IoT devices have little reason to randomize their MAC if they are not generally ported. On 2020-09-22 3:49 p.m., Lee, Yiu wrote: > Hi team, > > We proposed a BoF. The agenda is in > https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md and the > proposal is in > https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-2020091= 8.md. You > can also find the draft here > https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01. > > At this stage, we are looking for inputs for more use cases and interests > of working together in this domain. Please post your comments in the > mailing list. > > Thanks > =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9qYSEACgkQgItw+93Q 3WVMRwf+I1ZbX5uZ/Th9eaj1jElTzxPz9BjFsy3KT1rfY3IwRhe0Gm1mT2x7ZSOD +LFLHCvp5+RFArxGE+YkorIqTPId4tqBrK8VgEVhKX5BfBnj8MNroJYJ0pQ8/sHt zeCJSe3QkQ7OrmavrjK2XwLNByHbZyH5Tq6YXbuGYp536z3iS2HgOwGYjZ2wa570 KcwlDMhFVFQz7L0MlIJTCC1j9ie8v9yPrdyo0Emu0U3ovTWPzcIN+GWAeVEm6lGc O57puCPqJ3LH8lks/raxBLENWSEEhC4KCYBS8ptmv8CFDwfOxtHieHHjHF4KRsvp cfFM++3mPKNGcaIGH4t5Q1S6kJ12nQ== =oHzH -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Sep 22 13:51:40 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4232C3A0770; Tue, 22 Sep 2020 13:51:38 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SJBp39bXFgNV; Tue, 22 Sep 2020 13:51:36 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FCB63A0598; Tue, 22 Sep 2020 13:51:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 51A88BE2F; Tue, 22 Sep 2020 21:51:33 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 914v1bXAJkok; Tue, 22 Sep 2020 21:51:30 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id AD3A2BE2E; Tue, 22 Sep 2020 21:51:30 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1600807890; bh=gTO3buZo+LPzROnNBgE/rfujtN+ALK9TPbsm33v5ovE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=ujKEEZdEDHwgsloXsJw84p8nMZPbvnoNtqp6gD3zmucEMLPCHaJsDPS8DxKXGpwpR wOME16XHomEtj7q0HBOXaeL9vhAyvqn4M4m10Q6nD/oi3E3r6dIxerAyJ2/pdT01VG NOCYeYq7083fMsDCmnaRUVPoliDOkDOyKFm2SXCw= To: Michael Richardson , captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> Date: Tue, 22 Sep 2020 21:51:30 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <15660.1600807202@localhost> Content-Type: multipart/mixed; boundary="------------409DEF894A3176187E6CD571" Content-Language: en-US Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 20:51:38 -0000 This is a multi-part message in MIME format. --------------409DEF894A3176187E6CD571 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit That agenda and draft seem to make the seemingly common enough mistake of only focusing on what a new privacy or security mechanism breaks and glossing over the good reasons why people introduce these mechanisms. I hope the BoF proponents fix that because otherwise they may end up giving the impression that they would prefer to not see the privacy benefits (which I'd guess is not their goal at all). One reason those good reasons need to be included is that they constrain the kinds of additions that might make sense to better handle the new mechanism. We've seen a number of these kinds of reactions and I figure it'd really be better if the reaction were not to appear purely reactionary;-) If that were fixed, then there may be a better discussion of what, if any, additional things need doing. If that is not fixed, I'd not be surprised if the putative BoF were to devolve into a "it's bad" vs. "no, it's good" bun fight that won't really take us further. Cheers, S. On 22/09/2020 21:40, Michael Richardson wrote: > > Damn. Spelt captive-portal without the s again. Reposting, sorry for duplicates. > I hate when WG names and list names do not match, and that we can't have aliases. > And I think that reply-to gets filtered. > > Archived-At: > To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org > From: Michael Richardson > Date: Tue, 22 Sep 2020 16:34:33 -0400 > > This thread was started today on the INTAREA WG ML. > > While I don't object to a BOF, I don't know where it goes. > What I see is that much of this problem needs to be resolved through > increased use of 802.1X: making WPA-Enterprise easier to use and setup, this > changing core identity from MAC Address to IDevID. > > My understanding is that Apple intends to randomize MAC every 12 hours, even > on the same "LAN" (ESSID), and that they will just repeat the WPA > authentication afterwards to get back on the network. If the per-device > unique policy (including CAPPORT authorization) can be tied to the device > better, than the MAC address based "physical" exception can be updated. > > But, WPA-PSK doesn't work, because it does not, in general, distinguish > between different devices. > > It can be made to work if every device is given a unique PSK, and there are > some successful experiments doing exactly that. Mostly it just works, but > the challenge is communicating the unique PSK through an unreliable human. > BRSKI can certainly do this, and it can leverage that unencrypted ESSID > present at most hospitality locations to get onto the encrypted > WPA-Enterprise. Or BRSKI-TEEP, or some other BRSKI-EAP method. The > unencrypted SSID is not going away at those locations. > > Thus QR-code based methods are best, yet those do not work for many IoT > devices. EMU's EAP-NOOB can help in certain cases, but we, as a community > need be clear on what direction we want to go. One answer is that IoT > devices have little reason to randomize their MAC if they are not generally > ported. > > > On 2020-09-22 3:49 p.m., Lee, Yiu wrote: >> Hi team, >> >> We proposed a BoF. The agenda is in >> https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md and the >> proposal is in >> https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-20200918.md. You >> can also find the draft here >> https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01. >> >> At this stage, we are looking for inputs for more use cases and interests >> of working together in this domain. Please post your comments in the >> mailing list. >> >> Thanks >> > > > -- > Michael Richardson . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > --------------409DEF894A3176187E6CD571 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =YzQY -----END PGP PUBLIC KEY BLOCK----- --------------409DEF894A3176187E6CD571-- From nobody Tue Sep 22 14:06:48 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 196B33A19BB for ; Tue, 22 Sep 2020 14:06:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.917 X-Spam-Level: X-Spam-Status: No, score=-1.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4uDj-6Ppgzgz for ; Tue, 22 Sep 2020 14:06:45 -0700 (PDT) Received: from p3plsmtpa07-05.prod.phx3.secureserver.net (p3plsmtpa07-05.prod.phx3.secureserver.net [173.201.192.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5D303A19B9 for ; Tue, 22 Sep 2020 14:06:45 -0700 (PDT) Received: from spectre ([173.8.184.78]) by :SMTPAUTH: with ESMTPSA id KpUqkH97lls90KpUrkCdfV; Tue, 22 Sep 2020 14:06:45 -0700 X-CMAE-Analysis: v=2.3 cv=QfEYQfTv c=1 sm=1 tr=0 a=PF7/PIuz6ZQ4FM3W1XNKAQ==:117 a=PF7/PIuz6ZQ4FM3W1XNKAQ==:17 a=IkcTkHD0fZMA:10 a=c9njP7fIAAAA:8 a=48vgC7mUAAAA:8 a=l70xHGcnAAAA:8 a=kDCMlKhJAAAA:20 a=RZQR-LyKMerh6KzPIDkA:9 a=jrJglDZWlyc3YXEN:21 a=QCgIVi4ARomWgeNi:21 a=QEXdDO2ut3YA:10 a=MCshM1S1O2piC4VqdL4N:22 a=w1C3t2QeGrPiZgrLijVG:22 a=JtN_ecm89k2WOvw5-HMO:22 X-SECURESERVER-ACCT: peter@akayla.com From: "Peter Yee" To: "'Michael Richardson'" , , , References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> In-Reply-To: <15660.1600807202@localhost> Date: Tue, 22 Sep 2020 14:06:48 -0700 Message-ID: <08df01d69124$49ab1f90$dd015eb0$@akayla.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQMHIWUk3ciIMSy+Ss7YNBHgXXt5/gGSEnqMpwdyCSA= Content-Language: en-us X-CMAE-Envelope: MS4wfHb+TU7z2cKf/TeiCy5KPjF0xwr7sZnQl4uvWampuaF7PXSo03wYrrJst8o8THhsdHUh2mVnYEbponx+fB+/W9By3PapCifU2IkFMq9xj3WXTCnwk2Pv HY9kQySMtqKerqx2+L/FezCUFnAsA+PaJCgNT3rkwXPLGcjA79u70jCFMAZx3twenZrNG64Fit55XXWLENRFWfeth+5ZzQJKs71HrRyLyL5VjN46fafusfS+ 06SHNT3CJifswvecvZS5hA== Archived-At: Subject: Re: [Captive-portals] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 21:06:47 -0000 Michael, I believe that the address randomization (Private Address) can be = turned off in iOS 14, but it seems to be a manual operation per ESSID = only. That said, IEEE 802.11 has a Random and Changing MAC Addresses Study = Group that has just requested the creation of two new projects under = IEEE 802.11 (subject to the usual approval by the management layers = above it). One will deal with operational issues that arise from random = addresses and how they can be alleviated, if possible. The other will = look more closely at privacy in IEEE 802.11, since MAC address = randomization was a first stab at privacy, but it leaves many other = privacy-defeating vectors unaddressed. The Wi-Fi Alliance has the Device Provisioning Protocol (Wi-Fi = Certified Easy Connect = (https://www.wi-fi.org/discover-wi-fi/wi-fi-easy-connect)), which may be = of use in environments where traditional on-boarding methods are not = available, such as for headless or IoT devices. -Peter -----Original Message----- From: Captive-portals [mailto:captive-portals-bounces@ietf.org] On = Behalf Of Michael Richardson Sent: Tuesday, September 22, 2020 1:40 PM To: captive-portals@ietf.org; homenet@ietf.org; int-area@ietf.org Subject: Re: [Captive-portals] [Int-area] Evaluate impact of MAC address = randomization to IP applications Damn. Spelt captive-portal without the s again. Reposting, sorry for = duplicates. I hate when WG names and list names do not match, and that we can't have = aliases. And I think that reply-to gets filtered. Archived-At: = To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org From: Michael Richardson Date: Tue, 22 Sep 2020 16:34:33 -0400 This thread was started today on the INTAREA WG ML. While I don't object to a BOF, I don't know where it goes. What I see is that much of this problem needs to be resolved through = increased use of 802.1X: making WPA-Enterprise easier to use and setup, = this changing core identity from MAC Address to IDevID. My understanding is that Apple intends to randomize MAC every 12 hours, = even on the same "LAN" (ESSID), and that they will just repeat the WPA authentication afterwards to get back on the network. If the = per-device unique policy (including CAPPORT authorization) can be tied to the = device better, than the MAC address based "physical" exception can be = updated. But, WPA-PSK doesn't work, because it does not, in general, distinguish = between different devices. It can be made to work if every device is given a unique PSK, and there = are some successful experiments doing exactly that. Mostly it just = works, but the challenge is communicating the unique PSK through an = unreliable human. BRSKI can certainly do this, and it can leverage that unencrypted ESSID = present at most hospitality locations to get onto the encrypted = WPA-Enterprise. Or BRSKI-TEEP, or some other BRSKI-EAP method. The = unencrypted SSID is not going away at those locations. Thus QR-code based methods are best, yet those do not work for many IoT devices. EMU's EAP-NOOB can help in certain cases, but we, as a = community need be clear on what direction we want to go. One answer is that IoT = devices have little reason to randomize their MAC if they are not = generally ported. On 2020-09-22 3:49 p.m., Lee, Yiu wrote: > Hi team, > > We proposed a BoF. The agenda is in > https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md and = > the proposal is in=20 > https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-2020 > 0918.md. You can also find the draft here=20 > https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01. > > At this stage, we are looking for inputs for more use cases and=20 > interests of working together in this domain. Please post your=20 > comments in the mailing list. > > Thanks > -- Michael Richardson . o O ( IPv6 I=C3=B8T = consulting ) Sandelman Software Works Inc, Ottawa and Worldwide From nobody Tue Sep 22 14:09:24 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC9513A19FB for ; Tue, 22 Sep 2020 14:09:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.119 X-Spam-Level: X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=Py6KlCfO; dkim=pass (2048-bit key) header.d=comcast.com header.b=mMaOJE62; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=oBFJ0Xmg Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Eb1g1wc7lEGk for ; Tue, 22 Sep 2020 14:09:10 -0700 (PDT) Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14C9E3A19F5 for ; Tue, 22 Sep 2020 14:09:10 -0700 (PDT) Received: from pps.filterd (m0156891.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08ML4g8c017034 for ; Tue, 22 Sep 2020 17:09:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=4qGiUQCdUW+CTwjA6dCO2y/T+uRl2YvL82HxBnH3IlE=; b=Py6KlCfOAN6VypgjfT0w2bZVvjxQ0ECr7HTDv7BWw9XOmTd+IrZcPfJyqHxPH9Hoo2DZ ZBUKnsgo/7EIlkriodY7kbGmuBZpe4yOI34AJtRiXRQ6l+MeyHHNaFRiyHnKBOmFIBka yhOhXcS/TM5UZvByfwcnSrSJ7SjPqaMzN2LP9XRjWcjyFxbjwSlsL6Gkzr4Ulym3ORhf kn3vBlaKPUpbAPO+3bOU1B2nwX6BLwiCC/bWw4dppfkU7PXRcGA4u6zA2XMAXWc2WQOP W/Dn8zhcT+gbyVXSPn7W2UTmyosSjXo0JhRJ3HMwweP5CTQLcE9swYGei3kCJiGvzTez VQ== Received: from pacdcmhout02.cable.comcast.com (pacdcmhout02.cable.comcast.com [68.87.96.15]) by mx0a-00143702.pphosted.com with ESMTP id 33netv457t-18 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 22 Sep 2020 17:09:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1600808946; x=2464722546; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=4qGiUQCdUW+CTwjA6dCO2y/T+uRl2YvL82HxBnH3IlE=; b=mMaOJE62lf3jLTfbZbtWFr2WJOS6arj3mHJDAnzO+OKB2AqGUpiRzfqyYYREDa01 9i+yUR28d2QI/VigN1A9iRQSFUfb5auCIvXdK1URl2fRcyOoNo054HtwRdSsLEAa YsJkjs+pXiR7j1sK0V6Wx3B1ozhu45m7eOdNQ/si6xI8fSEbNJ7Xit0x0fGTnmJZ KfcoKuQMqg9KyG3M/7DnZQXe/8dAK8ROq8eFsmPP3+0PrJbZ40JyaWoa+Pk4v17J 5CdJeUogYmIieTEEr1RtbTkgZHAmG83J6eeQpcT4ypY5gnEgCel6XPqgXKOOu0EL ZYgSD1kYRjQDRQiuRUuCvQ==; X-AuditID: 4457600f-f0fff70000005543-c2-5f6a67f110fa Received: from PACDCEX54.cable.comcast.com (cas-umc02.ndceast.pa.bo.comcast.net [68.87.34.28]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by pacdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 7E.B6.21827.1F76A6F5; Tue, 22 Sep 2020 17:09:06 -0400 (EDT) Received: from PACDCEX09.cable.comcast.com (24.40.1.132) by PACDCEX54.cable.comcast.com (24.40.2.153) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Sep 2020 17:09:05 -0400 Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX09.cable.comcast.com (24.40.1.132) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 22 Sep 2020 17:09:05 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.176) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Sep 2020 17:08:56 -0400 Received: from MN2PR11MB3582.namprd11.prod.outlook.com (2603:10b6:208:ec::28) by MN2PR11MB3583.namprd11.prod.outlook.com (2603:10b6:208:ea::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.19; Tue, 22 Sep 2020 21:08:55 +0000 Received: from MN2PR11MB3582.namprd11.prod.outlook.com ([fe80::7d38:9ff4:1394:57bb]) by MN2PR11MB3582.namprd11.prod.outlook.com ([fe80::7d38:9ff4:1394:57bb%7]) with mapi id 15.20.3391.026; Tue, 22 Sep 2020 21:08:55 +0000 From: "Lee, Yiu" To: Stephen Farrell , Michael Richardson , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" Thread-Topic: [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWkSSUMeRF7XDjM0KNsHB8/6GD7g== Date: Tue, 22 Sep 2020 21:08:55 +0000 Message-ID: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> In-Reply-To: <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.41.20091302 authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=Cable.Comcast.com; x-originating-ip: [2601:42:1:8220:64e9:5707:4fba:b091] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 41c05306-95b0-466e-5c50-08d85f3bb749 x-ms-traffictypediagnostic: MN2PR11MB3583: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 2cMFzF/zk7LdATtxkSupmu9n9Q8MLdBDVOoot6q3k3KaPNNkKmDCLGKSUXEbHPQSKs5D5k1JEbnCUFW2LrDZsbo0NoCKgH42VRWkd+L760PLIXCBHQswx/2wp1mMw9SgREDFnYgBEVKvZgBpdbw8dfCNuJ0fCnz+CK9yB/n2lXL1PPlV6uvGBtBj1NoSE7ZN+Ovy1qR8KB3tmavZVZ85YC1MK2b9zVwcW5xJivJr+2DECWvvt2QHQfRNySnD1nuNJOW8KknDhJ68QE5G8xKzmEUUPty0TybTVZLrGg3VVzYzGp9O47UXHnNbrkOEf7eiwg11qgq9ZfhUfAD7y4CkZiC7oRj9yzFro3oD0qlxt+5UlPquC9UBHOU3QTPjReBtjkLf8twTRDW0sr8BoLAR72MCOZfno4DI1pz5nQuR227M/7nThwNE0+VMfbN7ZowKAJ/Q99OX2Mgge5DyNkyUhg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3582.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(346002)(39860400002)(366004)(36756003)(966005)(76116006)(64756008)(53546011)(478600001)(33656002)(66946007)(8676002)(83380400001)(66476007)(8936002)(66574015)(66446008)(66556008)(6512007)(6486002)(110136005)(9686003)(86362001)(6506007)(5660300002)(186003)(2906002)(71200400001)(296002)(316002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: 83MVuKsPX/ojhZWfSG1LYAsvNLcgOxk8BxeWb0rHKTgQ+Y984/+mC37q3kIzIuLAIPFfP5W/ZeMXi0Vb0Nj8WfNxSNoLa/JAd/P5EX68BbrCmIqym2Eh3kjtw5i6f0uoeQvgmw3j1XJhPBljNokj4OLQT46BELYw7zA2vhg6My0M9EIqjo+78ppzehvubi1koMdJNzZ7UK5/TBZ6QsdtT4Q+Cp1bmzRwQ8fhSn0dmMQrbWlO4eTEMHPxapnJ3q/kMT0BWyJm7E1ZEjOQ59YB5yz+V7NTJ7M+cOjUcmXFA/dsKifk+Qh4R8fad/MWE1wtFKoyCywliO3tM0eePBR9RFB1W796UmYjNkygBl9Z9yr8w7iZXwKXbue4gmMZTczP3K5ed/bpyhDaQR6nJ369L70VHIGA5U6emmeoe9jMym7u1cVJGZ9FUSW+5B0dwtVA9XL8N8MZNt8u3xPL7Z/FEY8LycPjRJJEGYTVu796znrnOnnYbI5mcwx61hkpvuaGOE2r/A3uX12Y/pdOVhr26+E9tmxJaeCshkU7ws8Ic4dEmwjwPF07SyPR9vpcAIPW2/8ooYXuSpYqfpAORFZTemEXpB3SOxRwaQgfc8aGOqS3ALrMGyRTDgpHjM0YqhZSbo/InkffE7LmKM7jFq9Qbd2p8bt5BNk++WRlLKiwGlaMS+O1at1mer6Pvu8WCQvXVSKw6TqZgsMLL9+0cHweDw== x-ms-exchange-transport-forked: True arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B11p3HWqOq/GqEvBOrqiI1hxoEJfd1v9vVDTv5gqnE2etWAKkAk1Nedk0oqkwTBVmTy3IxXyN6fXLATt4sJGn8QrN/SeBk52r8ZDTItykDCZVPpiduWByGshUzmSEP6aMvR/gI6GXxZNVjICmM0H1wVbPuF3RlWCr7jDptDHW9HzhhCvJdzdZtvwm8DwM73yy7/fEWACHUxA2WrGe+Eak1J4PxlKqmXu/J6vguECdGaewhNu2ImPvkc4QL2CM+HkMsDrcLU0wrHE++9sRBGjJNMMJI1m4/DTkwdQ5js3LbtwXW/K36T4Cg++4tLEANJ+Wlxa8eEPS4M3DiGILy8d1g== arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZYEi1kzd77A3X98giW8XBFNbsipasgmMT3P5lEF2EEU=; b=meukhFxYjbbFr9OsIR1bCbP/xyI7K9hWo7Izfnp4bFci4NpbKnvwjY0uPjt/iytKctfYX+c5RASP/MadUIDBcr6IQCBSvo2mVrw8/gZt81b+4xX5+WxvcFjIoQ9bUHNH9mlzWGimcUb7/L5KvCYkD4P4f1T7Ha7nxXc83Uw/BCm9+sYSzJjwUWHGkSDKnh1YCiq3Y/zbluiCoCMxbpAESuRy3H0TdjRmmNviUAX9xdkZmXB2qT6g9qNc7n0gzxTOV0ZlxKSWiXn/jKptEk4Jh+jDsV0uSUGbBXMQhvoD9Ir5ytr2jkwsCPmD912qrZP/yWxCHW9HTq5hmUjvtkSCTQ== arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZYEi1kzd77A3X98giW8XBFNbsipasgmMT3P5lEF2EEU=; b=oBFJ0XmgBpfBBByRR0yDZvhv1oeVL897uxvMOFAo8MB6hm5pCuL1j7xaeUFY4s4rwZySy5nzAu+wk8YgEIzNY9SYbIX/auVGn2E6wxNMCMeyvjkf6nB3l236VsKB/kaQn1acVq+cx8TxpPDiaq9YVAF+rM5Xefw5ylC3ZszZWek= x-ms-exchange-crosstenant-authas: Internal x-ms-exchange-crosstenant-authsource: MN2PR11MB3582.namprd11.prod.outlook.com x-ms-exchange-crosstenant-network-message-id: 41c05306-95b0-466e-5c50-08d85f3bb749 x-ms-exchange-crosstenant-originalarrivaltime: 22 Sep 2020 21:08:55.4063 (UTC) x-ms-exchange-crosstenant-fromentityheader: Hosted x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa x-ms-exchange-crosstenant-mailboxtype: HOSTED x-ms-exchange-crosstenant-userprincipalname: X+J7svAJCm+Sc4uYDnKVPgK1foHmRjsjpfb3BNkr6MIZ/mNuVXMCGQfq/uE6vRxI5hJUX+uPP88UfCapv9b0ZyDVX222acl2dLfeEm0HdiY= x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB3583 x-originatororg: cable.comcast.com Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Forward X-Brightmail-Tracker: H4sIAAAAAAAAA02Se0hTcRTH++3eu01t9XOlHdYqvdBLmDZ1eietSQ+agT0oegi1XfSm+djG ppLVHxaRmdmD2cNRVmovLcqil2h/jBWYhTGxtDQ1DVTySWA+kna9C/rv8z2PL+ccjpSQD1EK 6SFzNmczs5m02J/cuIdWqsZS041rzrch5rozn2KGy10k0+psI5mzrvMS5kr9J0k8ZXhY1CI2 VFZOiAwnr9UR24mkDWvTODaFs4Vw5mRLyiFzqo5O2LlNxTAarUpNh5jZLE5H71XtTNys2mQ+ aLElc3RILpuZ441azFYbl0VHrDNtSPs21k9ZJ+MOPx/X56OX2jPITwo4Gu6MvBefQf5SOXaL YHhi2idqEbw7VSESRAuCB/UjlCDeIrhVMEAIokIEfdOXSUF8R1DjaaR4ZzFeAdWPG2bNFuI+ BI/OtYr5xAKcDJdm+rzGUm8iBX78NgkYDs2Tx/gKEi+HgYkBxIdleB3cb7IL9oUIihudJF/j h3XgeNpC8IxwMIy/eyDimcCL4EvvDZGwHIbKuiZC4CDo75mZHS0IR8Doha8S3hThEgSDBZ0S oSgG3B+e+RqWgOdGERI4ETw3O33xMPh8q83HGXBiatpXsxJOjpZRAi+FquJuUmAldLW+mL0D 4CkCOnrKJYIYIeDsvRLyAtI4/5vc6d2awKvhUW2EEDbAr9JBQuBQKCnqlvAsw4HQUNpL3kRU FQqIYcKZ2HBtTLha8wTN/ppp/kv05orBhbAU0XNl6r3pRjnF5trzslwIpAS9ULYiMtUol6Ww eUc4m8Voy8nk7C6k8V7/IqEISrZ4P9ecbVRrtNrYaEarjlTHrqEXyfRdJqMcp7LZXAbHWTnb vz6R1E+RjwK2OkzHe923F19Ujm4bTdAZaoOHR+JU1a/CAmW3m9qiVjX+jFq6L1uZ5HKn/yzc kevw6Gccoa/rCpcp2pfneZIcjfvXdybIDijI6prmu3/im0vnXA3eHfl0tb796OmOywfDPnZ/ 0c8/3p+4i9tn7VWWDUztv1c15C7YLVJu2THPqqNJexqrDiNsdvYvRYusNIEDAAA= X-SMG-Enforce: onprem X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-22_18:2020-09-21, 2020-09-22 signatures=0 X-Proofpoint-Spam-Reason: safe Archived-At: Subject: Re: [Captive-portals] [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 21:09:19 -0000 SGkgU3RlcGhlbiwNCg0KVGhhbmtzIGZvciB0aGUgbm90ZXMuIEFjdHVhbGx5LCB3ZSBiZWxpZXZl IHRoYXQgdGhlcmUgYXJlIGdvb2QgcHJpdmFjeSByZWFzb25zIHRvIHJhbmRvbWl6ZSBtYWMtYWRk cmVzcy4gVGhpcyBCb0YgaXNuJ3QgdHJ5aW5nIHRvICJmaXgiIHJhbmRvbWl6ZWQgbWFjLWFkZHJl c3MuIE9uIHRoZSBjb250cmFyeSwgd2Ugd2FudCB0aGUgY29tbXVuaXR5IHRvIGVtYnJhY2UgaXQu IEluIG9yZGVyIHRvIGVhc2UgdGhlIGFueGlldHkgZm9yIHRyYW5zaXRpb25pbmcsIHdlIHdhbnQg dG8gZG9jdW1lbnQgd2hhdCBtYXkgYnJlYWsgYW5kIHByb3Bvc2UgYmVzdCBwcmFjdGljZSB0byB0 cmFuc2l0aW9uIHRvIGR5bmFtaWMgbWFjLWFkZHJlc3MuDQoNClRoYW5rcywNCllpdQ0KDQoNCu+7 v09uIDkvMjIvMjAsIDQ6NTEgUE0sICJJbnQtYXJlYSBvbiBiZWhhbGYgb2YgU3RlcGhlbiBGYXJy ZWxsIiA8aW50LWFyZWEtYm91bmNlc0BpZXRmLm9yZyBvbiBiZWhhbGYgb2Ygc3RlcGhlbi5mYXJy ZWxsQGNzLnRjZC5pZT4gd3JvdGU6DQoNCg0KICAgIFRoYXQgYWdlbmRhIGFuZCBkcmFmdCBzZWVt IHRvIG1ha2UgdGhlIHNlZW1pbmdseSBjb21tb24NCiAgICBlbm91Z2ggbWlzdGFrZSBvZiBvbmx5 IGZvY3VzaW5nIG9uIHdoYXQgYSBuZXcgcHJpdmFjeSBvcg0KICAgIHNlY3VyaXR5IG1lY2hhbmlz bSBicmVha3MgYW5kIGdsb3NzaW5nIG92ZXIgdGhlIGdvb2QNCiAgICByZWFzb25zIHdoeSBwZW9w bGUgaW50cm9kdWNlIHRoZXNlIG1lY2hhbmlzbXMuIEkgaG9wZSB0aGUNCiAgICBCb0YgcHJvcG9u ZW50cyBmaXggdGhhdCBiZWNhdXNlIG90aGVyd2lzZSB0aGV5IG1heSBlbmQgdXANCiAgICBnaXZp bmcgdGhlIGltcHJlc3Npb24gdGhhdCB0aGV5IHdvdWxkIHByZWZlciB0byBub3Qgc2VlDQogICAg dGhlIHByaXZhY3kgYmVuZWZpdHMgKHdoaWNoIEknZCBndWVzcyBpcyBub3QgdGhlaXIgZ29hbA0K ICAgIGF0IGFsbCkuIE9uZSByZWFzb24gdGhvc2UgZ29vZCByZWFzb25zIG5lZWQgdG8gYmUgaW5j bHVkZWQNCiAgICBpcyB0aGF0IHRoZXkgY29uc3RyYWluIHRoZSBraW5kcyBvZiBhZGRpdGlvbnMg dGhhdCBtaWdodA0KICAgIG1ha2Ugc2Vuc2UgdG8gYmV0dGVyIGhhbmRsZSB0aGUgbmV3IG1lY2hh bmlzbS4NCg0KICAgIFdlJ3ZlIHNlZW4gYSBudW1iZXIgb2YgdGhlc2Uga2luZHMgb2YgcmVhY3Rp b25zIGFuZCBJDQogICAgZmlndXJlIGl0J2QgcmVhbGx5IGJlIGJldHRlciBpZiB0aGUgcmVhY3Rp b24gd2VyZSBub3QgdG8NCiAgICBhcHBlYXIgcHVyZWx5IHJlYWN0aW9uYXJ5Oy0pDQoNCiAgICBJ ZiB0aGF0IHdlcmUgZml4ZWQsIHRoZW4gdGhlcmUgbWF5IGJlIGEgYmV0dGVyIGRpc2N1c3Npb24N CiAgICBvZiB3aGF0LCBpZiBhbnksIGFkZGl0aW9uYWwgdGhpbmdzIG5lZWQgZG9pbmcuIElmIHRo YXQgaXMNCiAgICBub3QgZml4ZWQsIEknZCBub3QgYmUgc3VycHJpc2VkIGlmIHRoZSBwdXRhdGl2 ZSBCb0Ygd2VyZQ0KICAgIHRvIGRldm9sdmUgaW50byBhICJpdCdzIGJhZCIgdnMuICJubywgaXQn cyBnb29kIiBidW4gZmlnaHQNCiAgICB0aGF0IHdvbid0IHJlYWxseSB0YWtlIHVzIGZ1cnRoZXIu DQoNCiAgICBDaGVlcnMsDQogICAgUy4NCg0KICAgIE9uIDIyLzA5LzIwMjAgMjE6NDAsIE1pY2hh ZWwgUmljaGFyZHNvbiB3cm90ZToNCiAgICA+DQogICAgPiBEYW1uLiBTcGVsdCBjYXB0aXZlLXBv cnRhbCB3aXRob3V0IHRoZSBzIGFnYWluLiAgUmVwb3N0aW5nLCBzb3JyeSBmb3IgZHVwbGljYXRl cy4NCiAgICA+IEkgaGF0ZSB3aGVuIFdHIG5hbWVzIGFuZCBsaXN0IG5hbWVzIGRvIG5vdCBtYXRj aCwgYW5kIHRoYXQgd2UgY2FuJ3QgaGF2ZSBhbGlhc2VzLg0KICAgID4gQW5kIEkgdGhpbmsgdGhh dCByZXBseS10byBnZXRzIGZpbHRlcmVkLg0KICAgID4NCiAgICA+IEFyY2hpdmVkLUF0OiA8aHR0 cHM6Ly91cmxkZWZlbnNlLmNvbS92My9fX2h0dHBzOi8vbWFpbGFyY2hpdmUuaWV0Zi5vcmcvYXJj aC9tc2cvaW50LWFyZWEvMTRTa2dtODRHc2xQWjlVY0dvV1kzdXptSzZJX187ISFDUWwzbWNIWDJB IVEwcEVqV3JMVGNtY3J5VVIyRU1iU2M2dVdCTlUteEphZGF6bnhXdndtRGsyLUFSb1IwRFlZcV9l cHJYU0VqbyQgPg0KICAgID4gVG86IGludC1hcmVhQGlldGYub3JnLCBjYXB0aXZlLXBvcnRhbEBp ZXRmLm9yZywgaG9tZW5ldEBpZXRmLm9yZw0KICAgID4gRnJvbTogTWljaGFlbCBSaWNoYXJkc29u IDxtY3IraWV0ZkBzYW5kZWxtYW4uY2E+DQogICAgPiBEYXRlOiBUdWUsIDIyIFNlcCAyMDIwIDE2 OjM0OjMzIC0wNDAwDQogICAgPg0KICAgID4gVGhpcyB0aHJlYWQgd2FzIHN0YXJ0ZWQgdG9kYXkg b24gdGhlIElOVEFSRUEgV0cgTUwuDQogICAgPg0KICAgID4gV2hpbGUgSSBkb24ndCBvYmplY3Qg dG8gYSBCT0YsIEkgZG9uJ3Qga25vdyB3aGVyZSBpdCBnb2VzLg0KICAgID4gV2hhdCBJIHNlZSBp cyB0aGF0IG11Y2ggb2YgdGhpcyBwcm9ibGVtIG5lZWRzIHRvIGJlIHJlc29sdmVkIHRocm91Z2gN CiAgICA+IGluY3JlYXNlZCB1c2Ugb2YgODAyLjFYOiBtYWtpbmcgV1BBLUVudGVycHJpc2UgZWFz aWVyIHRvIHVzZSBhbmQgc2V0dXAsIHRoaXMNCiAgICA+IGNoYW5naW5nIGNvcmUgaWRlbnRpdHkg ZnJvbSBNQUMgQWRkcmVzcyB0byBJRGV2SUQuDQogICAgPg0KICAgID4gTXkgdW5kZXJzdGFuZGlu ZyBpcyB0aGF0IEFwcGxlIGludGVuZHMgdG8gcmFuZG9taXplIE1BQyBldmVyeSAxMiBob3Vycywg ZXZlbg0KICAgID4gb24gdGhlIHNhbWUgIkxBTiIgKEVTU0lEKSwgYW5kIHRoYXQgdGhleSB3aWxs IGp1c3QgcmVwZWF0IHRoZSBXUEENCiAgICA+IGF1dGhlbnRpY2F0aW9uIGFmdGVyd2FyZHMgdG8g Z2V0IGJhY2sgb24gdGhlIG5ldHdvcmsuICAgSWYgdGhlIHBlci1kZXZpY2UNCiAgICA+IHVuaXF1 ZSBwb2xpY3kgKGluY2x1ZGluZyBDQVBQT1JUIGF1dGhvcml6YXRpb24pIGNhbiBiZSB0aWVkIHRv IHRoZSBkZXZpY2UNCiAgICA+IGJldHRlciwgdGhhbiB0aGUgTUFDIGFkZHJlc3MgYmFzZWQgInBo eXNpY2FsIiBleGNlcHRpb24gY2FuIGJlIHVwZGF0ZWQuDQogICAgPg0KICAgID4gQnV0LCBXUEEt UFNLIGRvZXNuJ3Qgd29yaywgYmVjYXVzZSBpdCBkb2VzIG5vdCwgaW4gZ2VuZXJhbCwgZGlzdGlu Z3Vpc2gNCiAgICA+IGJldHdlZW4gZGlmZmVyZW50IGRldmljZXMuDQogICAgPg0KICAgID4gSXQg Y2FuIGJlIG1hZGUgdG8gd29yayBpZiBldmVyeSBkZXZpY2UgaXMgZ2l2ZW4gYSB1bmlxdWUgUFNL LCBhbmQgdGhlcmUgYXJlDQogICAgPiBzb21lIHN1Y2Nlc3NmdWwgZXhwZXJpbWVudHMgZG9pbmcg ZXhhY3RseSB0aGF0LiAgTW9zdGx5IGl0IGp1c3Qgd29ya3MsIGJ1dA0KICAgID4gdGhlIGNoYWxs ZW5nZSBpcyBjb21tdW5pY2F0aW5nIHRoZSB1bmlxdWUgUFNLIHRocm91Z2ggYW4gdW5yZWxpYWJs ZSBodW1hbi4NCiAgICA+IEJSU0tJIGNhbiBjZXJ0YWlubHkgZG8gdGhpcywgYW5kIGl0IGNhbiBs ZXZlcmFnZSB0aGF0IHVuZW5jcnlwdGVkIEVTU0lEDQogICAgPiBwcmVzZW50IGF0IG1vc3QgaG9z cGl0YWxpdHkgbG9jYXRpb25zIHRvIGdldCBvbnRvIHRoZSBlbmNyeXB0ZWQNCiAgICA+IFdQQS1F bnRlcnByaXNlLiAgT3IgQlJTS0ktVEVFUCwgb3Igc29tZSBvdGhlciBCUlNLSS1FQVAgbWV0aG9k LiAgVGhlDQogICAgPiB1bmVuY3J5cHRlZCBTU0lEIGlzIG5vdCBnb2luZyBhd2F5IGF0IHRob3Nl IGxvY2F0aW9ucy4NCiAgICA+DQogICAgPiBUaHVzIFFSLWNvZGUgYmFzZWQgbWV0aG9kcyBhcmUg YmVzdCwgeWV0IHRob3NlIGRvIG5vdCB3b3JrIGZvciBtYW55IElvVA0KICAgID4gZGV2aWNlcy4g ICBFTVUncyBFQVAtTk9PQiBjYW4gaGVscCBpbiBjZXJ0YWluIGNhc2VzLCBidXQgd2UsIGFzIGEg Y29tbXVuaXR5DQogICAgPiBuZWVkIGJlIGNsZWFyIG9uIHdoYXQgZGlyZWN0aW9uIHdlIHdhbnQg dG8gZ28uICBPbmUgYW5zd2VyIGlzIHRoYXQgSW9UDQogICAgPiBkZXZpY2VzIGhhdmUgbGl0dGxl IHJlYXNvbiB0byByYW5kb21pemUgdGhlaXIgTUFDIGlmIHRoZXkgYXJlIG5vdCBnZW5lcmFsbHkN CiAgICA+IHBvcnRlZC4NCiAgICA+DQogICAgPg0KICAgID4gT24gMjAyMC0wOS0yMiAzOjQ5IHAu bS4sIExlZSwgWWl1IHdyb3RlOg0KICAgID4+IEhpIHRlYW0sDQogICAgPj4NCiAgICA+PiBXZSBw cm9wb3NlZCBhIEJvRi4gVGhlIGFnZW5kYSBpcyBpbg0KICAgID4+IGh0dHBzOi8vdXJsZGVmZW5z ZS5jb20vdjMvX19odHRwczovL2dpdGh1Yi5jb20vamxpdmluZ29vZC9JRVRGMTA5Qm9GL2Jsb2Iv bWFzdGVyLzEwOS1BZ2VuZGEubWRfXzshIUNRbDNtY0hYMkEhUTBwRWpXckxUY21jcnlVUjJFTWJT YzZ1V0JOVS14SmFkYXpueFd2d21EazItQVJvUjBEWVlxX2U3YWx5YzhVJCAgYW5kIHRoZQ0KICAg ID4+IHByb3Bvc2FsIGlzIGluDQogICAgPj4gaHR0cHM6Ly91cmxkZWZlbnNlLmNvbS92My9fX2h0 dHBzOi8vZ2l0aHViLmNvbS9qbGl2aW5nb29kL0lFVEYxMDlCb0YvYmxvYi9tYXN0ZXIvQm9GLVBy b3Bvc2FsLTIwMjAwOTE4Lm1kX187ISFDUWwzbWNIWDJBIVEwcEVqV3JMVGNtY3J5VVIyRU1iU2M2 dVdCTlUteEphZGF6bnhXdndtRGsyLUFSb1IwRFlZcV9lTmZLR3FrRSQgLiBZb3UNCiAgICA+PiBj YW4gYWxzbyBmaW5kIHRoZSBkcmFmdCBoZXJlDQogICAgPj4gaHR0cHM6Ly91cmxkZWZlbnNlLmNv bS92My9fX2h0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9kcmFmdC1sZWUtcmFuZG9taXplZC1t YWNhZGRyLXBzLTAxX187ISFDUWwzbWNIWDJBIVEwcEVqV3JMVGNtY3J5VVIyRU1iU2M2dVdCTlUt eEphZGF6bnhXdndtRGsyLUFSb1IwRFlZcV9lcmhDRjMtQSQgLg0KICAgID4+DQogICAgPj4gQXQg dGhpcyBzdGFnZSwgd2UgYXJlIGxvb2tpbmcgZm9yIGlucHV0cyBmb3IgbW9yZSB1c2UgY2FzZXMg YW5kIGludGVyZXN0cw0KICAgID4+IG9mIHdvcmtpbmcgdG9nZXRoZXIgaW4gdGhpcyBkb21haW4u IFBsZWFzZSBwb3N0IHlvdXIgY29tbWVudHMgaW4gdGhlDQogICAgPj4gbWFpbGluZyBsaXN0Lg0K ICAgID4+DQogICAgPj4gVGhhbmtzDQogICAgPj4NCiAgICA+DQogICAgPg0KICAgID4gLS0NCiAg ICA+IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK0lFVEZAc2FuZGVsbWFuLmNhPiAgIC4gbyBPICgg SVB2NiBJw7hUIGNvbnN1bHRpbmcgKQ0KICAgID4gICAgICAgICAgICBTYW5kZWxtYW4gU29mdHdh cmUgV29ya3MgSW5jLCBPdHRhd2EgYW5kIFdvcmxkd2lkZQ0KICAgID4NCiAgICA+DQogICAgPiBf X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KICAgID4gaG9t ZW5ldCBtYWlsaW5nIGxpc3QNCiAgICA+IGhvbWVuZXRAaWV0Zi5vcmcNCiAgICA+IGh0dHBzOi8v dXJsZGVmZW5zZS5jb20vdjMvX19odHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZv L2hvbWVuZXRfXzshIUNRbDNtY0hYMkEhUTBwRWpXckxUY21jcnlVUjJFTWJTYzZ1V0JOVS14SmFk YXpueFd2d21EazItQVJvUjBEWVlxX2VwVm81bVFRJA0KICAgID4NCg0K From nobody Tue Sep 22 14:18:36 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CB5B3A19E0; Tue, 22 Sep 2020 14:18:30 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPG_rM9kWmlb; Tue, 22 Sep 2020 14:18:28 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80E543A19DF; Tue, 22 Sep 2020 14:18:27 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id C3193BE2F; Tue, 22 Sep 2020 22:18:24 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xBgC-KUXtDyr; Tue, 22 Sep 2020 22:18:22 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D511EBE2E; Tue, 22 Sep 2020 22:18:21 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1600809502; bh=NGwFk56K14mm5VG1V70o4CHtQ3DGnqiUK/A2zjF+NgE=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Wm8Xxi5em2nH/QLWmutH0NrNdvlfY+bVB9qr3ccDYcrJgeV8q5ggpL1Fn890g8EIX rZ96q8UVPmVQS+Ersar/Mfz8sA9t/bONOmmj2wNdBrdE/r1L+ddLPvkaqn2WSCy1UV maMJHSLil0JZEerkoHA46G+iG5YxxmX2tAq1Gx7c= To: "Lee, Yiu" , Michael Richardson , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Tue, 22 Sep 2020 22:18:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------7FC874630F33FB18978A9E74" Content-Language: en-US Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 21:18:30 -0000 This is a multi-part message in MIME format. --------------7FC874630F33FB18978A9E74 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Hiya, On 22/09/2020 22:08, Lee, Yiu wrote: > Hi Stephen, > > Thanks for the notes. Actually, we believe that there are good > privacy reasons to randomize mac-address. This BoF isn't trying to > "fix" randomized mac-address. On the contrary, we want the community > to embrace it. In order to ease the anxiety for transitioning, we > want to document what may break and propose best practice to > transition to dynamic mac-address. Sure, I get that. However, we've seen a number of these efforts start thusly but end up being perceived to be partly trying to unwind the privacy benefits, so I think a good way to avoid that mis-perception is to also present the reasons for (in this case, MAC address randomisation) as fully as the description of the challenges caused. Cheers, S. > > Thanks, Yiu > > > On 9/22/20, 4:51 PM, "Int-area on behalf of Stephen Farrell" > > wrote: > > > That agenda and draft seem to make the seemingly common enough > mistake of only focusing on what a new privacy or security mechanism > breaks and glossing over the good reasons why people introduce these > mechanisms. I hope the BoF proponents fix that because otherwise they > may end up giving the impression that they would prefer to not see > the privacy benefits (which I'd guess is not their goal at all). One > reason those good reasons need to be included is that they constrain > the kinds of additions that might make sense to better handle the new > mechanism. > > We've seen a number of these kinds of reactions and I figure it'd > really be better if the reaction were not to appear purely > reactionary;-) > > If that were fixed, then there may be a better discussion of what, if > any, additional things need doing. If that is not fixed, I'd not be > surprised if the putative BoF were to devolve into a "it's bad" vs. > "no, it's good" bun fight that won't really take us further. > > Cheers, S. > > On 22/09/2020 21:40, Michael Richardson wrote: >> >> Damn. Spelt captive-portal without the s again. Reposting, sorry >> for duplicates. I hate when WG names and list names do not match, >> and that we can't have aliases. And I think that reply-to gets >> filtered. >> >> Archived-At: >> > > To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org >> From: Michael Richardson Date: Tue, 22 Sep >> 2020 16:34:33 -0400 >> >> This thread was started today on the INTAREA WG ML. >> >> While I don't object to a BOF, I don't know where it goes. What I >> see is that much of this problem needs to be resolved through >> increased use of 802.1X: making WPA-Enterprise easier to use and >> setup, this changing core identity from MAC Address to IDevID. >> >> My understanding is that Apple intends to randomize MAC every 12 >> hours, even on the same "LAN" (ESSID), and that they will just >> repeat the WPA authentication afterwards to get back on the >> network. If the per-device unique policy (including CAPPORT >> authorization) can be tied to the device better, than the MAC >> address based "physical" exception can be updated. >> >> But, WPA-PSK doesn't work, because it does not, in general, >> distinguish between different devices. >> >> It can be made to work if every device is given a unique PSK, and >> there are some successful experiments doing exactly that. Mostly >> it just works, but the challenge is communicating the unique PSK >> through an unreliable human. BRSKI can certainly do this, and it >> can leverage that unencrypted ESSID present at most hospitality >> locations to get onto the encrypted WPA-Enterprise. Or BRSKI-TEEP, >> or some other BRSKI-EAP method. The unencrypted SSID is not going >> away at those locations. >> >> Thus QR-code based methods are best, yet those do not work for many >> IoT devices. EMU's EAP-NOOB can help in certain cases, but we, as >> a community need be clear on what direction we want to go. One >> answer is that IoT devices have little reason to randomize their >> MAC if they are not generally ported. >> >> >> On 2020-09-22 3:49 p.m., Lee, Yiu wrote: >>> Hi team, >>> >>> We proposed a BoF. The agenda is in >>> https://urldefense.com/v3/__https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaznxWvwmDk2-ARoR0DYYq_e7alyc8U$ >>> and the proposal is in >>> https://urldefense.com/v3/__https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-20200918.md__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaznxWvwmDk2-ARoR0DYYq_eNfKGqkE$ >>> . You can also find the draft here >>> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaznxWvwmDk2-ARoR0DYYq_erhCF3-A$ >>> . >>> >>> At this stage, we are looking for inputs for more use cases and >>> interests of working together in this domain. Please post your >>> comments in the mailing list. >>> >>> Thanks >>> >> >> >> -- Michael Richardson . o O ( IPv6 IøT >> consulting ) Sandelman Software Works Inc, Ottawa and Worldwide >> >> >> _______________________________________________ homenet mailing >> list homenet@ietf.org >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/homenet__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaznxWvwmDk2-ARoR0DYYq_epVo5mQQ$ > >> > > > _______________________________________________ homenet mailing list > homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet > --------------7FC874630F33FB18978A9E74 Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =YzQY -----END PGP PUBLIC KEY BLOCK----- --------------7FC874630F33FB18978A9E74-- From nobody Tue Sep 22 14:27:47 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B25423A1A03; Tue, 22 Sep 2020 14:27:44 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9VNA-E81ndiS; Tue, 22 Sep 2020 14:27:43 -0700 (PDT) Received: from spark.crystalorb.net (spark.crystalorb.net [IPv6:2607:fca8:1530::c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBFAD3A1A02; Tue, 22 Sep 2020 14:27:42 -0700 (PDT) Received: from [192.168.15.243] ([IPv6:2601:184:407f:80ce:18d1:a32d:eba0:14da]) (authenticated bits=0) by spark.crystalorb.net (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id 08MLRXiR025126 (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256 verify=NO); Tue, 22 Sep 2020 14:27:35 -0700 From: "David R. Oran" To: "Stephen Farrell" Cc: "Lee, Yiu" , "Michael Richardson" , captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org Date: Tue, 22 Sep 2020 17:27:27 -0400 X-Mailer: MailMate (1.13.2r5719) Message-ID: In-Reply-To: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 21:27:45 -0000 On 22 Sep 2020, at 17:18, Stephen Farrell wrote: > Hiya, > > On 22/09/2020 22:08, Lee, Yiu wrote: >> Hi Stephen, >> >> Thanks for the notes. Actually, we believe that there are good >> privacy reasons to randomize mac-address. This BoF isn't trying to >> "fix" randomized mac-address. On the contrary, we want the community >> to embrace it. In order to ease the anxiety for transitioning, we >> want to document what may break and propose best practice to >> transition to dynamic mac-address. > > Sure, I get that. However, we've seen a number of these > efforts start thusly but end up being perceived to be > partly trying to unwind the privacy benefits, so I think > a good way to avoid that mis-perception is to also present > the reasons for (in this case, MAC address randomisation) > as fully as the description of the challenges caused. > Right. it would not advance the case to introduce (or start using) = something else bout the device that can be tracked and/or provide = likability and thereby damage privacy in order to preserve the = randomized MAC address machinery. > Cheers, > S. > > >> >> Thanks, Yiu >> >> >> =EF=BB=BFOn 9/22/20, 4:51 PM, "Int-area on behalf of Stephen Farrell" >> >> wrote: >> >> >> That agenda and draft seem to make the seemingly common enough >> mistake of only focusing on what a new privacy or security mechanism >> breaks and glossing over the good reasons why people introduce these >> mechanisms. I hope the BoF proponents fix that because otherwise they >> may end up giving the impression that they would prefer to not see >> the privacy benefits (which I'd guess is not their goal at all). One >> reason those good reasons need to be included is that they constrain >> the kinds of additions that might make sense to better handle the new >> mechanism. >> >> We've seen a number of these kinds of reactions and I figure it'd >> really be better if the reaction were not to appear purely >> reactionary;-) >> >> If that were fixed, then there may be a better discussion of what, if >> any, additional things need doing. If that is not fixed, I'd not be >> surprised if the putative BoF were to devolve into a "it's bad" vs. >> "no, it's good" bun fight that won't really take us further. >> >> Cheers, S. >> >> On 22/09/2020 21:40, Michael Richardson wrote: >>> >>> Damn. Spelt captive-portal without the s again. Reposting, sorry >>> for duplicates. I hate when WG names and list names do not match, >>> and that we can't have aliases. And I think that reply-to gets >>> filtered. >>> >>> Archived-At: >>> >>> To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org >>> From: Michael Richardson Date: Tue, 22 Sep >>> 2020 16:34:33 -0400 >>> >>> This thread was started today on the INTAREA WG ML. >>> >>> While I don't object to a BOF, I don't know where it goes. What I >>> see is that much of this problem needs to be resolved through >>> increased use of 802.1X: making WPA-Enterprise easier to use and >>> setup, this changing core identity from MAC Address to IDevID. >>> >>> My understanding is that Apple intends to randomize MAC every 12 >>> hours, even on the same "LAN" (ESSID), and that they will just >>> repeat the WPA authentication afterwards to get back on the >>> network. If the per-device unique policy (including CAPPORT >>> authorization) can be tied to the device better, than the MAC >>> address based "physical" exception can be updated. >>> >>> But, WPA-PSK doesn't work, because it does not, in general, >>> distinguish between different devices. >>> >>> It can be made to work if every device is given a unique PSK, and >>> there are some successful experiments doing exactly that. Mostly >>> it just works, but the challenge is communicating the unique PSK >>> through an unreliable human. BRSKI can certainly do this, and it >>> can leverage that unencrypted ESSID present at most hospitality >>> locations to get onto the encrypted WPA-Enterprise. Or BRSKI-TEEP, >>> or some other BRSKI-EAP method. The unencrypted SSID is not going >>> away at those locations. >>> >>> Thus QR-code based methods are best, yet those do not work for many >>> IoT devices. EMU's EAP-NOOB can help in certain cases, but we, as >>> a community need be clear on what direction we want to go. One >>> answer is that IoT devices have little reason to randomize their >>> MAC if they are not generally ported. >>> >>> >>> On 2020-09-22 3:49 p.m., Lee, Yiu wrote: >>>> Hi team, >>>> >>>> We proposed a BoF. The agenda is in >>>> https://urldefense.com/v3/__https://github.com/jlivingood/IETF109BoF= /blob/master/109-Agenda.md__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJ= adaznxWvwmDk2-ARoR0DYYq_e7alyc8U$ >>>> and the proposal is in >>>> https://urldefense.com/v3/__https://github.com/jlivingood/IETF109BoF= /blob/master/BoF-Proposal-20200918.md__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMb= Sc6uWBNU-xJadaznxWvwmDk2-ARoR0DYYq_eNfKGqkE$ >>>> . You can also find the draft here >>>> https://urldefense.com/v3/__https://tools.ietf.org/html/draft-lee-ra= ndomized-macaddr-ps-01__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaz= nxWvwmDk2-ARoR0DYYq_erhCF3-A$ >>>> . >>>> >>>> At this stage, we are looking for inputs for more use cases and >>>> interests of working together in this domain. Please post your >>>> comments in the mailing list. >>>> >>>> Thanks >>>> >>> >>> >>> -- Michael Richardson . o O ( IPv6 I=C3=B8T= >>> consulting ) Sandelman Software Works Inc, Ottawa and Worldwide >>> >>> >>> _______________________________________________ homenet mailing >>> list homenet@ietf.org >>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/hom= enet__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaznxWvwmDk2-ARoR0DYY= q_epVo5mQQ$ >> >>> >> >> >> _______________________________________________ homenet mailing list >> homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet >> > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet DaveO From nobody Tue Sep 22 15:51:28 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 678C63A0115 for ; Tue, 22 Sep 2020 15:51:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.119 X-Spam-Level: X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=sKNELr87; dkim=pass (2048-bit key) header.d=comcast.com header.b=ZHEQ4t00; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=CrML74v7 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id klOjigDWNlIp for ; Tue, 22 Sep 2020 15:51:24 -0700 (PDT) Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8B87D3A00E5 for ; Tue, 22 Sep 2020 15:51:24 -0700 (PDT) Received: from pps.filterd (m0156891.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08MLAdop026914 for ; Tue, 22 Sep 2020 17:24:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=20190412; bh=6JH7Zmo8rkRV/0NIBfJneM9S4RFCa+l8Ri9Nky+Y1Ew=; b=sKNELr87AtH6AaKZWW4EUbS7JZTkZqPRvSkxZG3CJKzLxumnmqtp8bZSGegsCCudchIz Vym0CbIPXDrK9N5QBhNbupqdZ9/geOUHhUQQkE3KNrzZVCGLmmrJ3ObOvozynYhaYkXW 8e3jpWBmdoVSfK3By4qPYRNZp9/yJHSn0qrnfA5pCwDnFSeyvZR1rT6VRjKypUW4AbSh 0GZH8SMXQwuuSLTjWQZsr73bfhE3zKWqqLKqLx143ZSoROjROe5RcQJkm3GSBg0oyg/0 AkiKflXBIDPFSMD8cn2FrhOcDhrNbJ6MWTnYd7zTyVPXuc/nkYh2DfGNgXSEb18YdTMY wA== Received: from copdcmhout02.cable.comcast.com (copdcmhout02.cable.comcast.com [96.114.158.212]) by mx0a-00143702.pphosted.com with ESMTP id 33netv4725-247 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 22 Sep 2020 17:24:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1600809883; x=2464723483; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=6JH7Zmo8rkRV/0NIBfJneM9S4RFCa+l8Ri9Nky+Y1Ew=; b=ZHEQ4t00pYVlQeD7FUNGh/AdIhav2ufL1uZHBkefjYY5n8gmpuwoxcnCWs4eZV7R I/ydO1Y2k71tfJ2l67s0bR/m+APU/vfuO2H6cbGylBfQAsmfGLY431AeqfCJpZRW BWPJm7OV+5xlJHs91PVQFpsvi3S5xJ98JJ6NpwxKjh2jfmQbFx3RpPiMML8YV6fS h10e9cpr++GxbTRkqW4wu3e+T8FvprK0iLIjd2f6sUmOwuJ/odlqqqYb6yvo1iFD 3xVrmzzwvCCmpnkOBu6eFoeNJD0NVy9rHslTtOJmKoifO42lMpm9skGQst+re+Kb 57jWPKTLhEGZuqrvSj5EGQ==; X-AuditID: 60729ed4-a49ff70000003048-92-5f6a6b9be6b1 Received: from COPDCEX13.cable.comcast.com (copdcmhoutvip.cable.comcast.com [96.114.156.147]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by copdcmhout02.cable.comcast.com (SMTP Gateway) with SMTP id 14.F8.12360.B9B6A6F5; Tue, 22 Sep 2020 15:24:43 -0600 (MDT) Received: from COPDCEX10.cable.comcast.com (147.191.124.141) by COPDCEX13.cable.comcast.com (147.191.124.144) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Sep 2020 15:24:42 -0600 Received: from COPDCEXEDGE01.cable.comcast.com (96.114.158.213) by COPDCEX10.cable.comcast.com (147.191.124.141) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 22 Sep 2020 15:24:42 -0600 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.108) by webmail.comcast.com (96.114.158.213) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Sep 2020 17:24:29 -0400 Received: from MN2PR11MB3582.namprd11.prod.outlook.com (2603:10b6:208:ec::28) by MN2PR11MB4629.namprd11.prod.outlook.com (2603:10b6:208:264::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.24; Tue, 22 Sep 2020 21:24:13 +0000 Received: from MN2PR11MB3582.namprd11.prod.outlook.com ([fe80::7d38:9ff4:1394:57bb]) by MN2PR11MB3582.namprd11.prod.outlook.com ([fe80::7d38:9ff4:1394:57bb%7]) with mapi id 15.20.3391.026; Tue, 22 Sep 2020 21:24:13 +0000 From: "Lee, Yiu" To: Stephen Farrell , Michael Richardson , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" Thread-Topic: [EXTERNAL] Re: [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWkSa3djSkh+ICBEK1EH2gcbyfxA== Date: Tue, 22 Sep 2020 21:24:13 +0000 Message-ID: <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.41.20091302 authentication-results: cs.tcd.ie; dkim=none (message not signed) header.d=none;cs.tcd.ie; dmarc=none action=none header.from=Cable.Comcast.com; x-originating-ip: [2601:42:1:8220:64e9:5707:4fba:b091] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2ceb0299-42b5-4625-ee12-08d85f3dda85 x-ms-traffictypediagnostic: MN2PR11MB4629: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ML6kEsKPUI0OeXII/E8W8EKhLQ7mhBXgUJ3cfQvpBtH6UDK599OgQlcs1ZD6XFzNBtfrsVE8qjyGyWWUAzgUu5bYOcJ8foc7v0CQ9uWTjXVSCZBK5mhGik8eRVzwR7cBHuwzQrZctE2UCiYKw5QkH5c3h7H/VHUNkIK9IMNndKQjvHIQho1Ca0Y8HM/72o2mJoQdJvW6mwllGC0D9JNYQXdJDbJ6ISitRaDF003nyRSqP0+GA/xBSAgVS4DST8GRnqKXaWMeYi+Ax7Ggd1YkP1w0Ykc2geOU8Bv4mVNvkAik4n7ZKZC6N0Xp13xXySrZaC/Jn8Ua9430C9Y+LPYfAsYo0hmGWkHBQlJPMrYA/tYARy2bsy3+AFkmS+v6lcoAbPpAyq+bi/H/7sEPNpmoYl1y4gLxTHsFe7cRphh/9/gXsykYgBKtGah/Z4XdNg0e6cgD1wWVVSa5va8wDq6npQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3582.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(346002)(376002)(39860400002)(366004)(396003)(36756003)(478600001)(110136005)(316002)(296002)(53546011)(6512007)(6486002)(9686003)(86362001)(76116006)(66476007)(66946007)(33656002)(186003)(6506007)(66446008)(66574015)(966005)(71200400001)(83380400001)(66556008)(64756008)(2906002)(8936002)(5660300002)(8676002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: 2AeMhw+PRK0iFMw+Sd7nSrULlyq69hpPIX1GlQWFN+cu+L9v+OaljtDpkX4wp07dRHmHZpxSHx+XAPGzJLYyFWG6pSB25mhs228Pr3RKhHGVmn6g9PUEs42+duebSBCcSW5bL+WiuqM/yPinzUzTf/J/CGAyz1t1fmb1ew+i4rhfJdSNXF1znBoWJqn75Dx44Kqqf6T4tEEFQoshAPp6ridxrZN2dcnAp2WqA6qWs2YizAOF75rbv1ygWqzUrUrJX2m0TiRv/JQA46xPaF8PaZIZBLIP3SZQpW5Sm35flmeT/VEEesxauyfdB5w/JfSbGHFy/+zxxRVYt2GnoqI3+Ged567+AyuTA3RdEtnd7d12SX7CoaV4PxPFs8D/0/4ayHJI+2mf8w2haT+aWxnn8sveAN9lOPhTVhFD7vnUXMSgRmwoMUEFGLVRo2jsqXK2p7lpEDr+zLHstb73Pim/beKrVs4B0QngUQLfpPt+X8dveiVErTdpGFoFlFEFMiCMwDx13URYL3bJ9099VS7d7nx85fiVEjcrkaWezS0/9HqFdsiVNKA7AtmcW16scVkHMqSOHpEBwWZ2opDNCncRGYhvkD1oRdgueXnilOfRByH+HRBBap1JSni+ns7QFpOZjmNtEc0/MO+hhEiUekDDAu2aZubWjiUV75CxJtrIUiVI7j4OW8klgdWodeSj/hb8sz+CMHalQ3+MiXMZScDu5Q== x-ms-exchange-transport-forked: True arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fyAszWqb3lKwo4jdrcu4/TQV3fendv1bjuusg4CzJ8K7xh5Wxquxvm0JOw25B/28COxV+CJhByay9Jwb55p3oCtARZAkg2S6yu/tPXFLOT5v/wOtqaWAfwObd65PTZyL5/pJxR7XruxwH/loTK87sjQBrxwkK8DrFqukkyib5LHMTdUaj1AFB3v/i0qY25jA0bMXRHMqKfrViCSODGdU7h7X466ugPbnAkdN5aLz3mW2GYKmj6rWGk7DGcGZjrQbmyO0klncb/w3XW8WEfvr2+jKC4FB7tHlvdUEXi/C6bx8T7jBjR5muoaCXpZZZKamkUNzOsZEFjlmlWxA0VbVKA== arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AWj1Ok7iMFbKKNsUx6srFtlTOAF8pC9lIXTyB8E8b0I=; b=UuJqVxr2K0D4u7I6YsaAh8CwtyEzUlQGHPZYCXJpGwiTFrOxFgX5FEWYVDVPTDGtYgiHizU8cD4HHLRzqmLGr/AnI1UawLRrMNz6PPnXNW2w936IcMULIwSHMumPlHaQvdMrLpvfVup9PIXifMuF+JMyHqSvccaRvg0ZE22Cf0Wo6m1gEDK5AJGseY9s+EEN+lAnPZWuhPJOPiR4w5enQCn2ub1+9TtHnbMiAkhdpPRdEgphyRsXLE8/JBVKTxhWtx10wQDN02dtflmqCKn6lOd93TXOW7NrqKM7OwzfkAsibqZwbh5rgK0CSv/1E1nJfxe6ECt8n7gTKE93ZeVk+w== arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AWj1Ok7iMFbKKNsUx6srFtlTOAF8pC9lIXTyB8E8b0I=; b=CrML74v7RljkwMcElQcqaJeX/IZ6VqmSeQppg0MtRXwIGCCxTnIb506i4GOSVAgSYUf2oyZrnbLUvEYvTnQIFWkEfhmWM0bVhkRoNXhFsKHC7D7WYIMCC1xT2PXLUdfeOSyoLJHfTGQaej5EOIuYHgl/QSE6Hf87YN20RX4KG48= x-ms-exchange-crosstenant-authas: Internal x-ms-exchange-crosstenant-authsource: MN2PR11MB3582.namprd11.prod.outlook.com x-ms-exchange-crosstenant-network-message-id: 2ceb0299-42b5-4625-ee12-08d85f3dda85 x-ms-exchange-crosstenant-originalarrivaltime: 22 Sep 2020 21:24:13.4810 (UTC) x-ms-exchange-crosstenant-fromentityheader: Hosted x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa x-ms-exchange-crosstenant-mailboxtype: HOSTED x-ms-exchange-crosstenant-userprincipalname: zqRCDpLGwN77qaw8aUr0EfTUkKyo7LLBBrjL4ldJ3Z/ILrSM0Ybw1Y6DQhfU/Ws5sIcjEx9cldYMOvtt6OBKf5LfJ1STioJdtju0St5EQ0M= x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB4629 x-originatororg: cable.comcast.com Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-CFilter-Loop: Forward X-Brightmail-Tracker: H4sIAAAAAAAAA02SWUwTYRDH/fZoF7Hms4JMUBE3imfBxRa3RgiGoNXEaIIPRh/KBlYQypZs C0GfkDRqqGc8ClXxAHlA8IyiiErWK2CMRMSAEC1IPGMQ8EDFo+3WxLffzH+O75sZhtR/pqOZ LZJTlCXBxmrGU5nysYOGo/l51kW7WsL5495Smh88rVB8l7eb4ncr+7S85+YzbSptaXB3aiw1 Nd8Ji+tYM7mO3Ji2LFcUskU5VpSy7NlbpJxkdlXGWgPPm8wGjo2VhAIxmd1gyFiz0pAubbbL WSIbWyzYivxeu1QoiwVsQkpmWm794B+y8OuKksoHtlK0O70chTGAjVDR00+Vo/GMHt8hoLdv jFQNBcHhlgZCNXoRfDtSHgprRfD7tTukVBOgjA3RqtGPYGSHiwhU1uA4OHuhVRMQIvBbBOf3 dmkCwmQsQ9Ptd9oAR2AHXGgZIVSOh7rr16gAU3g2vLhdiwKswynwttmN1A5DCHzfvwSFMJwM dafeBwshPAW+tdUHC5E4Cp4PnCDU/2GoaX5MqhwJ7179pgMciRNgaH+PNlAU4UMIPu58qVWD kuDuoyuhhOnw5IQbqbwGOkeHQzwfussaQpwPFz88DDWbA66hKlrlGKjb00epPA18XY3BUQD+ ScIZzw1KNT6R8Kb6ALEfmbz/vdyLGD/Pg/NNCarbAu33RkmVZ8Ihd5/WG5zMJGitHKBOIroO TTQnxXOcMZ4z8fGJXOIlFLy4qqfXUIfHoiDMIHaCbmlenlVPC8WOrQX+9TIkG6GLS8yx6nXZ wtZtomy3ykU20aEgk38DB8joyCy7/34lp5Uzmc1LjLyZS+SWLGKjdKt9mVY9zhGcYr4oFory vzyCCYsuRcpEo6mK+XW6qEcpGnONdfcML45pTIpw/tJT0vOw3vyoduu5hdE3fbVmT3jHnalf 11/cO3J3mjmXNgpf5rZ5WpzNV12+9rYfyxc83pw2kFpbNuv+cfe4pu23Mmz1DpeijEyubrr6 Kb2zpNG43Nj/OiauMnv25VujvKuir2PGpopxLOXIFbj5pOwQ/gIHE+mZhwMAAA== X-SMG-Enforce: onprem X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-22_18:2020-09-21, 2020-09-22 signatures=0 X-Proofpoint-Spam-Reason: safe Archived-At: Subject: Re: [Captive-portals] [EXTERNAL] Re: [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 22:51:26 -0000 Tm90ZWQgYW5kIGNsZWFyLiBXaWxsIGtlZXAgdGhpcyBpbiBtaW5kIGluIHRoZSBuZXh0IHVwZGF0 ZS4NCg0KVGhhbmtzLA0KWWl1DQoNCu+7v09uIDkvMjIvMjAsIDU6MTggUE0sICJTdGVwaGVuIEZh cnJlbGwiIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPiB3cm90ZToNCg0KDQogICAgSGl5YSwN Cg0KICAgIE9uIDIyLzA5LzIwMjAgMjI6MDgsIExlZSwgWWl1IHdyb3RlOg0KICAgID4gSGkgU3Rl cGhlbiwNCiAgICA+DQogICAgPiBUaGFua3MgZm9yIHRoZSBub3Rlcy4gQWN0dWFsbHksIHdlIGJl bGlldmUgdGhhdCB0aGVyZSBhcmUgZ29vZA0KICAgID4gcHJpdmFjeSByZWFzb25zIHRvIHJhbmRv bWl6ZSBtYWMtYWRkcmVzcy4gVGhpcyBCb0YgaXNuJ3QgdHJ5aW5nIHRvDQogICAgPiAiZml4IiBy YW5kb21pemVkIG1hYy1hZGRyZXNzLiBPbiB0aGUgY29udHJhcnksIHdlIHdhbnQgdGhlIGNvbW11 bml0eQ0KICAgID4gdG8gZW1icmFjZSBpdC4gSW4gb3JkZXIgdG8gZWFzZSB0aGUgYW54aWV0eSBm b3IgdHJhbnNpdGlvbmluZywgd2UNCiAgICA+IHdhbnQgdG8gZG9jdW1lbnQgd2hhdCBtYXkgYnJl YWsgYW5kIHByb3Bvc2UgYmVzdCBwcmFjdGljZSB0bw0KICAgID4gdHJhbnNpdGlvbiB0byBkeW5h bWljIG1hYy1hZGRyZXNzLg0KDQogICAgU3VyZSwgSSBnZXQgdGhhdC4gSG93ZXZlciwgd2UndmUg c2VlbiBhIG51bWJlciBvZiB0aGVzZQ0KICAgIGVmZm9ydHMgc3RhcnQgdGh1c2x5IGJ1dCBlbmQg dXAgYmVpbmcgcGVyY2VpdmVkIHRvIGJlDQogICAgcGFydGx5IHRyeWluZyB0byB1bndpbmQgdGhl IHByaXZhY3kgYmVuZWZpdHMsIHNvIEkgdGhpbmsNCiAgICBhIGdvb2Qgd2F5IHRvIGF2b2lkIHRo YXQgbWlzLXBlcmNlcHRpb24gaXMgdG8gYWxzbyBwcmVzZW50DQogICAgdGhlIHJlYXNvbnMgZm9y IChpbiB0aGlzIGNhc2UsIE1BQyBhZGRyZXNzIHJhbmRvbWlzYXRpb24pDQogICAgYXMgZnVsbHkg YXMgdGhlIGRlc2NyaXB0aW9uIG9mIHRoZSBjaGFsbGVuZ2VzIGNhdXNlZC4NCg0KICAgIENoZWVy cywNCiAgICBTLg0KDQoNCiAgICA+DQogICAgPiBUaGFua3MsIFlpdQ0KICAgID4NCiAgICA+DQog ICAgPiBPbiA5LzIyLzIwLCA0OjUxIFBNLCAiSW50LWFyZWEgb24gYmVoYWxmIG9mIFN0ZXBoZW4g RmFycmVsbCINCiAgICA+IDxpbnQtYXJlYS1ib3VuY2VzQGlldGYub3JnIG9uIGJlaGFsZiBvZiBz dGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPg0KICAgID4gd3JvdGU6DQogICAgPg0KICAgID4NCiAg ICA+IFRoYXQgYWdlbmRhIGFuZCBkcmFmdCBzZWVtIHRvIG1ha2UgdGhlIHNlZW1pbmdseSBjb21t b24gZW5vdWdoDQogICAgPiBtaXN0YWtlIG9mIG9ubHkgZm9jdXNpbmcgb24gd2hhdCBhIG5ldyBw cml2YWN5IG9yIHNlY3VyaXR5IG1lY2hhbmlzbQ0KICAgID4gYnJlYWtzIGFuZCBnbG9zc2luZyBv dmVyIHRoZSBnb29kIHJlYXNvbnMgd2h5IHBlb3BsZSBpbnRyb2R1Y2UgdGhlc2UNCiAgICA+IG1l Y2hhbmlzbXMuIEkgaG9wZSB0aGUgQm9GIHByb3BvbmVudHMgZml4IHRoYXQgYmVjYXVzZSBvdGhl cndpc2UgdGhleQ0KICAgID4gbWF5IGVuZCB1cCBnaXZpbmcgdGhlIGltcHJlc3Npb24gdGhhdCB0 aGV5IHdvdWxkIHByZWZlciB0byBub3Qgc2VlDQogICAgPiB0aGUgcHJpdmFjeSBiZW5lZml0cyAo d2hpY2ggSSdkIGd1ZXNzIGlzIG5vdCB0aGVpciBnb2FsIGF0IGFsbCkuIE9uZQ0KICAgID4gcmVh c29uIHRob3NlIGdvb2QgcmVhc29ucyBuZWVkIHRvIGJlIGluY2x1ZGVkIGlzIHRoYXQgdGhleSBj b25zdHJhaW4NCiAgICA+IHRoZSBraW5kcyBvZiBhZGRpdGlvbnMgdGhhdCBtaWdodCBtYWtlIHNl bnNlIHRvIGJldHRlciBoYW5kbGUgdGhlIG5ldw0KICAgID4gbWVjaGFuaXNtLg0KICAgID4NCiAg ICA+IFdlJ3ZlIHNlZW4gYSBudW1iZXIgb2YgdGhlc2Uga2luZHMgb2YgcmVhY3Rpb25zIGFuZCBJ IGZpZ3VyZSBpdCdkDQogICAgPiByZWFsbHkgYmUgYmV0dGVyIGlmIHRoZSByZWFjdGlvbiB3ZXJl IG5vdCB0byBhcHBlYXIgcHVyZWx5DQogICAgPiByZWFjdGlvbmFyeTstKQ0KICAgID4NCiAgICA+ IElmIHRoYXQgd2VyZSBmaXhlZCwgdGhlbiB0aGVyZSBtYXkgYmUgYSBiZXR0ZXIgZGlzY3Vzc2lv biBvZiB3aGF0LCBpZg0KICAgID4gYW55LCBhZGRpdGlvbmFsIHRoaW5ncyBuZWVkIGRvaW5nLiBJ ZiB0aGF0IGlzIG5vdCBmaXhlZCwgSSdkIG5vdCBiZQ0KICAgID4gc3VycHJpc2VkIGlmIHRoZSBw dXRhdGl2ZSBCb0Ygd2VyZSB0byBkZXZvbHZlIGludG8gYSAiaXQncyBiYWQiIHZzLg0KICAgID4g Im5vLCBpdCdzIGdvb2QiIGJ1biBmaWdodCB0aGF0IHdvbid0IHJlYWxseSB0YWtlIHVzIGZ1cnRo ZXIuDQogICAgPg0KICAgID4gQ2hlZXJzLCBTLg0KICAgID4NCiAgICA+IE9uIDIyLzA5LzIwMjAg MjE6NDAsIE1pY2hhZWwgUmljaGFyZHNvbiB3cm90ZToNCiAgICA+Pg0KICAgID4+IERhbW4uIFNw ZWx0IGNhcHRpdmUtcG9ydGFsIHdpdGhvdXQgdGhlIHMgYWdhaW4uICBSZXBvc3RpbmcsIHNvcnJ5 DQogICAgPj4gZm9yIGR1cGxpY2F0ZXMuIEkgaGF0ZSB3aGVuIFdHIG5hbWVzIGFuZCBsaXN0IG5h bWVzIGRvIG5vdCBtYXRjaCwNCiAgICA+PiBhbmQgdGhhdCB3ZSBjYW4ndCBoYXZlIGFsaWFzZXMu IEFuZCBJIHRoaW5rIHRoYXQgcmVwbHktdG8gZ2V0cw0KICAgID4+IGZpbHRlcmVkLg0KICAgID4+ DQogICAgPj4gQXJjaGl2ZWQtQXQ6DQogICAgPj4gPGh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMv X19odHRwczovL21haWxhcmNoaXZlLmlldGYub3JnL2FyY2gvbXNnL2ludC1hcmVhLzE0U2tnbTg0 R3NsUFo5VWNHb1dZM3V6bUs2SV9fOyEhQ1FsM21jSFgyQSFRMHBFaldyTFRjbWNyeVVSMkVNYlNj NnVXQk5VLXhKYWRhem54V3Z3bURrMi1BUm9SMERZWXFfZXByWFNFam8kDQogICAgPj4gPiBUbzog aW50LWFyZWFAaWV0Zi5vcmcsIGNhcHRpdmUtcG9ydGFsQGlldGYub3JnLCBob21lbmV0QGlldGYu b3JnDQogICAgPj4gRnJvbTogTWljaGFlbCBSaWNoYXJkc29uIDxtY3IraWV0ZkBzYW5kZWxtYW4u Y2E+IERhdGU6IFR1ZSwgMjIgU2VwDQogICAgPj4gMjAyMCAxNjozNDozMyAtMDQwMA0KICAgID4+ DQogICAgPj4gVGhpcyB0aHJlYWQgd2FzIHN0YXJ0ZWQgdG9kYXkgb24gdGhlIElOVEFSRUEgV0cg TUwuDQogICAgPj4NCiAgICA+PiBXaGlsZSBJIGRvbid0IG9iamVjdCB0byBhIEJPRiwgSSBkb24n dCBrbm93IHdoZXJlIGl0IGdvZXMuIFdoYXQgSQ0KICAgID4+IHNlZSBpcyB0aGF0IG11Y2ggb2Yg dGhpcyBwcm9ibGVtIG5lZWRzIHRvIGJlIHJlc29sdmVkIHRocm91Z2gNCiAgICA+PiBpbmNyZWFz ZWQgdXNlIG9mIDgwMi4xWDogbWFraW5nIFdQQS1FbnRlcnByaXNlIGVhc2llciB0byB1c2UgYW5k DQogICAgPj4gc2V0dXAsIHRoaXMgY2hhbmdpbmcgY29yZSBpZGVudGl0eSBmcm9tIE1BQyBBZGRy ZXNzIHRvIElEZXZJRC4NCiAgICA+Pg0KICAgID4+IE15IHVuZGVyc3RhbmRpbmcgaXMgdGhhdCBB cHBsZSBpbnRlbmRzIHRvIHJhbmRvbWl6ZSBNQUMgZXZlcnkgMTINCiAgICA+PiBob3VycywgZXZl biBvbiB0aGUgc2FtZSAiTEFOIiAoRVNTSUQpLCBhbmQgdGhhdCB0aGV5IHdpbGwganVzdA0KICAg ID4+IHJlcGVhdCB0aGUgV1BBIGF1dGhlbnRpY2F0aW9uIGFmdGVyd2FyZHMgdG8gZ2V0IGJhY2sg b24gdGhlDQogICAgPj4gbmV0d29yay4gICBJZiB0aGUgcGVyLWRldmljZSB1bmlxdWUgcG9saWN5 IChpbmNsdWRpbmcgQ0FQUE9SVA0KICAgID4+IGF1dGhvcml6YXRpb24pIGNhbiBiZSB0aWVkIHRv IHRoZSBkZXZpY2UgYmV0dGVyLCB0aGFuIHRoZSBNQUMNCiAgICA+PiBhZGRyZXNzIGJhc2VkICJw aHlzaWNhbCIgZXhjZXB0aW9uIGNhbiBiZSB1cGRhdGVkLg0KICAgID4+DQogICAgPj4gQnV0LCBX UEEtUFNLIGRvZXNuJ3Qgd29yaywgYmVjYXVzZSBpdCBkb2VzIG5vdCwgaW4gZ2VuZXJhbCwNCiAg ICA+PiBkaXN0aW5ndWlzaCBiZXR3ZWVuIGRpZmZlcmVudCBkZXZpY2VzLg0KICAgID4+DQogICAg Pj4gSXQgY2FuIGJlIG1hZGUgdG8gd29yayBpZiBldmVyeSBkZXZpY2UgaXMgZ2l2ZW4gYSB1bmlx dWUgUFNLLCBhbmQNCiAgICA+PiB0aGVyZSBhcmUgc29tZSBzdWNjZXNzZnVsIGV4cGVyaW1lbnRz IGRvaW5nIGV4YWN0bHkgdGhhdC4gIE1vc3RseQ0KICAgID4+IGl0IGp1c3Qgd29ya3MsIGJ1dCB0 aGUgY2hhbGxlbmdlIGlzIGNvbW11bmljYXRpbmcgdGhlIHVuaXF1ZSBQU0sNCiAgICA+PiB0aHJv dWdoIGFuIHVucmVsaWFibGUgaHVtYW4uIEJSU0tJIGNhbiBjZXJ0YWlubHkgZG8gdGhpcywgYW5k IGl0DQogICAgPj4gY2FuIGxldmVyYWdlIHRoYXQgdW5lbmNyeXB0ZWQgRVNTSUQgcHJlc2VudCBh dCBtb3N0IGhvc3BpdGFsaXR5DQogICAgPj4gbG9jYXRpb25zIHRvIGdldCBvbnRvIHRoZSBlbmNy eXB0ZWQgV1BBLUVudGVycHJpc2UuICBPciBCUlNLSS1URUVQLA0KICAgID4+IG9yIHNvbWUgb3Ro ZXIgQlJTS0ktRUFQIG1ldGhvZC4gIFRoZSB1bmVuY3J5cHRlZCBTU0lEIGlzIG5vdCBnb2luZw0K ICAgID4+IGF3YXkgYXQgdGhvc2UgbG9jYXRpb25zLg0KICAgID4+DQogICAgPj4gVGh1cyBRUi1j b2RlIGJhc2VkIG1ldGhvZHMgYXJlIGJlc3QsIHlldCB0aG9zZSBkbyBub3Qgd29yayBmb3IgbWFu eQ0KICAgID4+IElvVCBkZXZpY2VzLiAgIEVNVSdzIEVBUC1OT09CIGNhbiBoZWxwIGluIGNlcnRh aW4gY2FzZXMsIGJ1dCB3ZSwgYXMNCiAgICA+PiBhIGNvbW11bml0eSBuZWVkIGJlIGNsZWFyIG9u IHdoYXQgZGlyZWN0aW9uIHdlIHdhbnQgdG8gZ28uICBPbmUNCiAgICA+PiBhbnN3ZXIgaXMgdGhh dCBJb1QgZGV2aWNlcyBoYXZlIGxpdHRsZSByZWFzb24gdG8gcmFuZG9taXplIHRoZWlyDQogICAg Pj4gTUFDIGlmIHRoZXkgYXJlIG5vdCBnZW5lcmFsbHkgcG9ydGVkLg0KICAgID4+DQogICAgPj4N CiAgICA+PiBPbiAyMDIwLTA5LTIyIDM6NDkgcC5tLiwgTGVlLCBZaXUgd3JvdGU6DQogICAgPj4+ IEhpIHRlYW0sDQogICAgPj4+DQogICAgPj4+IFdlIHByb3Bvc2VkIGEgQm9GLiBUaGUgYWdlbmRh IGlzIGluDQogICAgPj4+IGh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMvX19odHRwczovL2dpdGh1 Yi5jb20vamxpdmluZ29vZC9JRVRGMTA5Qm9GL2Jsb2IvbWFzdGVyLzEwOS1BZ2VuZGEubWRfXzsh IUNRbDNtY0hYMkEhUTBwRWpXckxUY21jcnlVUjJFTWJTYzZ1V0JOVS14SmFkYXpueFd2d21EazIt QVJvUjBEWVlxX2U3YWx5YzhVJA0KICAgID4+PiBhbmQgdGhlIHByb3Bvc2FsIGlzIGluDQogICAg Pj4+IGh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMvX19odHRwczovL2dpdGh1Yi5jb20vamxpdmlu Z29vZC9JRVRGMTA5Qm9GL2Jsb2IvbWFzdGVyL0JvRi1Qcm9wb3NhbC0yMDIwMDkxOC5tZF9fOyEh Q1FsM21jSFgyQSFRMHBFaldyTFRjbWNyeVVSMkVNYlNjNnVXQk5VLXhKYWRhem54V3Z3bURrMi1B Um9SMERZWXFfZU5mS0dxa0UkDQogICAgPj4+IC4gWW91IGNhbiBhbHNvIGZpbmQgdGhlIGRyYWZ0 IGhlcmUNCiAgICA+Pj4gaHR0cHM6Ly91cmxkZWZlbnNlLmNvbS92My9fX2h0dHBzOi8vdG9vbHMu aWV0Zi5vcmcvaHRtbC9kcmFmdC1sZWUtcmFuZG9taXplZC1tYWNhZGRyLXBzLTAxX187ISFDUWwz bWNIWDJBIVEwcEVqV3JMVGNtY3J5VVIyRU1iU2M2dVdCTlUteEphZGF6bnhXdndtRGsyLUFSb1Iw RFlZcV9lcmhDRjMtQSQNCiAgICA+Pj4gLg0KICAgID4+Pg0KICAgID4+PiBBdCB0aGlzIHN0YWdl LCB3ZSBhcmUgbG9va2luZyBmb3IgaW5wdXRzIGZvciBtb3JlIHVzZSBjYXNlcyBhbmQNCiAgICA+ Pj4gaW50ZXJlc3RzIG9mIHdvcmtpbmcgdG9nZXRoZXIgaW4gdGhpcyBkb21haW4uIFBsZWFzZSBw b3N0IHlvdXINCiAgICA+Pj4gY29tbWVudHMgaW4gdGhlIG1haWxpbmcgbGlzdC4NCiAgICA+Pj4N CiAgICA+Pj4gVGhhbmtzDQogICAgPj4+DQogICAgPj4NCiAgICA+Pg0KICAgID4+IC0tIE1pY2hh ZWwgUmljaGFyZHNvbiA8bWNyK0lFVEZAc2FuZGVsbWFuLmNhPiAgIC4gbyBPICggSVB2NiBJw7hU DQogICAgPj4gY29uc3VsdGluZyApIFNhbmRlbG1hbiBTb2Z0d2FyZSBXb3JrcyBJbmMsIE90dGF3 YSBhbmQgV29ybGR3aWRlDQogICAgPj4NCiAgICA+Pg0KICAgID4+IF9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fIGhvbWVuZXQgbWFpbGluZw0KICAgID4+IGxp c3QgaG9tZW5ldEBpZXRmLm9yZw0KICAgID4+IGh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMvX19o dHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2hvbWVuZXRfXzshIUNRbDNtY0hY MkEhUTBwRWpXckxUY21jcnlVUjJFTWJTYzZ1V0JOVS14SmFkYXpueFd2d21EazItQVJvUjBEWVlx X2VwVm81bVFRJA0KICAgID4NCiAgICA+Pg0KICAgID4NCiAgICA+DQogICAgPiBfX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXyBob21lbmV0IG1haWxpbmcgbGlz dA0KICAgID4gaG9tZW5ldEBpZXRmLm9yZyBodHRwczovL3VybGRlZmVuc2UuY29tL3YzL19faHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9ob21lbmV0X187ISFDUWwzbWNIWDJB IVFteXF5S3diT094VEdmbTB4NThiNXhmWXZybS1pdmh6UVVEQ2psRjdYdllDYTQxMWwyMG55VFk0 R2MtTXZvYyQNCiAgICA+DQoNCg== From nobody Tue Sep 22 16:15:15 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60D483A0406; Tue, 22 Sep 2020 16:15:08 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.098 X-Spam-Level: X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pBn7mHzNJNuh; Tue, 22 Sep 2020 16:15:06 -0700 (PDT) Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04DED3A0407; Tue, 22 Sep 2020 16:15:06 -0700 (PDT) Received: by mail-wr1-x431.google.com with SMTP id g4so18867557wrs.5; Tue, 22 Sep 2020 16:15:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=m84BOahoC+V798yVeHQrV5C8E7b145+pFc4c8WAstvw=; b=imtnPM8kxHB3NIp58UGlibd/vnLFO5H8YagWhIlLDkEQur1inDYtv1FP3+OtEOgXn9 vzRsACae1n7OBL/xmghJkHR/Y8CQHXADSb0CdRw/Z5a2jdJ5SZQRkxSzmbqaUk9r9J1X WlLLWKWGyiCUmr/XwO7XJWsXNWC/0938PHvP7X6ZXtYkqBseDmJULngqg5WqMvr4GC+y Yi16WEU3Ixl1rtImwvaIRGdeE1zzYpT3hkPDTCblcUC4A94QqehB1/f6gz3Tt0BqONYD vWuxSPL3g9zsXMrvk/gnQVDb+QB6p/cOtM8ZX1/XtYYGCfBU0cpNyKkREXL9hOQK72mr BaUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=m84BOahoC+V798yVeHQrV5C8E7b145+pFc4c8WAstvw=; b=C9LnDJX7PB7pce0VTU7agXfbF69AAcPUgjcVcOsQX9er1cIr0YpEqR8qahs/Z37o8j SOcdZRJ3WJZryCz3/5VeUhy5b6g0E44p0H+9H6Exd2vpB4g6sSkdIZPBX3I+XgTTrPxx MfXMKpheX4PvOwr8WGJk1AK+4F91mczLg5VeryDov7Z/tQCMCyWkt0K6qmUpfLcuR/9j a8dGJACs3xbqKOsFxXOIgaqirchXKllJvGUiceM2baa82m1d9dlugoTJZQAN6ftzCQbq 8ClhI4Pnk+LEzOk3K6Gr7UmJVSXJOOdHRW05POnvZmuX6Gw9KHGE8tu8Qc5AHtXGpLpn gVoQ== X-Gm-Message-State: AOAM530zgCnGRVdeUz05smncf4oEz5spB9fI6HQHy4N+NzM6FatYFMJx R0laMpeBuD8EgSS/5VqfiUlWek+hkAt/7A== X-Google-Smtp-Source: ABdhPJxi8pyx0mr+OW5A+jacx7+yKGEiNhwM2y1PxAJ2/dwt6tSZn6r342IFWU99MNO+NdcAUZTjOQ== X-Received: by 2002:a5d:4088:: with SMTP id o8mr7752261wrp.112.1600816503846; Tue, 22 Sep 2020 16:15:03 -0700 (PDT) Received: from ?IPv6:2601:647:5a00:ef0b:9c8:b694:bc3e:659c? ([2601:647:5a00:ef0b:9c8:b694:bc3e:659c]) by smtp.gmail.com with ESMTPSA id f14sm6577546wme.22.2020.09.22.16.15.01 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 22 Sep 2020 16:15:03 -0700 (PDT) From: Bob Hinden Message-Id: <09A7F884-F102-4081-BB1D-F7760B2DCE9B@gmail.com> Content-Type: multipart/signed; boundary="Apple-Mail=_C52525DE-422E-4B47-8B8E-FB268F286B40"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.15\)) Date: Tue, 22 Sep 2020 16:14:57 -0700 In-Reply-To: <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> Cc: Bob Hinden To: captive-portals@ietf.org, homenet@ietf.org, Internet Area References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> X-Mailer: Apple Mail (2.3445.104.15) Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 23:15:08 -0000 --Apple-Mail=_C52525DE-422E-4B47-8B8E-FB268F286B40 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I have read the emails and the draft = . I am not clear what the goal of = the BOF is. Could the proponents state it clearly? =46rom the agenda, Use Cases: =E2=80=A2 LAN gateway NAPT forwarding - (PRESENTER TBD) =E2=80=A2 Static NAPT policies - (PRESENTER TBD) =E2=80=A2 Persistent DHCP IP address assignments - (PRESENTER = TBD) =E2=80=A2 Device-to-user or group association for malware = protection - (PRESENTER TBD) =E2=80=A2 Device-to-user or group association for parental = controls - (PRESENTER TBD) =E2=80=A2 Device-to-user or group association to restrict or = authorize unwanted or unverified device connections to the LAN - = (PRESENTER TBD) It seems like this is a list of topics where randomized MAC addresses = might break things, so I wonder what the intent is here. No mention of = the privacy benefits, or what the tradeoff are. I note that while MAC addresses are commonly used for things like this, = it=E2=80=99s never been very secure as it is easy on most devices to = change the MAC address. Like when some cable modems locked on to a = specific MAC address, and the way to get around this was to change to a = different MAC address in the device. I also wonder how much of this is an IETF issue, vs. IEEE. Bob > On Sep 22, 2020, at 1:51 PM, Stephen Farrell = wrote: >=20 >=20 > That agenda and draft seem to make the seemingly common > enough mistake of only focusing on what a new privacy or > security mechanism breaks and glossing over the good > reasons why people introduce these mechanisms. I hope the > BoF proponents fix that because otherwise they may end up > giving the impression that they would prefer to not see > the privacy benefits (which I'd guess is not their goal > at all). One reason those good reasons need to be included > is that they constrain the kinds of additions that might > make sense to better handle the new mechanism. >=20 > We've seen a number of these kinds of reactions and I > figure it'd really be better if the reaction were not to > appear purely reactionary;-) >=20 > If that were fixed, then there may be a better discussion > of what, if any, additional things need doing. If that is > not fixed, I'd not be surprised if the putative BoF were > to devolve into a "it's bad" vs. "no, it's good" bun fight > that won't really take us further. >=20 > Cheers, > S. >=20 > On 22/09/2020 21:40, Michael Richardson wrote: >>=20 >> Damn. Spelt captive-portal without the s again. Reposting, sorry for = duplicates. >> I hate when WG names and list names do not match, and that we can't = have aliases. >> And I think that reply-to gets filtered. >>=20 >> Archived-At: = >> To: int-area@ietf.org, captive-portal@ietf.org, homenet@ietf.org >> From: Michael Richardson >> Date: Tue, 22 Sep 2020 16:34:33 -0400 >>=20 >> This thread was started today on the INTAREA WG ML. >>=20 >> While I don't object to a BOF, I don't know where it goes. >> What I see is that much of this problem needs to be resolved through >> increased use of 802.1X: making WPA-Enterprise easier to use and = setup, this >> changing core identity from MAC Address to IDevID. >>=20 >> My understanding is that Apple intends to randomize MAC every 12 = hours, even >> on the same "LAN" (ESSID), and that they will just repeat the WPA >> authentication afterwards to get back on the network. If the = per-device >> unique policy (including CAPPORT authorization) can be tied to the = device >> better, than the MAC address based "physical" exception can be = updated. >>=20 >> But, WPA-PSK doesn't work, because it does not, in general, = distinguish >> between different devices. >>=20 >> It can be made to work if every device is given a unique PSK, and = there are >> some successful experiments doing exactly that. Mostly it just = works, but >> the challenge is communicating the unique PSK through an unreliable = human. >> BRSKI can certainly do this, and it can leverage that unencrypted = ESSID >> present at most hospitality locations to get onto the encrypted >> WPA-Enterprise. Or BRSKI-TEEP, or some other BRSKI-EAP method. The >> unencrypted SSID is not going away at those locations. >>=20 >> Thus QR-code based methods are best, yet those do not work for many = IoT >> devices. EMU's EAP-NOOB can help in certain cases, but we, as a = community >> need be clear on what direction we want to go. One answer is that = IoT >> devices have little reason to randomize their MAC if they are not = generally >> ported. >>=20 >>=20 >> On 2020-09-22 3:49 p.m., Lee, Yiu wrote: >>> Hi team, >>>=20 >>> We proposed a BoF. The agenda is in >>> https://github.com/jlivingood/IETF109BoF/blob/master/109-Agenda.md = and the >>> proposal is in >>> = https://github.com/jlivingood/IETF109BoF/blob/master/BoF-Proposal-20200918= .md. You >>> can also find the draft here >>> https://tools.ietf.org/html/draft-lee-randomized-macaddr-ps-01. >>>=20 >>> At this stage, we are looking for inputs for more use cases and = interests >>> of working together in this domain. Please post your comments in the >>> mailing list. >>>=20 >>> Thanks >>>=20 >>=20 >>=20 >> -- >> Michael Richardson . o O ( IPv6 I=C3=B8T = consulting ) >> Sandelman Software Works Inc, Ottawa and Worldwide >>=20 >>=20 >> _______________________________________________ >> homenet mailing list >> homenet@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet >>=20 > = <0x5AB2FAF17B172BEA.asc>_______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet --Apple-Mail=_C52525DE-422E-4B47-8B8E-FB268F286B40 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEm0rfRsOCoyamPexGrut0EXfnu6gFAl9qhXEACgkQrut0EXfn u6gEZAf9Fb7FbIQ4f2N5Ir+ODgsWgnJcJXa5uV8wGWP9bnYlZa+j29Hdn0a+JWAQ UAX8n6TbAMm8Ad0pDZiKIX8WiSckfkkb1h1T4cTUiQhmVYKl7u4At1XD0xlD2mJ1 fzhzg4wn66ALJTeDQZx7lgbrgemhBglI+ZhNAy0DB9YUnVe/VLbc0ekn3c9xu0l9 O5Jjf+sQsh349FK9uY+3+I7Oblrtf2YOtHTRIVi00+48TUWOidTpRq+0KAnt3w7w xZc7YQZC2QKslfn+hOA9YXE79Z76NQXvqPFTSNUwazUTDpozfRI6Xw6cw7l16hBT g0/VmA/w+rdqVakV2uu9AessrYshEw== =T4IL -----END PGP SIGNATURE----- --Apple-Mail=_C52525DE-422E-4B47-8B8E-FB268F286B40-- From nobody Tue Sep 22 16:25:41 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F4703A005E; Tue, 22 Sep 2020 16:25:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TGkwMR1_E_r4; Tue, 22 Sep 2020 16:25:32 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B46943A0045; Tue, 22 Sep 2020 16:25:31 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id E964F389B0; Tue, 22 Sep 2020 19:03:57 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id EQMT8G_21H2o; Tue, 22 Sep 2020 19:03:56 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 6DE69389AD; Tue, 22 Sep 2020 19:03:56 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id B3BD840A; Tue, 22 Sep 2020 19:25:18 -0400 (EDT) From: Michael Richardson To: Bob Hinden , captive-portals@ietf.org, homenet@ietf.org, Internet Area In-Reply-To: <09A7F884-F102-4081-BB1D-F7760B2DCE9B@gmail.com> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <09A7F884-F102-4081-BB1D-F7760B2DCE9B@gmail.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Sep 2020 23:25:34 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Bob Hinden wrote: > I have read the emails and the draft . I am not clear what the goal of the BOF is. > Could the proponents state it clearly? I can't speak for the proponents, but at the simplest, one could add: "how can we do X if the MAC cannot be used as identity" > =E2=80=A2 LAN gateway NAPT forwarding - (PRESENTER TBD) > =E2=80=A2 Static NAPT policies - (PRESENTER TBD) > =E2=80=A2 Persistent DHCP IP address assignments - (PRESENTER TBD) > =E2=80=A2 Device-to-user or group association for malware protection = - (PRESENTER TBD) > =E2=80=A2 Device-to-user or group association for parental controls -= (PRESENTER TBD) > =E2=80=A2 Device-to-user or group association to restrict or authoriz= e unwanted > or unverified device connections to the LAN - (PRESENTER TBD) I don't get the NAPT issue though. The NAPT issues are because DHCP gave the device a different IP(v4), right? If you solve persistent DHCP, then you solve those, don't you? =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9qh94ACgkQgItw+93Q 3WX7CwgAuh/dV/7QwjLTF6Vl9q6MZfWApdEsanH9ka80gxjMkhG15s5S4Zo2bZEL gfkVKiy3PR74/84XsoiWSuWADhwdp86egv8uzj5hexvczcGY3z99rXsa/N7StHU0 D82qecg/Uo3ko1daGT+s+SWrsjwX9gx4WR6up91U7I6lOxT//j7AQuFjIqkXrl4P nC+Q8RIyU7x4UqlTJvlVxIH/n3ozAj8/Dh4JnxOVA7pdxSVlRtLrWOBYLTHGuKP6 ihxowlRm0qUyoTafyJrJEU/Myg8gu5nvg6o69T2//VTnk03p2mE9hfJKCEPYPw30 sXfsB49phMUbkHqzpqjpcioLBmBKtQ== =oE5h -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Sep 22 17:14:00 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE3B83A0406; Tue, 22 Sep 2020 17:13:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FOQMUzsUrUtf; Tue, 22 Sep 2020 17:13:54 -0700 (PDT) Received: from mail-vk1-xa33.google.com (mail-vk1-xa33.google.com [IPv6:2607:f8b0:4864:20::a33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D85423A0403; Tue, 22 Sep 2020 17:13:53 -0700 (PDT) Received: by mail-vk1-xa33.google.com with SMTP id q13so4741787vkd.0; Tue, 22 Sep 2020 17:13:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=puxRxrleIwYibkAGyIbEu1o6hjCWcirbWrGnYtAJisg=; b=krEc0l8ffzRkUt7tgyDpSjabo6cYONUjQH9WvlkyocDaOpP5k998C5tuB5aq2z4F6W hwDY01hLr8paTK+WrBI0Ss6xBoJY58RuPwDUauILqdcy9EmuJAQecO0p5+xcGYUH+opZ C4vMDPHFnj3mP24alXStCCA0PcKarowvFMx3BkgM8eeNcZACeR/4DVwRHQ/QbGLQYg/H ewRzO0qBVvC11ECJSxpFvG0nbqyW7mSfY9g76MjBPYCq7jit9LJfi8Ej1DB6I1ElsVmN eRo47GCw+Brta1bSNaSnfpe+AH1jbI1JvjG0zM8urKDOmTUmCQnTsFGdBmLA3Y/7XDvc LokQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=puxRxrleIwYibkAGyIbEu1o6hjCWcirbWrGnYtAJisg=; b=HSw54amezEJz7VL/qooq4oKFgfEOtIlccszXE7DcO5jPLoXlKfnynphZXRtlXtzlnP NKCD2qr44i38TLpW0WGyj4roznlhQruEL+nUAgZXUkEBldbtHo6/ycFjPkeLS08+/nkz ZP5cPC2sTaMi3DvnH9B3MZ4adAf2qV2gfmkxUTGnVlDEG1U2Z0Hc93WLs0Gklftl3Z9y +666fSkmRAYc1kX+HC9oUv9hWhOhCRpgTJW7CQVLeafICSUhd45c4ufb0V3DFiyOpo6e 6mIiVNPfxlqWdLJlpdNn+Sf7aym6O4PMrAOeocNfTCZjyhU4WdrX6Jfy2Ly3ADPJ+TNL WwQg== X-Gm-Message-State: AOAM533f8KSQv5unvuOpRsd0629ogJ2sZtgWZba01ixzOkgOHV1HxhPy 8YZwl+yED58rsTZovUG8/+M7e4onXvSvSvYALRk= X-Google-Smtp-Source: ABdhPJz8Gu67mV5k8zhPGnbce0zWdyOeL3foMepF614NJe5vDZOuoBMblyeVINK5XPCkZYlj65vYBcWudRLtiZNtrHE= X-Received: by 2002:a1f:3849:: with SMTP id f70mr5530722vka.0.1600820032739; Tue, 22 Sep 2020 17:13:52 -0700 (PDT) MIME-Version: 1.0 References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <09A7F884-F102-4081-BB1D-F7760B2DCE9B@gmail.com> <20953.1600817118@localhost> In-Reply-To: <20953.1600817118@localhost> From: Brian Dickson Date: Tue, 22 Sep 2020 17:13:41 -0700 Message-ID: To: Michael Richardson Cc: Bob Hinden , captive-portals@ietf.org, HOMENET , Internet Area Content-Type: multipart/alternative; boundary="000000000000669e8105afeff55d" Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 00:13:56 -0000 --000000000000669e8105afeff55d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Tue, Sep 22, 2020 at 4:25 PM Michael Richardson wrote: > > Bob Hinden wrote: > > I have read the emails and the draft > . I am not clear what the goal of t= he > BOF is. > > > Could the proponents state it clearly? > > I can't speak for the proponents, but at the simplest, one could add: > "how can we do X if the MAC cannot be used as identity" > > > =E2=80=A2 LAN gateway NAPT forwarding - (PRESENTER TBD) > > =E2=80=A2 Static NAPT policies - (PRESENTER TBD) > > =E2=80=A2 Persistent DHCP IP address assignments - (PRESENTER TBD) > > =E2=80=A2 Device-to-user or group association for malware protectio= n - > (PRESENTER TBD) > > =E2=80=A2 Device-to-user or group association for parental controls= - > (PRESENTER TBD) > > =E2=80=A2 Device-to-user or group association to restrict or author= ize > unwanted > > or unverified device connections to the LAN - (PRESENTER TBD) > > I don't get the NAPT issue though. > The NAPT issues are because DHCP gave the device a different IP(v4), righ= t? > If you solve persistent DHCP, then you solve those, don't you? > I think there are some environments where that isn't technically accurate, or might not be 100% accurate. E.g. The difference between DHCP6 and that other wacky thing that is doing random self-assigned IPv6 addresses. Basically if MAC addresses change during the lifetime of any assignment (externally provided or self-assigned), the L3/L2 mapping itself also needs to be updated or redone. And how that is done can break security and/or connectivity and/or privacy, or possibly all three. (E.g. maintaining the IP address when the MAC changes, defeats at least one possible purpose of changing the MAC.) I sense a potential rat-hole, but also the possibility of finding common ground to fix a bunch of things that are problematic to some degree or another. I'm hopeful that something like 802.1x can be made use of effectively, but again a lot depends on the use cases and will likely require pretty deep dives on each of the relevant technologies and implementations. IMNSHO, MACs should be relegated to the role reflected in their name: Media Access Control, basically a disambiguator, not an identity. Maybe MACs should be used the way the initial values selected by the two parties doing DH key exchange are used, just as a stepping stone in establishing a cryptographically-strong "thing" that only they know. I.e. use the initial MAC (regardless of what it is) as an initial layer-2 communications things, during the set-up of {whatever the BOF/WG output is}, after which the MAC gets changed to {something else}. The work being done by the exposure notification may be a good reference model. (Google Apple Exposure Notification, aka GAEN, for the SARS-CoV-2 aka Covid-19 protocols for privacy-first automatic exposure notification over BLE). That too uses identifiers that are non-linkable and rotate periodically (on the order of 10 minutes IIRC). Brian --000000000000669e8105afeff55d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=

Bob Hinden <bo= b.hinden@gmail.com> wrote:
=C2=A0 =C2=A0 > I have read the emails and the draft <draft-lee-rando= mized-macaddr-ps-01>.=C2=A0 =C2=A0I am not clear what the goal of the BO= F is.

=C2=A0 =C2=A0 > Could the proponents state it clearly?

I can't speak for the proponents, but at the simplest, one could add: =C2=A0 "how can we do X if the MAC cannot be used as identity"
=C2=A0 =C2=A0 > =E2=80=A2 LAN gateway NAPT forwarding - (PRESENTER TBD)<= br> =C2=A0 =C2=A0 > =E2=80=A2 Static NAPT policies - (PRESENTER TBD)
=C2=A0 =C2=A0 > =E2=80=A2 Persistent DHCP IP address assignments - (PRES= ENTER TBD)
=C2=A0 =C2=A0 > =E2=80=A2 Device-to-user or group association for malwar= e protection - (PRESENTER TBD)
=C2=A0 =C2=A0 > =E2=80=A2 Device-to-user or group association for parent= al controls - (PRESENTER TBD)
=C2=A0 =C2=A0 > =E2=80=A2 Device-to-user or group association to restric= t or authorize unwanted
=C2=A0 =C2=A0 > or unverified device connections to the LAN - (PRESENTER= TBD)

I don't get the NAPT issue though.
The NAPT issues are because DHCP gave the device a different IP(v4), right?=
If you solve persistent DHCP, then you solve those, don't you?

I think there are some environments where that = isn't technically accurate, or might not be 100% accurate.
E.= g. The difference between DHCP6=C2=A0and that other wacky thing that is doi= ng random self-assigned IPv6 addresses.

Basically = if MAC addresses change during the lifetime of any assignment (externally p= rovided or self-assigned), the L3/L2 mapping itself also needs to be update= d or redone.

And how that is done can break securi= ty and/or connectivity and/or privacy, or possibly all three.
(E.g. maintaining the IP address when the MAC changes, defeats = at least one possible purpose of changing the MAC.)

I sense a potential rat-hole, but also the possibility of finding common = ground to fix a bunch of things that are problematic to some degree or anot= her.

I'm hopeful that something like 802.1x ca= n be made use of effectively, but again a lot depends on the use cases and = will likely require pretty deep dives on each of the relevant technologies = and implementations.

IMNSHO, MACs should be relega= ted to the role reflected in their name: Media Access Control, basically a = disambiguator, not an identity.

Maybe MACs should = be used the way the initial values selected by the two parties doing DH key= exchange are used, just as a stepping stone in establishing a cryptographi= cally-strong "thing" that only they know.
I.e. use the = initial MAC (regardless of what it is) as an initial layer-2 communications= things, during the set-up of {whatever the BOF/WG output is}, after which = the MAC gets changed to {something else}.

The work= being done by the exposure notification may be a good reference model.
(Google Apple Exposure Notification, aka GAEN, for the SARS-CoV-2 ak= a Covid-19 protocols for privacy-first automatic exposure notification over= BLE).
That too uses identifiers that are non-linkable and rotate= periodically (on the order of 10 minutes IIRC).

B= rian
--000000000000669e8105afeff55d-- From nobody Tue Sep 22 17:37:47 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3137F3A0787; Tue, 22 Sep 2020 17:37:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2 X-Spam-Level: X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kR1nSvlvLjHl; Tue, 22 Sep 2020 17:37:40 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A433A3A0128; Tue, 22 Sep 2020 17:37:39 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 8BA12BE2F; Wed, 23 Sep 2020 01:37:37 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wxjHkK6wC7P4; Wed, 23 Sep 2020 01:37:35 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 24874BE2E; Wed, 23 Sep 2020 01:37:35 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1600821455; bh=F3t/4lNg29gI9i7d/ES0wRnx4cSsOc5QF01mSlZkLNI=; h=To:Cc:References:From:Subject:Date:In-Reply-To:From; b=yikv9E1smfAN1PqnBu4viDaTeoUafD8jcMtBJ4btVzSFLdpz5TnQYG9HF2EF55+w5 JAoX0dU6HkXbmp01A064j1ec1NkaqL12o1Y8Ayo+wYBvxrqeR2/UeF3Fd6+03t3Tyo e9COPSF0uNl1ZvdqgC0OGjRpROY9/UrWD36ii0RI= To: Brian Dickson , Michael Richardson Cc: captive-portals@ietf.org, HOMENET , Internet Area , Bob Hinden References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <09A7F884-F102-4081-BB1D-F7760B2DCE9B@gmail.com> <20953.1600817118@localhost> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Wed, 23 Sep 2020 01:37:34 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/mixed; boundary="------------04AE8B4DFB1DAD62168D625E" Content-Language: en-US Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 00:37:42 -0000 This is a multi-part message in MIME format. --------------04AE8B4DFB1DAD62168D625E Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Hiya, On 23/09/2020 01:13, Brian Dickson wrote: > IMNSHO, MACs should be relegated to the role reflected in their name: Media > Access Control, basically a disambiguator, not an identity. With s/disambiguator/local disambiguator/ I would entirely agree I think. > The work being done by the exposure notification may be a good reference > model. > (Google Apple Exposure Notification, aka GAEN, for the SARS-CoV-2 aka > Covid-19 protocols for privacy-first automatic exposure notification over > BLE). > That too uses identifiers that are non-linkable and rotate periodically (on > the order of 10 minutes IIRC). I don't think the GAEN system is a good example. Mainly because, despite what I think are the good intentions of all involved (that I've talked to anyway), I doubt it could ever work reliably (and so is to some extent theatre) but also because it's inherently vulnerable to replay attacks, implementations can be very privacy unfriendly, and the governance part is pretty sucky. It also turns out that integrating GAEN into a real contact tracing system seems quite failure prone too. (Apologies for the self-references but our reports at [1] cover all the above and more.) That said, some of the protocol constructs used by GAEN may well be good things to re-use though - there are some good ideas there, in addition to the unjustified optimism. (*) Cheers, S. [1] https://down.dsg.cs.tcd.ie/tact/ (*) "unjustified optimism" isn't quite right - I figure it was more a case of "something must be done; is something that is less bad than , therefore will be done." > > Brian > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > --------------04AE8B4DFB1DAD62168D625E Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =3DYzQY -----END PGP PUBLIC KEY BLOCK----- --------------04AE8B4DFB1DAD62168D625E-- From nobody Tue Sep 22 17:52:48 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DAB13A0913; Tue, 22 Sep 2020 17:52:42 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.12 X-Spam-Level: X-Spam-Status: No, score=-2.12 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=HJl0Q7Av; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=bxs3LrDg Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NvbpUYOck28g; Tue, 22 Sep 2020 17:52:40 -0700 (PDT) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E44A3A090E; Tue, 22 Sep 2020 17:52:40 -0700 (PDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 70D745C0190; Tue, 22 Sep 2020 20:52:39 -0400 (EDT) Received: from imap10 ([10.202.2.60]) by compute2.internal (MEProxy); Tue, 22 Sep 2020 20:52:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm3; bh=ZPRJh 6L2BjM+/iHFbUWGPiJIAJzq2tqDI3L7Y8SLpJM=; b=HJl0Q7AvbfyxOO7Dq8w61 86tr9yIhekG+A7YyvUGvfN0hmwNzhsvQs9sHwpkAsLogA0po+3VZrrEvay+ZZXkH 8BHPCZ56RH5ZaJLXXyze2EScZyg830/dSifzaarKSrpcvyquI9WCFihvsjJ6FDOi zSJLkHjeSXBDj4+zGPYltAfom1wZDxlzd5/PUZ4KdhPvX+XbybG/2SyMf8Q3YB/8 TjY8XJB3RHX0tPUFXHFfqgPLHUCSmNVP2mw22E14gtKP8IV9jYJVQLRy1T5cvooD hEfVsUaGceWyygyNN0GTlR8lRbp/f874sVtKIOhqBiUAgBYuaWTXZh8ookCmsEIL g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=ZPRJh6L2BjM+/iHFbUWGPiJIAJzq2tqDI3L7Y8SLp JM=; b=bxs3LrDgsWeMw/HwsQEYgZp05saQnHB8Qcjbhgkuu3uhCL727oPIb2L4+ 2vtz6XYTPwTP/MSQQGpCzwxH7j4TPszCzaB4TQdSE4KJf2BJmxbztSOF4Y7a9ceF zOgk02p6AwT9b8w6h04gcJsYzF+3MTqXzToyAEkj1BrJVag9DYy3uYAUz3ble84Y k946xDMs6fZTId4jTz74omp2MIBJRcC+e1sNcIjZSxqN515qEBTKGBHcfR8UM+C/ gC7xWCibnhfAMKwXa7AgwadnTbSPqI7OpqHo7zl7ND0LNetJZLSRlGLLiZj1f97Z Fy/K1Bc8zGCaaz0FrKBmflOawKg1g== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudehgdeflecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdforghr thhinhcuvfhhohhmshhonhdfuceomhhtsehlohifvghnthhrohhphidrnhgvtheqnecugg ftrfgrthhtvghrnhepgfevvdejtdefkeefkeejudekgfethffgtddugedufeekgeevudet udevvdevuedunecuffhomhgrihhnpehurhhluggvfhgvnhhsvgdrtghomhdpihgvthhfrd horhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhep mhhtsehlohifvghnthhrohhphidrnhgvth X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 017762006A; Tue, 22 Sep 2020 20:52:39 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.3.0-355-g3ece53b-fm-20200922.004-g3ece53b9 Mime-Version: 1.0 Message-Id: <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> In-Reply-To: <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> Date: Wed, 23 Sep 2020 10:52:20 +1000 From: "Martin Thomson" To: "Lee, Yiu" , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [Captive-portals] =?utf-8?b?W0VYVEVSTkFMXSBSZTogW2hvbWVuZXRdIFtJ?= =?utf-8?q?nt-area=5D_Evaluate_impact_of_MAC_address_randomization_to_IP_a?= =?utf-8?q?pplications?= X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 00:52:43 -0000 There's an additional consideration that might be worth pulling out here= . And it's not an impact on network operations, it's a potential for ap= plications that interact with these network services to undo the work of= lower parts of their stack. For instance, if your device connects to the same network and the same c= aptive portal it might open a web browser to connect to that portal. If= the web browser presents the cookies it received from the portal last t= ime they talked, it undoes the work of the OS. Now, some implementations use these nasty browser-like things with aggre= ssive sandboxing that don't save cookies. That comes with other costs, = but it addresses the problem up until the point that the network connect= ion is restored and then who knows what happens once the pseudo-browser = is no longer involved. Maybe that is out of scope for your draft, but it shouldn't be out of sc= ope for a group that attempts to look more closely at providing advice f= or dealing with these features. (Does this thread really need to be cross-posted so widely? Can we deci= de on a single venue?) On Wed, Sep 23, 2020, at 07:24, Lee, Yiu wrote: > Noted and clear. Will keep this in mind in the next update. >=20 > Thanks, > Yiu >=20 > =EF=BB=BFOn 9/22/20, 5:18 PM, "Stephen Farrell" wrote: >=20 >=20 > Hiya, >=20 > On 22/09/2020 22:08, Lee, Yiu wrote: > > Hi Stephen, > > > > Thanks for the notes. Actually, we believe that there are good > > privacy reasons to randomize mac-address. This BoF isn't trying = to > > "fix" randomized mac-address. On the contrary, we want the commu= nity > > to embrace it. In order to ease the anxiety for transitioning, w= e > > want to document what may break and propose best practice to > > transition to dynamic mac-address. >=20 > Sure, I get that. However, we've seen a number of these > efforts start thusly but end up being perceived to be > partly trying to unwind the privacy benefits, so I think > a good way to avoid that mis-perception is to also present > the reasons for (in this case, MAC address randomisation) > as fully as the description of the challenges caused. >=20 > Cheers, > S. >=20 >=20 > > > > Thanks, Yiu > > > > > > On 9/22/20, 4:51 PM, "Int-area on behalf of Stephen Farrell" > > > > wrote: > > > > > > That agenda and draft seem to make the seemingly common enough > > mistake of only focusing on what a new privacy or security=20 > mechanism > > breaks and glossing over the good reasons why people introduce=20= > these > > mechanisms. I hope the BoF proponents fix that because otherwise= =20 > they > > may end up giving the impression that they would prefer to not s= ee > > the privacy benefits (which I'd guess is not their goal at all).= =20 > One > > reason those good reasons need to be included is that they=20 > constrain > > the kinds of additions that might make sense to better handle th= e=20 > new > > mechanism. > > > > We've seen a number of these kinds of reactions and I figure it'= d > > really be better if the reaction were not to appear purely > > reactionary;-) > > > > If that were fixed, then there may be a better discussion of=20 > what, if > > any, additional things need doing. If that is not fixed, I'd not= =20 > be > > surprised if the putative BoF were to devolve into a "it's bad"=20= > vs. > > "no, it's good" bun fight that won't really take us further. > > > > Cheers, S. > > > > On 22/09/2020 21:40, Michael Richardson wrote: > >> > >> Damn. Spelt captive-portal without the s again. Reposting, sor= ry > >> for duplicates. I hate when WG names and list names do not matc= h, > >> and that we can't have aliases. And I think that reply-to gets > >> filtered. > >> > >> Archived-At: > >>=20 > >> > To: int-area@ietf.org, captive-portal@ietf.org,=20 > homenet@ietf.org > >> From: Michael Richardson Date: Tue, 22=20= > Sep > >> 2020 16:34:33 -0400 > >> > >> This thread was started today on the INTAREA WG ML. > >> > >> While I don't object to a BOF, I don't know where it goes. What= I > >> see is that much of this problem needs to be resolved through > >> increased use of 802.1X: making WPA-Enterprise easier to use an= d > >> setup, this changing core identity from MAC Address to IDevID. > >> > >> My understanding is that Apple intends to randomize MAC every 1= 2 > >> hours, even on the same "LAN" (ESSID), and that they will just > >> repeat the WPA authentication afterwards to get back on the > >> network. If the per-device unique policy (including CAPPORT > >> authorization) can be tied to the device better, than the MAC > >> address based "physical" exception can be updated. > >> > >> But, WPA-PSK doesn't work, because it does not, in general, > >> distinguish between different devices. > >> > >> It can be made to work if every device is given a unique PSK, a= nd > >> there are some successful experiments doing exactly that. Most= ly > >> it just works, but the challenge is communicating the unique PS= K > >> through an unreliable human. BRSKI can certainly do this, and i= t > >> can leverage that unencrypted ESSID present at most hospitality= > >> locations to get onto the encrypted WPA-Enterprise. Or=20 > BRSKI-TEEP, > >> or some other BRSKI-EAP method. The unencrypted SSID is not=20= > going > >> away at those locations. > >> > >> Thus QR-code based methods are best, yet those do not work for=20= > many > >> IoT devices. EMU's EAP-NOOB can help in certain cases, but we= ,=20 > as > >> a community need be clear on what direction we want to go. One= > >> answer is that IoT devices have little reason to randomize thei= r > >> MAC if they are not generally ported. > >> > >> > >> On 2020-09-22 3:49 p.m., Lee, Yiu wrote: > >>> Hi team, > >>> > >>> We proposed a BoF. The agenda is in > >>>=20 > https://urldefense.com/v3/__https://github.com/jlivingood/IETF109BoF/b= lob/master/109-Agenda.md__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJa= daznxWvwmDk2-ARoR0DYYq_e7alyc8U$ > >>> and the proposal is in > >>>=20 > https://urldefense.com/v3/__https://github.com/jlivingood/IETF109BoF/b= lob/master/BoF-Proposal-20200918.md__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbS= c6uWBNU-xJadaznxWvwmDk2-ARoR0DYYq_eNfKGqkE$ > >>> . You can also find the draft here > >>>=20 > https://urldefense.com/v3/__https://tools.ietf.org/html/draft-lee-rand= omized-macaddr-ps-01__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadazn= xWvwmDk2-ARoR0DYYq_erhCF3-A$ > >>> . > >>> > >>> At this stage, we are looking for inputs for more use cases an= d > >>> interests of working together in this domain. Please post your= > >>> comments in the mailing list. > >>> > >>> Thanks > >>> > >> > >> > >> -- Michael Richardson . o O ( IPv6 I=C3= =B8T > >> consulting ) Sandelman Software Works Inc, Ottawa and Worldwide= > >> > >> > >> _______________________________________________ homenet mailing= > >> list homenet@ietf.org > >>=20 > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/home= net__;!!CQl3mcHX2A!Q0pEjWrLTcmcryUR2EMbSc6uWBNU-xJadaznxWvwmDk2-ARoR0DYY= q_epVo5mQQ$ > > > >> > > > > > > _______________________________________________ homenet mailing=20= > list > > homenet@ietf.org=20 > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/home= net__;!!CQl3mcHX2A!QmyqyKwbOOxTGfm0x58b5xfYvrm-ivhzQUDCjlF7XvYCa411l20ny= TY4Gc-Mvoc$ > > >=20 > _______________________________________________ > Captive-portals mailing list > Captive-portals@ietf.org > https://www.ietf.org/mailman/listinfo/captive-portals > From nobody Tue Sep 22 18:18:09 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E97C3A09DF; Tue, 22 Sep 2020 18:18:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LcRSkm6M5kk1; Tue, 22 Sep 2020 18:18:01 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDF713A09D6; Tue, 22 Sep 2020 18:18:00 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 9D4A23899F; Tue, 22 Sep 2020 20:56:36 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bPyHTUdXgyoD; Tue, 22 Sep 2020 20:56:31 -0400 (EDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:103c:9eff:fecb:2eac]) by tuna.sandelman.ca (Postfix) with ESMTP id 95FD93899E; Tue, 22 Sep 2020 20:56:31 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id EEFC24F5; Tue, 22 Sep 2020 21:17:53 -0400 (EDT) From: Michael Richardson To: Brian Dickson , captive-portals@ietf.org, HOMENET , Internet Area , Bob Hinden In-Reply-To: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <09A7F884-F102-4081-BB1D-F7760B2DCE9B@gmail.com> <20953.1600817118@localhost> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 01:18:04 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Brian Dickson wrote: >> I don't get the NAPT issue though. >> The NAPT issues are because DHCP gave the device a different IP(v4),= right? >> If you solve persistent DHCP, then you solve those, don't you? >> > I think there are some environments where that isn't technically accu= rate, > or might not be 100% accurate. > E.g. The difference between DHCP6 and that other wacky thing that is = doing > random self-assigned IPv6 addresses. Sure. If there is a port mapping (or PCP created incoming ACL for IPv6), which is bound to a particular IPv6 (however assigned), and that the IPv6 changes, then the mapping will break right? This is independant of MAC address randomization right? If we changed the MAC address, and then kept the IP address involved, then = ND would fix things up, and things would continue just fine. > (E.g. maintaining the IP address when the MAC changes, defeats at lea= st one > possible purpose of changing the MAC.) I strongly disagree here. We use privacy IPv6 addresses in order to keep legitimate distant end points (and their associated snoops) from tracking one for place to place. We use different MAC addresses for different networks to keep from being tracked by a federation of local snoops from place to place. We change our MAC address at the same network to hide our time of use and presence from local snoops. But, also to deal with malicious attackers who put up a common ESSID ("Starbucks"). We can, and do encrypt our IPv6 address on those networks. But, we can't encrypt our MAC address, because = as you say, it used for media access control. > I sense a potential rat-hole, but also the possibility of finding com= mon > ground to fix a bunch of things that are problematic to some degree or > another. I hope so too. > I'm hopeful that something like 802.1x can be made use of effectively= , but > again a lot depends on the use cases and will likely require pretty d= eep > dives on each of the relevant technologies and implementations. > IMNSHO, MACs should be relegated to the role reflected in their name:= Media > Access Control, basically a disambiguator, not an identity. > Maybe MACs should be used the way the initial values selected by the = two > parties doing DH key exchange are used, just as a stepping stone in > establishing a cryptographically-strong "thing" that only they know. > I.e. use the initial MAC (regardless of what it is) as an initial lay= er-2 > communications things, during the set-up of {whatever the BOF/WG outp= ut > is}, after which the MAC gets changed to {something else}. An interesting idea. =2D- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9qokEACgkQgItw+93Q 3WXrGQgAnHGwaxw2oIjUk3A6AaHVj4nGX7KxttWox9i24rwCyKlXVgFamfCbAgv8 NWPOhVjrQkAb5UN2Ofmhvp7jIxZv//6tCARBNy1LkL9u+aqjynzO9MABADYo75p0 rdyMfV486KXKzobqteZqdH8JuQ2BN2N0Lz+Um9G5jRbJOoIcZoOQgPjzvzw1lV4Q bLRMdfHGP+hZnNJLvnGUWoGw1YzJR9Q1BO6CBeG2X1PACOGXoT83+7mmbsSuocsE Lj4NAZvETpDoz1qQK9bYbq+xmYc92HEsUhvTPoeD/+ZG8dSzwZReQSG0po5elyYq n8L22gX1L+Zg2rfpllJy2kTvhbPxDg== =8yuZ -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Sep 22 18:26:28 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94E0E3A09E7; Tue, 22 Sep 2020 18:26:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lHvybV6yo-ip; Tue, 22 Sep 2020 18:26:26 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 900DB3A09E3; Tue, 22 Sep 2020 18:26:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 837D4389A4; Tue, 22 Sep 2020 21:04:41 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hCRUuydv_Gl7; Tue, 22 Sep 2020 21:04:37 -0400 (EDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:103c:9eff:fecb:2eac]) by tuna.sandelman.ca (Postfix) with ESMTP id D0155389A3; Tue, 22 Sep 2020 21:04:36 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 364074F5; Tue, 22 Sep 2020 21:25:59 -0400 (EDT) From: Michael Richardson To: "Martin Thomson" , "Lee\, Yiu" , "captive-portals\@ietf.org" , "homenet\@ietf.org" , "int-area\@ietf.org" In-Reply-To: <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [homenet] [EXTERNAL] Re: [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 01:26:28 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Martin Thomson wrote: > Maybe that is out of scope for your draft, but it shouldn't be out of > scope for a group that attempts to look more closely at providing > advice for dealing with these features. > (Does this thread really need to be cross-posted so widely? Can we d= ecide on a single venue?) Blame me :-) It's only three lists. It's not like I CC'ed to ADD, emailcore and the dns* groups :-) I didn't think that Yiu's post to int-area would catch all the right flies. Apparently it might get a BOF ML soon. and I felt that it deserved wider review and excitement. Our mailman strips off Reply-To: since we did that DMARC avoidant hack (AFAIK), so redirecting replies only works if we all agree. =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9qpCYACgkQgItw+93Q 3WWYuAf+PYydtTGcT9HeKioWNjaUcvRYrWghl6QMZX7JafnaX5JY4d6EpWfk9yCT njGmlJ4Cyu463S06wcAAcIBbBe9hNaYjcaJk1HUf/2BO1xbFE5h+RCs2Hh8zqNbx RRqW4fLhWTFYTU6NDItTYa5uF8F3a3MIBVduAW4DlETgoiLeDFECvFtfxvGEl4WF UcSJpPx6SNRoo6G3reO7Qs/aA3NWauBvZTC/KkNbK8+JtfYUp3OPXDaLqTOUV55h teGUCTD9EejENq2x9UU3Ridtvch6iR+d3Tvqma/yQVoeaQSzSkXDeO30t7/JV/Ku 9/mcD/z5RFl+LI7YvDWP2FAxnbWHPA== =VmIb -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Sep 23 00:57:00 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCD2F3A0E3C; Wed, 23 Sep 2020 00:56:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.601 X-Spam-Level: X-Spam-Status: No, score=-9.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=dZ4I5ULZ; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=WZRiLZQw Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82mLhu_bA7C6; Wed, 23 Sep 2020 00:56:56 -0700 (PDT) Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 020983A0E39; Wed, 23 Sep 2020 00:56:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13330; q=dns/txt; s=iport; t=1600847816; x=1602057416; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=Y+9zQTn4ZFa5MwV+kdeBpuZBIUrT9Qg9Bs8atWYkGco=; b=dZ4I5ULZKSzzseGzbeMRQklNKLeCn9Oqjhcm9z3YxlVzlgZ5h/qZSsqV sMnJL15PqB6MRSTYd6/zA3RXrWeAnW97x89Nmb2pbig70Hf/MXTY3kvu9 zVafGCYbl24ZJ7QskuF3Q51JV2sTOQQySqcfaRegcL8j2B0R4NY/e0T+T k=; IronPort-PHdr: =?us-ascii?q?9a23=3AC0mNUxFPnh4obkB6gACTQp1GYnJ96bzpIg4Y7I?= =?us-ascii?q?YmgLtSc6Oluo7vJ1Hb+e401Q+bWp/S7f5DjqzQvryzEWAD4JPUtncEfdQMUh?= =?us-ascii?q?IekswZkkQmB9LNEkz0KvPmLklYVMRPXVNo5Te3ZE5SHsutYEfbpHG16HgUFw?= =?us-ascii?q?msfQZwL/7+T4jVicn/3uuu+prVNgNPgjf1Yb57IBis6wvLscxDiop5IaF3wR?= =?us-ascii?q?zM8XY=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AbBACt/mpf/4QNJK1WCRsBAQEBAQE?= =?us-ascii?q?BAQUBAQESAQEBAwMBAQFAgU+BUlEHcFkvLIQ6g0YDjXqBApd0glMDVQsBAQE?= =?us-ascii?q?NAQEYCwoCBAEBgVaCMUQCF4ITAiQ4EwIDAQELAQEFAQEBAgEGBG2FXAyFcgE?= =?us-ascii?q?BAQECAQEBEBERDAEBLAYFAQsEAgEIEQMBAQEBAgImAgICJQsVCAgCBAENBQg?= =?us-ascii?q?MBweDBYJLAw4gAQ6rNQKBOYhhdoEygTuBRgEBBYUyGIIQAwaBDiqCcYJcS0K?= =?us-ascii?q?GNR0bgUE/gRFDgU9JBy4+glwBAQOBMBQaFYMAM4Itj3AgCykCgnCkAQqCZ4h?= =?us-ascii?q?5hlOLJ4MMiXqUApJ7BIh3gWuQcIQsAgQCBAUCDgEBBYFrI4FXcBU7gmlQFwI?= =?us-ascii?q?NWINMiXsMFxSDOoUUhUJ0AjUCBgEJAQEDCXyNYwEB?= X-IronPort-AV: E=Sophos;i="5.77,293,1596499200"; d="scan'208";a="581403458" Received: from alln-core-10.cisco.com ([173.36.13.132]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 23 Sep 2020 07:56:54 +0000 Received: from XCH-ALN-005.cisco.com (xch-aln-005.cisco.com [173.36.7.15]) by alln-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id 08N7usc2006755 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 23 Sep 2020 07:56:54 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-005.cisco.com (173.36.7.15) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 02:56:54 -0500 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 02:56:53 -0500 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 23 Sep 2020 03:56:53 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AZUUmFQRoJduniBFzs9R4IXaUPysVxrzdn86B/puVTefAZd1oSneoOf2DrKRqPZJZkAG5cs30WiY8SOK6LgfCfSRlwgVqX0DpdJYrmq08RpH10aIOhoqT8JwJrrlQAsGrdnOYdZQnsk9XP+48cI7BoaTA9jLSGGNzuy3uim/Ww7mn5YggWp1is744ZYb4/MRQEq/KY91DGrMV4P2mr4cMRRC6enoa6nki8ovrbuTxrYNz98FarIEvQjxcTq8mJw6o4E7bBy8be/gMM+IVOnmZwjqZKBwQkcFvNFKiebGbcdZ4pvXNzuC0hCLa69FUZYeTt4/JzI3gLyl/OjcCBRK9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y+9zQTn4ZFa5MwV+kdeBpuZBIUrT9Qg9Bs8atWYkGco=; b=KWsCKw3VGRpiMRI2HZ7XG2FX4YHxmOdKHZxtLY1MCyr8UcK0qEzCqFhN6OqZxJWi+7ZcgoLXpQxZODzT1WENO/mTRrjkPpA3rI/WsnDq5i9Pr0tkoSLGB82VaooEcDSVu5/Naah2EOATpE/K7slWfHbEEwnOYtGyoQVgcubW5IK56IA/SmQ8apqPDL65O3nWGpWrNWmYU7ItkJ8WGu79n6Y9nrZz6RUkx8/PkJrkowANd/87JSsBpGzWq40des2XTJb3E4WKrJsnue7AyKuTxORIAQp3aAbNgFyot4L2lWfp2pLug9da9SShonXetzkkOrAdUYZaYqt+RsFi/ndzig== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y+9zQTn4ZFa5MwV+kdeBpuZBIUrT9Qg9Bs8atWYkGco=; b=WZRiLZQwqjXdMKTumh0fisNb0dC0ciPzEYxg9/0OVHvohR6GXW0wZtRbwTjK86y3i+Hp69FFYdjnBugzSPLeO2zyJ2pz19F6F5iO51uM+zyVsmW4+7zlERPVyLLAJ0XGsIyAw9+AKjFwPC2QePGVpo+shoFEG3Twc8mFt1E9eBM= Received: from MN2PR11MB3565.namprd11.prod.outlook.com (2603:10b6:208:ea::31) by MN2PR11MB4029.namprd11.prod.outlook.com (2603:10b6:208:155::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Wed, 23 Sep 2020 07:56:52 +0000 Received: from MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95]) by MN2PR11MB3565.namprd11.prod.outlook.com ([fe80::119:f851:5860:da95%4]) with mapi id 15.20.3391.026; Wed, 23 Sep 2020 07:56:52 +0000 From: "Pascal Thubert (pthubert)" To: "David R. Oran" , Stephen Farrell CC: Michael Richardson , "homenet@ietf.org" , "captive-portals@ietf.org" , "int-area@ietf.org" Thread-Topic: [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWkSJGtxlAuF10WkGu4VksV9QRLql1KeXXgAACLYCAAKS48A== Date: Wed, 23 Sep 2020 07:56:43 +0000 Deferred-Delivery: Wed, 23 Sep 2020 07:56:34 +0000 Message-ID: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> In-Reply-To: Accept-Language: fr-FR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: orandom.net; dkim=none (message not signed) header.d=none;orandom.net; dmarc=none action=none header.from=cisco.com; x-originating-ip: [2a01:cb1d:4ec:2200:75bd:4b26:4cbe:1023] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6c18fa00-b1b3-4ad2-96ea-08d85f963ba7 x-ms-traffictypediagnostic: MN2PR11MB4029: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: rA8T38ypADwJVrvqmRZqcR7mAjv8QRIPoZOkDjPjmEg7leZdWdU85MNJtOQi1T/iG6Yf0di7KD0cE4RCYOgOFvrJYvFKNcXIIoIv50KSYOxyd5aid5dHc2hfBYS3eAkcJKhP00k8tO5l9C30s27OlGaFoGoDt2kTvVAFPMnLPW3nCuJY6Xv535MOv0efro/CW/9ffvn6zMm6beOCoARMxRN2bkbpNgfmBxUJ7nwb/vFJjp42r4A8z6rIDxMKhWQO9vDlRahiyEJgTDYfggDQ4yt6WUcD6hkKdQ7wIAgDDjbNZOwc5lUtqwDbDgiDNXuHlTkqr4IBjdNBT2TUl9BT1hxpnTiUkBqb+Z371/nRs2UrAoj1xAVvVzDocB5mTQHfxMQjbf2n7PiYXr12fdT07g== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3565.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(366004)(39860400002)(136003)(376002)(346002)(7696005)(5660300002)(4326008)(9686003)(186003)(2906002)(83380400001)(86362001)(316002)(76116006)(55016002)(64756008)(478600001)(66476007)(66946007)(66556008)(66446008)(66574015)(966005)(8936002)(52536014)(110136005)(53546011)(54906003)(6666004)(33656002)(19627235002)(8676002)(71200400001)(6506007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: 9lRpKzslu6sFBySE08/gocvgJdnQo7P8VCwTSAj4zotWnwWtelnvG1EqSNSpQ1rQXbIctFRovbCSk638kRR06PAqm/0/TEYiHvWnubFTxF3a45ozCNUlquJ4LKxOSfoCgWUU+7GatFIYtzJcH581F2zN+B9Bevcch8/KWJ4SP9/mrTBmDZ3n2CVL9CMLC02nc91aG/t7gWIRLnxZIy8mU3UZPU1ro7ZHXby3oPtbVVR6YFBxelvTITGLIPFiZZYCPQZBbfUzHqPPAgeGJp5WNRW6IAf8d0g3rPw1F8WawLrZoeKztcqOouGDkW96JVHRXyQ7ApMLMHo7r5WQWtRYAqs92qp7ppg6trdtT0Bo7EaKkCBbtigMSHU+/TZ+BoV5xPtbHrYLTVJHvJoscAStN2KJK0dk10GYzgz6q3E5r0IjGPpVOMcKfpBB843iskTMlyNyEVyhmWfg7ojqixCDJYugU+uhA6s8Xy4zJmy8pm23G0QxObCg82DBv+E7PfxnObZgiikfyGm7DgUOJ0a8VVP4RJJnA2BZw3vwe1FZFYwhCTX6efm8AX7zm/HQNyC0rGBXNx8U61FsocQeWJPtN3kmCy1x41fVVx4ODZvKKNdsZu0r1rrbW9rX4P3MFqPMBG7qwW+vtdTLrvAEefMg6Z1tLptssaTkBJEbIpqd+T+5rtdQYmrwMzLb8Yw87RaqFyWes7tbuWyxtr0UAUhg7Q== x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3565.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6c18fa00-b1b3-4ad2-96ea-08d85f963ba7 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2020 07:56:52.2517 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 2vkJA3XSvsO3jlEAobkcWUiYvyguNf1LpQ/qf5oYH2Y18ko4/CjUewBkP5A5BjET5r2RPKyMhPsF4xvPp0bbYA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4029 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.15, xch-aln-005.cisco.com X-Outbound-Node: alln-core-10.cisco.com Archived-At: Subject: Re: [Captive-portals] [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 07:56:59 -0000 SGVsbG8gRGF2ZSBhbmQgYWxsOg0KDQpTbyBmYXIgSSBoYXZlIG5vdCBzZWVuIGhvdyB0aGUgTUFD IHJhbmRvbWl6YXRpb24gZGVhbHMgd2l0aDoNCg0KLSBEQUQgLSB0aGUgY2hhbmNlcyBvZiBkdXBs aWNhdGlvbiBzZWVtIG11Y2ggaGlnaGVyIHRoYW4gZm9yIElQdjY7IG1heWJlIHdlIGNhbiBoZWxw IGJ5IGRvaW5nIERBRCB3aXRoIHNvbWV0aGluZyBsaWtlIFJGQyA4NTA1IG9uIHRoZSBmaXJzdCBo b3Agc3dpdGNoIC8gQVAuDQoNCi0gZGlmZmVyZW50aWF0ZWQgZW52aXJvbm1lbnRzIC0gdGhlIHBy ZWZlcnJlZCBiZWhhdmlvciBvbiBhIGhpZ2h3YXkgb3IgYXQgYSBjb2ZmZWUgc2hvcCBtYXkgZGlm ZmVyIGZyb20gdGhhdCBhdCBpbiBhIGNvcnBvcmF0ZSBvciBhIERDIG5ldHdvcmsuIEluIHRoZSBj b3Jwb3JhdGUgbmV0d29yaywgd2UgY2FuIGV4cGVjdCBzb21ldGhpbmcgbGlrZSAuMXggdG8gdW5k byB0aGUgcHJpdmFjeSwgZm9yIGdvb2QgcmVhc29ucy4gQW5kIHdlIGNhbiBleHBlY3Qgc3RhdGUg dG8gYmUgbWFpbnRhaW5lZCBmb3IgZWFjaCBJUCBhbmQgZWFjaCBNQUMuIFdoZW4gYSBNQUMgY2hh bmdlcywgdGhlcmUgY2FuIGJlIHVud2FudGVkIHN0YXRlIGNyZWF0ZWQgYW5kIHJlbWFpbmluZyBp biB0aGUgREhDUCBzZXJ2ZXIsIExJU1AgTVNNUiwgU0FWSSBzd2l0Y2gsICBldGMuLi4gUHJpdmFj eSBNQUMgaXMgb25seSBhbiBhZGRpdGlvbmFsIGhhc3NsZSB0aGF0IHdlIHdhbnQgdG8gbWluaW1p emUuDQoNClRoZSBjdXJyZW50IGltcGxlbWVudGF0aW9ucyBzZWVtIHRvIHVzZSB0aGUgU1NJRCB0 byBkbyBzb21ldGhpbmcgc2ltaWxhciB0byBSRkMgNzcyMS4gV2hlbiB5b3UgY29tZSBiYWNrIHRv IHRoZSBzYW1lIFNTSUQsIHlvdSBnZXQgdGhlIHNhbWUgTUFDLiBUaGlzIGhlbHBzIHRoZSBjb3Jw b3JhdGUgbmV0d29yaywgYW5kIGlzIGRldHJpbWVudGFsIHRvIHRoZSBwcml2YWN5IGF0IHRoZSBj b2ZmZWUgc2hvcCBhbmQgdGhlIGhpZ2h3YXksIGlmIHRoZSBzYW1lIFNTSUQgaXMgdXNlZCBhY3Jv c3MgdGhlIGNvdW50cnkgaW4gYWxsIGNvZmZlZSBoYWx0cyBhbmQgaGlnaHdheSBzdG9wcy4NCg0K VGhlcmUgYXBwZWFycyB0byBiZSB3b3JrIHRvIGRvIHNvIHRoYXQ6DQotIHRoZSBub2RlIGZvcm1z IGEgcHJpdmFjeSBNQUMNCi0gd2l0aCB0aGF0IHByaXZhY3kgTUFDIHRoZSBub2RlIGNhbiBkbyBs b2NhbCB0aGluZ3MgbGlrZSAxeCBhbmQgREFELCBpZiB0aGV5IGFyZSBhdmFpbGFibGUNCi0gaWYg dGhlIHZpc2l0ZWQgbmV0d29yayBpcyByZWNvZ25pemVkLCB0aGUgbm9kZSBhcHBsaWVzIGEgYmVo YXZpb3IgKHBvbGljeSkgdGhhdCBkZXBlbmRzIG9uIHRoZSB2aXNpdGVkIG5ldHdvcmsNCi0gZWxz ZSB1c2UgYSBkZWZhdWx0IGhpZ2hlciBwcml2YWN5IG1vZGUgdGhhdCBtYXkgcmVuZXcgdGhlIE1B QyBtb3JlIGFnZ3Jlc3NpdmVseQ0KLSBvbmx5IHRoZW4sIGZvcm0gSVAgYWRkcmVzc2VzIGFuZCBz dHVmZi4gSWYgdGhlIE1BQyBhZGRyZXNzIHdhcyBidWlsdCB1c2luZyBwcml2YWN5LCB0aGVuIHdl IGNvdWxkIHJlc3RvcmUgdGhlIG9sZCBiZWhhdmlvciBvZiBlbWJlZGRpbmcgaXQgaW4gdGhlIElQ djYgSUlELg0KDQpCb3R0b20gbGluZSBpcyB0aGF0IHRoZSBzZXBhcmF0ZSBlZmZvcnRzIGF0IElF VEYgYW5kIElFRUUgc2VlbSB0byBoYXZlIHByb2R1Y2VkIGEgY29tcGxleCBvdmVyYWxsIHNvbHV0 aW9uLCB3aXRoIGR1cGxpY2F0ZWQgYW5kIHNvbWV3aGF0IG1pc2FsaWduZWQgZWZmb3J0cyBhbmQg eWV0LCBnYXBzLiBUaGUgcHJpdmFjeSBwcm9wZXJ0aWVzIG9mIEwyIGFuZCBMMyBhZGRyZXNzZXMg YXJlIG5vdCBhbGlnbmVkIHRvIGEgc2FtZSBwb2xpY3ksIGFuZCBpcyBub3QgYWRhcHRlZCB0byB0 aGUgam9pbmVkIG5ldHdvcmsuIFRoZSBpbXBhY3Qgb24gdXBwZXIgbGF5ZXJzIG9mIGNoYW5naW5n IHRoZSBNQUMgYWRkcmVzcyBpcyBub3QgZnVsbHkgdW5kZXJzdG9vZC4gRHVwbGljYXRlIGFkZHJl c3NlcyBhcmUgbm90IHByb3Blcmx5IGF2b2lkZWQgYXQgZWl0aGVyIGxheWVyIGFuZCB5ZXQgd2Ug cGF5IGEgaGlnaCBicm9hZGNhc3QgcHJpY2Ugb24gd2lyZWxlc3MgZm9yIHRoZSBpbmVmZmljaWVu dCBvcGVyYXRpb24gb2YgSVB2NiBEQUQuIEhvcGVmdWxseSB3ZSB3aWxsIG5vdCByZXBsaWNhdGUg dGhhdCBhdCBMMi4NCg0KVGhpcyBCb0YgbWF5IGJlIGFuIG9wcG9ydHVuaXR5IGZvciBJRUVFIGFu ZCBJRVRGIHRvIHdvcmsgdG9nZXRoZXIgYW5kIGNvbnZlcmdlIHRvIGEgYmV0dGVyIG92ZXJhbGwg c2VydmljZSB0byB0aGUgdXBwZXIgbGF5ZXJzLg0KDQpLZWVwIHNhZmUNCg0KUGFzY2FsDQoNCg0K PiAtLS0tLU9yaWdpbmFsIE1lc3NhZ2UtLS0tLQ0KPiBGcm9tOiBJbnQtYXJlYSA8aW50LWFyZWEt Ym91bmNlc0BpZXRmLm9yZz4gT24gQmVoYWxmIE9mIERhdmlkIFIuIE9yYW4NCj4gU2VudDogbWFy ZGkgMjIgc2VwdGVtYnJlIDIwMjAgMjM6MjcNCj4gVG86IFN0ZXBoZW4gRmFycmVsbCA8c3RlcGhl bi5mYXJyZWxsQGNzLnRjZC5pZT4NCj4gQ2M6IE1pY2hhZWwgUmljaGFyZHNvbiA8bWNyK2lldGZA c2FuZGVsbWFuLmNhPjsgaG9tZW5ldEBpZXRmLm9yZzsNCj4gY2FwdGl2ZS1wb3J0YWxzQGlldGYu b3JnOyBpbnQtYXJlYUBpZXRmLm9yZw0KPiBTdWJqZWN0OiBSZTogW0ludC1hcmVhXSBbaG9tZW5l dF0gRXZhbHVhdGUgaW1wYWN0IG9mIE1BQyBhZGRyZXNzDQo+IHJhbmRvbWl6YXRpb24gdG8gSVAg YXBwbGljYXRpb25zDQo+IA0KPiBPbiAyMiBTZXAgMjAyMCwgYXQgMTc6MTgsIFN0ZXBoZW4gRmFy cmVsbCB3cm90ZToNCj4gDQo+ID4gSGl5YSwNCj4gPg0KPiA+IE9uIDIyLzA5LzIwMjAgMjI6MDgs IExlZSwgWWl1IHdyb3RlOg0KPiA+PiBIaSBTdGVwaGVuLA0KPiA+Pg0KPiA+PiBUaGFua3MgZm9y IHRoZSBub3Rlcy4gQWN0dWFsbHksIHdlIGJlbGlldmUgdGhhdCB0aGVyZSBhcmUgZ29vZA0KPiA+ PiBwcml2YWN5IHJlYXNvbnMgdG8gcmFuZG9taXplIG1hYy1hZGRyZXNzLiBUaGlzIEJvRiBpc24n dCB0cnlpbmcgdG8NCj4gPj4gImZpeCIgcmFuZG9taXplZCBtYWMtYWRkcmVzcy4gT24gdGhlIGNv bnRyYXJ5LCB3ZSB3YW50IHRoZSBjb21tdW5pdHkNCj4gPj4gdG8gZW1icmFjZSBpdC4gSW4gb3Jk ZXIgdG8gZWFzZSB0aGUgYW54aWV0eSBmb3IgdHJhbnNpdGlvbmluZywgd2UNCj4gPj4gd2FudCB0 byBkb2N1bWVudCB3aGF0IG1heSBicmVhayBhbmQgcHJvcG9zZSBiZXN0IHByYWN0aWNlIHRvDQo+ ID4+IHRyYW5zaXRpb24gdG8gZHluYW1pYyBtYWMtYWRkcmVzcy4NCj4gPg0KPiA+IFN1cmUsIEkg Z2V0IHRoYXQuIEhvd2V2ZXIsIHdlJ3ZlIHNlZW4gYSBudW1iZXIgb2YgdGhlc2UgZWZmb3J0cyBz dGFydA0KPiA+IHRodXNseSBidXQgZW5kIHVwIGJlaW5nIHBlcmNlaXZlZCB0byBiZSBwYXJ0bHkg dHJ5aW5nIHRvIHVud2luZCB0aGUNCj4gPiBwcml2YWN5IGJlbmVmaXRzLCBzbyBJIHRoaW5rIGEg Z29vZCB3YXkgdG8gYXZvaWQgdGhhdCBtaXMtcGVyY2VwdGlvbg0KPiA+IGlzIHRvIGFsc28gcHJl c2VudCB0aGUgcmVhc29ucyBmb3IgKGluIHRoaXMgY2FzZSwgTUFDIGFkZHJlc3MNCj4gPiByYW5k b21pc2F0aW9uKSBhcyBmdWxseSBhcyB0aGUgZGVzY3JpcHRpb24gb2YgdGhlIGNoYWxsZW5nZXMg Y2F1c2VkLg0KPiA+DQo+IFJpZ2h0LiBpdCB3b3VsZCBub3QgYWR2YW5jZSB0aGUgY2FzZSB0byBp bnRyb2R1Y2UgKG9yIHN0YXJ0IHVzaW5nKSBzb21ldGhpbmcNCj4gZWxzZSBib3V0IHRoZSBkZXZp Y2UgdGhhdCBjYW4gYmUgdHJhY2tlZCBhbmQvb3IgcHJvdmlkZSBsaWthYmlsaXR5IGFuZCB0aGVy ZWJ5DQo+IGRhbWFnZSBwcml2YWN5IGluIG9yZGVyIHRvIHByZXNlcnZlIHRoZSByYW5kb21pemVk IE1BQyBhZGRyZXNzIG1hY2hpbmVyeS4NCj4gDQo+ID4gQ2hlZXJzLA0KPiA+IFMuDQo+ID4NCj4g Pg0KPiA+Pg0KPiA+PiBUaGFua3MsIFlpdQ0KPiA+Pg0KPiA+Pg0KPiA+PiDvu79PbiA5LzIyLzIw LCA0OjUxIFBNLCAiSW50LWFyZWEgb24gYmVoYWxmIG9mIFN0ZXBoZW4gRmFycmVsbCINCj4gPj4g PGludC1hcmVhLWJvdW5jZXNAaWV0Zi5vcmcgb24gYmVoYWxmIG9mIHN0ZXBoZW4uZmFycmVsbEBj cy50Y2QuaWU+DQo+ID4+IHdyb3RlOg0KPiA+Pg0KPiA+Pg0KPiA+PiBUaGF0IGFnZW5kYSBhbmQg ZHJhZnQgc2VlbSB0byBtYWtlIHRoZSBzZWVtaW5nbHkgY29tbW9uIGVub3VnaA0KPiA+PiBtaXN0 YWtlIG9mIG9ubHkgZm9jdXNpbmcgb24gd2hhdCBhIG5ldyBwcml2YWN5IG9yIHNlY3VyaXR5IG1l Y2hhbmlzbQ0KPiA+PiBicmVha3MgYW5kIGdsb3NzaW5nIG92ZXIgdGhlIGdvb2QgcmVhc29ucyB3 aHkgcGVvcGxlIGludHJvZHVjZSB0aGVzZQ0KPiA+PiBtZWNoYW5pc21zLiBJIGhvcGUgdGhlIEJv RiBwcm9wb25lbnRzIGZpeCB0aGF0IGJlY2F1c2Ugb3RoZXJ3aXNlIHRoZXkNCj4gPj4gbWF5IGVu ZCB1cCBnaXZpbmcgdGhlIGltcHJlc3Npb24gdGhhdCB0aGV5IHdvdWxkIHByZWZlciB0byBub3Qg c2VlDQo+ID4+IHRoZSBwcml2YWN5IGJlbmVmaXRzICh3aGljaCBJJ2QgZ3Vlc3MgaXMgbm90IHRo ZWlyIGdvYWwgYXQgYWxsKS4gT25lDQo+ID4+IHJlYXNvbiB0aG9zZSBnb29kIHJlYXNvbnMgbmVl ZCB0byBiZSBpbmNsdWRlZCBpcyB0aGF0IHRoZXkgY29uc3RyYWluDQo+ID4+IHRoZSBraW5kcyBv ZiBhZGRpdGlvbnMgdGhhdCBtaWdodCBtYWtlIHNlbnNlIHRvIGJldHRlciBoYW5kbGUgdGhlIG5l dw0KPiA+PiBtZWNoYW5pc20uDQo+ID4+DQo+ID4+IFdlJ3ZlIHNlZW4gYSBudW1iZXIgb2YgdGhl c2Uga2luZHMgb2YgcmVhY3Rpb25zIGFuZCBJIGZpZ3VyZSBpdCdkDQo+ID4+IHJlYWxseSBiZSBi ZXR0ZXIgaWYgdGhlIHJlYWN0aW9uIHdlcmUgbm90IHRvIGFwcGVhciBwdXJlbHkNCj4gPj4gcmVh Y3Rpb25hcnk7LSkNCj4gPj4NCj4gPj4gSWYgdGhhdCB3ZXJlIGZpeGVkLCB0aGVuIHRoZXJlIG1h eSBiZSBhIGJldHRlciBkaXNjdXNzaW9uIG9mIHdoYXQsIGlmDQo+ID4+IGFueSwgYWRkaXRpb25h bCB0aGluZ3MgbmVlZCBkb2luZy4gSWYgdGhhdCBpcyBub3QgZml4ZWQsIEknZCBub3QgYmUNCj4g Pj4gc3VycHJpc2VkIGlmIHRoZSBwdXRhdGl2ZSBCb0Ygd2VyZSB0byBkZXZvbHZlIGludG8gYSAi aXQncyBiYWQiIHZzLg0KPiA+PiAibm8sIGl0J3MgZ29vZCIgYnVuIGZpZ2h0IHRoYXQgd29uJ3Qg cmVhbGx5IHRha2UgdXMgZnVydGhlci4NCj4gPj4NCj4gPj4gQ2hlZXJzLCBTLg0KPiA+Pg0KPiA+ PiBPbiAyMi8wOS8yMDIwIDIxOjQwLCBNaWNoYWVsIFJpY2hhcmRzb24gd3JvdGU6DQo+ID4+Pg0K PiA+Pj4gRGFtbi4gU3BlbHQgY2FwdGl2ZS1wb3J0YWwgd2l0aG91dCB0aGUgcyBhZ2Fpbi4gIFJl cG9zdGluZywgc29ycnkNCj4gPj4+IGZvciBkdXBsaWNhdGVzLiBJIGhhdGUgd2hlbiBXRyBuYW1l cyBhbmQgbGlzdCBuYW1lcyBkbyBub3QgbWF0Y2gsDQo+ID4+PiBhbmQgdGhhdCB3ZSBjYW4ndCBo YXZlIGFsaWFzZXMuIEFuZCBJIHRoaW5rIHRoYXQgcmVwbHktdG8gZ2V0cw0KPiA+Pj4gZmlsdGVy ZWQuDQo+ID4+Pg0KPiA+Pj4gQXJjaGl2ZWQtQXQ6DQo+ID4+PiA8aHR0cHM6Ly91cmxkZWZlbnNl LmNvbS92My9fX2h0dHBzOi8vbWFpbGFyY2hpdmUuaWV0Zi5vcmcvYXJjaC9tc2cvaQ0KPiA+Pj4g bnQtDQo+IGFyZWEvMTRTa2dtODRHc2xQWjlVY0dvV1kzdXptSzZJX187ISFDUWwzbWNIWDJBIVEw cEVqV3JMVGNtY3J5VVINCj4gMg0KPiA+Pj4gRU1iU2M2dVdCTlUteEphZGF6bnhXdndtRGsyLUFS b1IwRFlZcV9lcHJYU0VqbyQNCj4gPj4+PiBUbzogaW50LWFyZWFAaWV0Zi5vcmcsIGNhcHRpdmUt cG9ydGFsQGlldGYub3JnLCBob21lbmV0QGlldGYub3JnDQo+ID4+PiBGcm9tOiBNaWNoYWVsIFJp Y2hhcmRzb24gPG1jcitpZXRmQHNhbmRlbG1hbi5jYT4gRGF0ZTogVHVlLCAyMiBTZXANCj4gPj4+ IDIwMjAgMTY6MzQ6MzMgLTA0MDANCj4gPj4+DQo+ID4+PiBUaGlzIHRocmVhZCB3YXMgc3RhcnRl ZCB0b2RheSBvbiB0aGUgSU5UQVJFQSBXRyBNTC4NCj4gPj4+DQo+ID4+PiBXaGlsZSBJIGRvbid0 IG9iamVjdCB0byBhIEJPRiwgSSBkb24ndCBrbm93IHdoZXJlIGl0IGdvZXMuIFdoYXQgSQ0KPiA+ Pj4gc2VlIGlzIHRoYXQgbXVjaCBvZiB0aGlzIHByb2JsZW0gbmVlZHMgdG8gYmUgcmVzb2x2ZWQg dGhyb3VnaA0KPiA+Pj4gaW5jcmVhc2VkIHVzZSBvZiA4MDIuMVg6IG1ha2luZyBXUEEtRW50ZXJw cmlzZSBlYXNpZXIgdG8gdXNlIGFuZA0KPiA+Pj4gc2V0dXAsIHRoaXMgY2hhbmdpbmcgY29yZSBp ZGVudGl0eSBmcm9tIE1BQyBBZGRyZXNzIHRvIElEZXZJRC4NCj4gPj4+DQo+ID4+PiBNeSB1bmRl cnN0YW5kaW5nIGlzIHRoYXQgQXBwbGUgaW50ZW5kcyB0byByYW5kb21pemUgTUFDIGV2ZXJ5IDEy DQo+ID4+PiBob3VycywgZXZlbiBvbiB0aGUgc2FtZSAiTEFOIiAoRVNTSUQpLCBhbmQgdGhhdCB0 aGV5IHdpbGwganVzdA0KPiA+Pj4gcmVwZWF0IHRoZSBXUEEgYXV0aGVudGljYXRpb24gYWZ0ZXJ3 YXJkcyB0byBnZXQgYmFjayBvbiB0aGUNCj4gPj4+IG5ldHdvcmsuICAgSWYgdGhlIHBlci1kZXZp Y2UgdW5pcXVlIHBvbGljeSAoaW5jbHVkaW5nIENBUFBPUlQNCj4gPj4+IGF1dGhvcml6YXRpb24p IGNhbiBiZSB0aWVkIHRvIHRoZSBkZXZpY2UgYmV0dGVyLCB0aGFuIHRoZSBNQUMNCj4gPj4+IGFk ZHJlc3MgYmFzZWQgInBoeXNpY2FsIiBleGNlcHRpb24gY2FuIGJlIHVwZGF0ZWQuDQo+ID4+Pg0K PiA+Pj4gQnV0LCBXUEEtUFNLIGRvZXNuJ3Qgd29yaywgYmVjYXVzZSBpdCBkb2VzIG5vdCwgaW4g Z2VuZXJhbCwNCj4gPj4+IGRpc3Rpbmd1aXNoIGJldHdlZW4gZGlmZmVyZW50IGRldmljZXMuDQo+ ID4+Pg0KPiA+Pj4gSXQgY2FuIGJlIG1hZGUgdG8gd29yayBpZiBldmVyeSBkZXZpY2UgaXMgZ2l2 ZW4gYSB1bmlxdWUgUFNLLCBhbmQNCj4gPj4+IHRoZXJlIGFyZSBzb21lIHN1Y2Nlc3NmdWwgZXhw ZXJpbWVudHMgZG9pbmcgZXhhY3RseSB0aGF0LiAgTW9zdGx5IGl0DQo+ID4+PiBqdXN0IHdvcmtz LCBidXQgdGhlIGNoYWxsZW5nZSBpcyBjb21tdW5pY2F0aW5nIHRoZSB1bmlxdWUgUFNLDQo+ID4+ PiB0aHJvdWdoIGFuIHVucmVsaWFibGUgaHVtYW4uIEJSU0tJIGNhbiBjZXJ0YWlubHkgZG8gdGhp cywgYW5kIGl0IGNhbg0KPiA+Pj4gbGV2ZXJhZ2UgdGhhdCB1bmVuY3J5cHRlZCBFU1NJRCBwcmVz ZW50IGF0IG1vc3QgaG9zcGl0YWxpdHkNCj4gPj4+IGxvY2F0aW9ucyB0byBnZXQgb250byB0aGUg ZW5jcnlwdGVkIFdQQS1FbnRlcnByaXNlLiAgT3IgQlJTS0ktVEVFUCwNCj4gPj4+IG9yIHNvbWUg b3RoZXIgQlJTS0ktRUFQIG1ldGhvZC4gIFRoZSB1bmVuY3J5cHRlZCBTU0lEIGlzIG5vdCBnb2lu Zw0KPiA+Pj4gYXdheSBhdCB0aG9zZSBsb2NhdGlvbnMuDQo+ID4+Pg0KPiA+Pj4gVGh1cyBRUi1j b2RlIGJhc2VkIG1ldGhvZHMgYXJlIGJlc3QsIHlldCB0aG9zZSBkbyBub3Qgd29yayBmb3IgbWFu eQ0KPiA+Pj4gSW9UIGRldmljZXMuICAgRU1VJ3MgRUFQLU5PT0IgY2FuIGhlbHAgaW4gY2VydGFp biBjYXNlcywgYnV0IHdlLCBhcw0KPiA+Pj4gYSBjb21tdW5pdHkgbmVlZCBiZSBjbGVhciBvbiB3 aGF0IGRpcmVjdGlvbiB3ZSB3YW50IHRvIGdvLiAgT25lDQo+ID4+PiBhbnN3ZXIgaXMgdGhhdCBJ b1QgZGV2aWNlcyBoYXZlIGxpdHRsZSByZWFzb24gdG8gcmFuZG9taXplIHRoZWlyIE1BQw0KPiA+ Pj4gaWYgdGhleSBhcmUgbm90IGdlbmVyYWxseSBwb3J0ZWQuDQo+ID4+Pg0KPiA+Pj4NCj4gPj4+ IE9uIDIwMjAtMDktMjIgMzo0OSBwLm0uLCBMZWUsIFlpdSB3cm90ZToNCj4gPj4+PiBIaSB0ZWFt LA0KPiA+Pj4+DQo+ID4+Pj4gV2UgcHJvcG9zZWQgYSBCb0YuIFRoZSBhZ2VuZGEgaXMgaW4NCj4g Pj4+PiBodHRwczovL3VybGRlZmVuc2UuY29tL3YzL19faHR0cHM6Ly9naXRodWIuY29tL2psaXZp bmdvb2QvSUVURjEwOUJvDQo+ID4+Pj4gRi9ibG9iL21hc3Rlci8xMDktDQo+IEFnZW5kYS5tZF9f OyEhQ1FsM21jSFgyQSFRMHBFaldyTFRjbWNyeVVSMkVNYlNjNnUNCj4gPj4+PiBXQk5VLXhKYWRh em54V3Z3bURrMi1BUm9SMERZWXFfZTdhbHljOFUkDQo+ID4+Pj4gYW5kIHRoZSBwcm9wb3NhbCBp cyBpbg0KPiA+Pj4+IGh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMvX19odHRwczovL2dpdGh1Yi5j b20vamxpdmluZ29vZC9JRVRGMTA5Qm8NCj4gPj4+PiBGL2Jsb2IvbWFzdGVyL0JvRi1Qcm9wb3Nh bC0NCj4gMjAyMDA5MTgubWRfXzshIUNRbDNtY0hYMkEhUTBwRWpXckxUY21jcg0KPiA+Pj4+IHlV UjJFTWJTYzZ1V0JOVS14SmFkYXpueFd2d21EazItQVJvUjBEWVlxX2VOZktHcWtFJA0KPiA+Pj4+ IC4gWW91IGNhbiBhbHNvIGZpbmQgdGhlIGRyYWZ0IGhlcmUNCj4gPj4+PiBodHRwczovL3VybGRl ZmVuc2UuY29tL3YzL19faHR0cHM6Ly90b29scy5pZXRmLm9yZy9odG1sL2RyYWZ0LWxlZS1yDQo+ ID4+Pj4gYW5kb21pemVkLW1hY2FkZHItcHMtDQo+IDAxX187ISFDUWwzbWNIWDJBIVEwcEVqV3JM VGNtY3J5VVIyRU1iU2M2dVdCTlUNCj4gPj4+PiAteEphZGF6bnhXdndtRGsyLUFSb1IwRFlZcV9l cmhDRjMtQSQNCj4gPj4+PiAuDQo+ID4+Pj4NCj4gPj4+PiBBdCB0aGlzIHN0YWdlLCB3ZSBhcmUg bG9va2luZyBmb3IgaW5wdXRzIGZvciBtb3JlIHVzZSBjYXNlcyBhbmQNCj4gPj4+PiBpbnRlcmVz dHMgb2Ygd29ya2luZyB0b2dldGhlciBpbiB0aGlzIGRvbWFpbi4gUGxlYXNlIHBvc3QgeW91cg0K PiA+Pj4+IGNvbW1lbnRzIGluIHRoZSBtYWlsaW5nIGxpc3QuDQo+ID4+Pj4NCj4gPj4+PiBUaGFu a3MNCj4gPj4+Pg0KPiA+Pj4NCj4gPj4+DQo+ID4+PiAtLSBNaWNoYWVsIFJpY2hhcmRzb24gPG1j citJRVRGQHNhbmRlbG1hbi5jYT4gICAuIG8gTyAoIElQdjYgScO4VA0KPiA+Pj4gY29uc3VsdGlu ZyApIFNhbmRlbG1hbiBTb2Z0d2FyZSBXb3JrcyBJbmMsIE90dGF3YSBhbmQgV29ybGR3aWRlDQo+ ID4+Pg0KPiA+Pj4NCj4gPj4+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fIGhvbWVuZXQgbWFpbGluZw0KPiBsaXN0DQo+ID4+PiBob21lbmV0QGlldGYub3Jn DQo+ID4+PiBodHRwczovL3VybGRlZmVuc2UuY29tL3YzL19faHR0cHM6Ly93d3cuaWV0Zi5vcmcv bWFpbG1hbi9saXN0aW5mby9obw0KPiA+Pj4gbWVuZXRfXzshIUNRbDNtY0hYMkEhUTBwRWpXckxU Y21jcnlVUjJFTWJTYzZ1V0JOVS0NCj4geEphZGF6bnhXdndtRGsyLUFSDQo+ID4+PiBvUjBEWVlx X2VwVm81bVFRJA0KPiA+Pg0KPiA+Pj4NCj4gPj4NCj4gPj4NCj4gPj4gX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18gaG9tZW5ldCBtYWlsaW5nDQo+IGxpc3QN Cj4gPj4gaG9tZW5ldEBpZXRmLm9yZyBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL2hvbWVuZXQNCj4gPj4NCj4gPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fXw0KPiA+IGhvbWVuZXQgbWFpbGluZyBsaXN0DQo+ID4gaG9tZW5ldEBpZXRm Lm9yZw0KPiA+IGh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vaG9tZW5ldA0K PiANCj4gRGF2ZU8NCj4gDQo+IF9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fDQo+IEludC1hcmVhIG1haWxpbmcgbGlzdA0KPiBJbnQtYXJlYUBpZXRmLm9yZw0K PiBodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ludC1hcmVhDQo= From nobody Wed Sep 23 05:53:07 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C41A3A0D4A; Wed, 23 Sep 2020 05:52:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBdECZKMI0pI; Wed, 23 Sep 2020 05:52:56 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66B403A10C7; Wed, 23 Sep 2020 05:52:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 2032D389B6; Wed, 23 Sep 2020 08:31:29 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id tq7ssJDBM6hD; Wed, 23 Sep 2020 08:31:28 -0400 (EDT) Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:103c:9eff:fecb:2eac]) by tuna.sandelman.ca (Postfix) with ESMTP id 3F0C9389AB; Wed, 23 Sep 2020 08:31:28 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0DD834E7; Wed, 23 Sep 2020 08:52:51 -0400 (EDT) From: Michael Richardson To: "homenet\@ietf.org" , "int-area\@ietf.org" , "captive-portals\@ietf.org" In-Reply-To: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [Int-area] [homenet] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 12:52:59 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Pascal Thubert \(pthubert\) wrote: > Hello Dave and all: > So far I have not seen how the MAC randomization deals with: > - differentiated environments - the preferred behavior on a highway or > at a coffee shop may differ from that at in a corporate or a DC > network. In the corporate network, we can expect something like .1x to > undo the privacy, for good reasons. And we can expect state to be > maintained for each IP and each MAC. When a MAC changes, there can be > unwanted state created and remaining in the DHCP server, LISP MSMR, > SAVI switch, etc... Privacy MAC is only an additional hassle that we > want to minimize. If we can assume 802.1X using an Enterprise scheme, and using a TLS1.3 substrate, then if the identity resides in a (Client) TLS Certificate, it will not been by a passive attacker. The MAC address is outside of the WEP encryption, so it is always seen, even if the traffic is otherwise encrypted. An EAP-*TLS based upon TLS1.2 would reveal the identity, at least the first time. Perhaps this is a reason to support resumption tokens in EAP-TLS! =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9rRSIACgkQgItw+93Q 3WXlsQf/VugUDoGrlKn08augZjBwvuPXWYiB/ZKbejGPpl0jp3z6grlWLQO7onom Y97KDFRdyOaIkxh83QBsqvFJ5uJ+1TS8zBjh0u05lE2b8Sjrps1y9roXjzvUEwTg OkJrbgG8VqvLK0Z+PaL8KT2/duydGmO4iMFtzaiXYj5OBf8+PL4Mq4339nTb/tAY W6r4rH55pargpgyzisJDp8IXq5KxUX/UdWI8b0Ya/XzU8BjYD1ofZATuv+ahsGPU +rtfYTrg/0XkLGf79Oxg80i0c4f+JDC5YJ1vf2Y8zCy5mNLcbSCTl8DgZCS9a1/y IUQy4cqVkTmoJOHWSmPke3Br8EyEPw== =2xtH -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Sep 23 14:37:31 2020 Return-Path: X-Original-To: captive-portals@ietf.org Delivered-To: captive-portals@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C5BAF3A1544; Wed, 23 Sep 2020 14:37:18 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: captive-portals@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 7.17.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: captive-portals@ietf.org Message-ID: <160089703386.19448.5760508474736634561@ietfa.amsl.com> Date: Wed, 23 Sep 2020 14:37:18 -0700 Archived-At: Subject: [Captive-portals] I-D Action: draft-ietf-capport-architecture-10.txt X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Sep 2020 21:37:25 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Captive Portal Interaction WG of the IETF. Title : Captive Portal Architecture Authors : Kyle Larose David Dolson Heng Liu Filename : draft-ietf-capport-architecture-10.txt Pages : 24 Date : 2020-09-23 Abstract: This document describes a captive portal architecture. Network provisioning protocols such as DHCP or Router Advertisements (RAs), an optional signaling protocol, and an HTTP API are used to provide the solution. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ There is also a HTML versions available at: https://www.ietf.org/id/draft-ietf-capport-architecture-10.html A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-capport-architecture-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Sep 24 12:22:39 2020 Return-Path: X-Original-To: captive-portals@ietf.org Delivered-To: captive-portals@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B2963A123F; Thu, 24 Sep 2020 12:22:34 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 7.17.0 Auto-Submitted: auto-generated Precedence: bulk Cc: rfc-editor@rfc-editor.org, The IESG , draft-ietf-capport-architecture@ietf.org, mt@lowentropy.net, barryleiba@gmail.com, Martin Thomson , captive-portals@ietf.org, capport-chairs@ietf.org MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-ID: <160097535415.5516.10058309865225140261@ietfa.amsl.com> Date: Thu, 24 Sep 2020 12:22:34 -0700 Archived-At: Subject: [Captive-portals] Document Action: 'Captive Portal Architecture' to Informational RFC (draft-ietf-capport-architecture-10.txt) X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Sep 2020 19:22:34 -0000 The IESG has approved the following document: - 'Captive Portal Architecture' (draft-ietf-capport-architecture-10.txt) as Informational RFC This document is the product of the Captive Portal Interaction Working Group. The IESG contact persons are Murray Kucherawy and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-capport-architecture/ Technical Summary: This document defines terminology related to the operation of a captive portal. Using those terms, it then defines how a network that deploys a captive portal should work. Working Group Summary: This document was difficult to reach consensus on. The complexity of the architecture here is reflective of a far greater complexity in practice of deployment. More contentious in discussion was the question of what signals from the network would be provided and what clients might do in response to those signals. The hard reality of the situation is that clients will be forced to use the existing heuristics they use, likely indefinitely, even when the mechanisms we define are in relatively wide deployment. A particularly difficult discussion was the option for a network to signal that conditions have changed. There was considerable discussion about the security properties of unsolicited signals from the network, how that related to the identification of endpoints (or User Equipment to use the terminology here), and how these signals might be turned to malicious ends. In the end, we decided to document requirements for how User Equipment is identified and how to avoid identifier spoofing. A high-level design and security requirements for a signal from the network about changed conditions was also documented, but no mechanism that met these requirements was proposed and the working group decided to proceed to publication without a specific mechanism. Document Quality: This document has not had a whole lot of attention from editors over time, and editors have changed. This shows in some editorial aspects of the document, but aside from a few areas in which things like terminology are inconsistently capitalized, the document is in good shape. The current editors have made some significant improvements. Personnel: Martin Thomson is document shepherd. Barry Leiba is the responsible Area Director. From nobody Fri Sep 25 08:09:57 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED9723A0E53; Fri, 25 Sep 2020 08:09:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FPazJcTGQzmb; Fri, 25 Sep 2020 08:09:49 -0700 (PDT) Received: from clarinet.employees.org (clarinet.employees.org [198.137.202.74]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E0C273A0E43; Fri, 25 Sep 2020 08:09:43 -0700 (PDT) Received: by clarinet.employees.org (Postfix, from userid 1736) id 26D644E11D75; Fri, 25 Sep 2020 15:09:43 +0000 (UTC) Date: Fri, 25 Sep 2020 16:09:43 +0100 From: Derek Fawcus To: captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org Message-ID: <20200925150943.GA26109@clarinet.employees.org> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <08df01d69124$49ab1f90$dd015eb0$@akayla.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <08df01d69124$49ab1f90$dd015eb0$@akayla.com> Archived-At: Subject: Re: [Captive-portals] [Int-area] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2020 15:09:52 -0000 On Tue, Sep 22, 2020 at 02:06:48PM -0700, Peter Yee wrote: > I believe that the address randomization (Private Address) can be turned off in iOS 14, > but it seems to be a manual operation per ESSID only. Sort of yes and no. I happened to notice it this morning, having got IOS 14 on a device. There is a manual configuration knob, it defaults to on. Despite that it did (eventually) detect that the network does not support randomization, and operationally disabled it, with a warning message about the privacy feature being disabled or incompatible with the network, but with the 'private address' being the built in MAC address. Or at least it did initially before I manually disabled the randomisation after noticing the warning, now it seems to only operate as a manual on/off knob with no fallback operational disabling. Also I happen to have a LAN, with 3 ESSIDs operating on it. All currently using MAC filtering (yeah I know they can be spoofed). Apple have a document describing what they desire for WiFi: https://support.apple.com/en-gb/HT202068 Where amongst other things, they mention not using different SSIDs for different frequencies on the same LAN. I guess the issue here is that when roaming between ESSIDs they'll change MAC, affecting DHCP allocations and/or SLAAC and thereby break ongoing IP connectivity, or force ARP and/or NDP re-resolution. I'll have a go at disabling the MAC filter at some point, and see how that affects the roaming behaviour. Given the prevalence of broken NATs, I suspect lots of apps will just recover, at worst after a delay. DF From nobody Tue Sep 29 05:35:03 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C03F3A0A1F for ; Tue, 29 Sep 2020 05:35:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -9.597 X-Spam-Level: X-Spam-Status: No, score=-9.597 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=bTLszZ8o; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=AnKkuJss Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wfDIulFrYvjR for ; Tue, 29 Sep 2020 05:34:59 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 373C33A0A0B for ; Tue, 29 Sep 2020 05:34:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=10893; q=dns/txt; s=iport; t=1601382899; x=1602592499; h=from:to:cc:subject:date:message-id:mime-version; bh=YQZvHbI3N1bGXb8wM3DZ4phVEi9Z5LSXWl15crQ+ZIA=; b=bTLszZ8olGdHY5bJ8JQZv0W4V51MLMbFttc+wocfY8JhNf7Ucj8H6O5s xYOUEgQq4F9exgmv0YksyhSxFKrLIQM09pWr8tMOE0ugtfZpzK9oo9Zw1 SE+HXY1oY3OGydcX/UyujEXAMXqZby041gzTcy4oGuoD3LS3ByMs+gEI5 M=; IronPort-PHdr: =?us-ascii?q?9a23=3AEsqe5hzPERhKBhnXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5ZRWFt/RgkFGPWp/UuLpIiOvT5qbnX2FIoZOMq2sLf5EEUR?= =?us-ascii?q?gZwd4XkAotDI/gawX7IffmYjZ8EJFEU1lorHC2LUYTH9zxNBXep3So5msUHR?= =?us-ascii?q?PyfQN+OuXyHNvUiMK6n+C/8pHeeUNGnj24NLhzNx6x6w7Ws5ob?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CYCACcKXNf/4ENJK1ggliBIy9RB3B?= =?us-ascii?q?ZLyyEPYNGA41XlC+EboEuFIERA1ULAQEBDQEBIwoCBAEBhEsZghgCJTYHDgI?= =?us-ascii?q?DAQELAQEFAQEBAgEGBG2FXAyFdRYRHQEBNwERAUoCBDAnBAENJ4MEAYF+TQM?= =?us-ascii?q?uAQ6qBQKBOYhhdoEygwEBAQWFDBiCEAMGgTiCcoNpgkGEEhuBQT+BOAwQgh9?= =?us-ascii?q?sglwCgSoBEgFOgmozgi2QBQ+CaAE8hn+dDgqCZ4h7kVwDH4MNiX6UCJMJimu?= =?us-ascii?q?VIwIEAgQFAg4BAQWBWgEzZ3BwFWUBgj5QFwINV5E5hRSFQnQCNQIGAQkBAQM?= =?us-ascii?q?JfI1yAQE?= X-IronPort-AV: E=Sophos;i="5.77,318,1596499200"; d="scan'208,217";a="570043283" Received: from alln-core-9.cisco.com ([173.36.13.129]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 29 Sep 2020 12:34:58 +0000 Received: from XCH-RCD-003.cisco.com (xch-rcd-003.cisco.com [173.37.102.13]) by alln-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id 08TCYvjg003189 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 29 Sep 2020 12:34:58 GMT Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-003.cisco.com (173.37.102.13) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 29 Sep 2020 07:34:57 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 29 Sep 2020 07:34:56 -0500 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 29 Sep 2020 07:34:56 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dp18l3q5graWcIwt/YSzNeNI37eELQPmzFMjivzH8i2cNMJXFq+TUs7x104gf45QbBsDAan02Y2JxtEE0zeHHPxYo4AQQfiI3q0TnKWrBJqvj2j81+rnmso51BH3GtikSBy0xxMWJFGmUs2E58q3qwKHBcVMmOsd1gJeP+K1JDsBBF6cSbHLPtuL21I9WHKy5fNa5rpH/SCrSal/W/HB8fX4K7yVkOFQc8ggQ7iHiXG3HnnzwcGCDqIEWmmW7iwMTy0LaOtGXrlqCGuyPKAKPYbRE51k4YuffnNJ8UFuyyD6rqGYUyD254N51/uDuEtyO5ISHAR8Qhmzhq1KR8e1Lg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YQZvHbI3N1bGXb8wM3DZ4phVEi9Z5LSXWl15crQ+ZIA=; b=eKtdEvjx0yZ6oOpueogZCte8DVbnW4rgGUAv0hXgdBcG73yJNd6TVJlLh7FVa77dAlBrsipcKi7LCFPtQpsBPKCMh98J2Gw00sXbQKCf+t8HG3T2QissJTfp5YJft3Q1cK+Ev8XUgDyIdZyq6aNw8SKW5nqgJQcAnXQsY993Akf+YVzVIQVmwtJyVWGS+ROuwTHYjt3vory4JzWKGpE0cDZAnGCMQtaxhWFehxBsEdqOL4PD6fwsbZYVZo9TaCREDlScJqNmTNKYeLTS3Hxe1fIawWjH3P5BT3bTba1QqGLLrFMCz02Lad/Ryl2QzdYthZHf7nyPS8zdmElQA5f13w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YQZvHbI3N1bGXb8wM3DZ4phVEi9Z5LSXWl15crQ+ZIA=; b=AnKkuJssn2O4G3KsOtCexnjdS9n/17vldShFaUiizHKVz8ztEzfzV53mdRR3mC7UCC0N7lIfwm47TB9s7lBYVnHNK1lhHlyrDfHkmvNglgn5tYrlWq0fgsBZWnyAYZIcTfAOgPFB9HbtRDpqy7jsd9lDId13z28Ln9dmeXEeu84= Received: from BN6PR11MB1844.namprd11.prod.outlook.com (2603:10b6:404:103::20) by BN6PR11MB1843.namprd11.prod.outlook.com (2603:10b6:404:fb::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.20; Tue, 29 Sep 2020 12:34:55 +0000 Received: from BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7]) by BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7%12]) with mapi id 15.20.3433.032; Tue, 29 Sep 2020 12:34:55 +0000 From: "Eric Vyncke (evyncke)" To: "captive-portals@ietf.org" , "Livingood, Jason" , "Yiu_Lee@comcast.com" , "Jason.Weil@charter.com" CC: Magnus Westerlund , Erik Kline , Roman Danyliw , Benjamin Kaduk , "martin.h.duke@gmail.com" Thread-Topic: BoF proposal: Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWllzvuHaeR/7uD06XDDQQRIwzhg== Date: Tue, 29 Sep 2020 12:34:55 +0000 Message-ID: <8268A388-6A3E-4834-8398-A2353FFF642A@cisco.com> Accept-Language: fr-BE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.41.20091302 authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com; x-originating-ip: [2001:420:c0c1:36:9142:f78b:7560:e82] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 72f614af-0067-4fd9-ed42-08d864741243 x-ms-traffictypediagnostic: BN6PR11MB1843: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PuggSqPPvyqJ4CX8p6Vuj1shUWVzIHvorJSDSbF9P4RgjkZBBcWbWqDt5iws8Tf+4ThDC9VPVBQUG+zzh7A5I8PmnAUl3y5enIBadXYYnu/W3BxFwjZkPrkqu2ulOb4roawzKx/Q2z7ZQIulJQxXbkiAGNJ4CWkZfsmOrS+xBhMuymcc+RKiYu/l4UniijYNWw7PWFt9zsyGW8ZtYUNyDoXIbt050pOX+QAEO9Zo33X351nqcAL40qB+jvkyIblgiIobob7JHAeE241Htsh4NkhtmtROr3uNw7DQTzfIDd5yi6Fg40Ixq7ybE/ROmMjvh25F4/1r5h8sSeRB3HvcN+xY8FPxH41JtRaS8ZR6KJKxSZCnMuQi55mamupMSaELyvGTXE3aQX2yBPaNOZJYC+0WcqIu7T59A9fJ++EWMKoLY7yVxWHEGifdG9KENCya7KUI5PGomW76ei/uN4czDA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1844.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(366004)(136003)(39860400002)(346002)(396003)(2906002)(76116006)(91956017)(6512007)(36756003)(110136005)(33656002)(8936002)(54906003)(8676002)(66946007)(86362001)(166002)(186003)(71200400001)(5660300002)(66446008)(64756008)(66556008)(66476007)(966005)(4326008)(478600001)(2616005)(316002)(6506007)(6486002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: 5RnLFjdqwf+e4Ak4+TtZwG+0EuB+nK/BF1xr35L/L9v8mOAq7SioQoypFLf1nc2nCbp/zMEqvAxKVBuaOwtTnSkwn+JA/ygJOdPN7YOgnPeRr1w3Zk4w8Ze6A6o3E4+DqJloG3VA3pXR/R575diy/E+PQwdEkOnRoQmdtIl+Y6J5dNzQItGjrRCted6jIBkQYNt91jdOcGUADQbXuH9Kf6qzB444dUrIVkj/rDLg+KYTMuWqbWT/Wgfi4OXKR5/92Ws6jYZlSQeHTlzwTe8mGoKyRYFAT/hnczEKvYEklLL7VZQH+XyfZ20sAQdWE5BpE3mJCnAinfRBMF+kEMgJS6eFVecxoBDMt/vsyRU01wf6wGbUC3mO2GNP1lgrdM9RcPRAQcCATzRAmBmP7J+Fz3UR0dbQ6dOhRB+Z3V4zkm9KpEDgXOS3Prc1z9m8YFNpzuLlEdB9UilVxPmC9G9k4DYV68Njof7PIP0njL2PhZZqAw1m96yDRZZmfwXnOsG01/m/y7Oyufea5QjKZzAJoRwdZ3CwIjsTnKihv233VKF6I4e203iGGygMQu18AZkN7jYEXkmlM2oLkqs2RDU55tnV27sBElYxPTspg6WxuTlISxUqMwtjJqViM0VvWcdz4uJpFQ64vcufUe4SQdHtUNcN5YNXP/6b5s62kP6FZleuYHgfpgr5AY08dpqIiwHfN6Emjqnk+HJtuDOatnKcXQ== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_8268A3886A3E48348398A2353FFF642Aciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1844.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 72f614af-0067-4fd9-ed42-08d864741243 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2020 12:34:55.6941 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: BIhMkjAjy2vpH5FwykTTz7IMWIULOUQv6/xqGamTFtjwqbxh4EMvKvNH/V6xXaPVux4h/yqS9X48HEQ9Wc08vw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR11MB1843 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.13, xch-rcd-003.cisco.com X-Outbound-Node: alln-core-9.cisco.com Archived-At: Subject: [Captive-portals] BoF proposal: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 12:35:02 -0000 --_000_8268A3886A3E48348398A2353FFF642Aciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SmFzb24sIEphc29uLCBZaXUsDQoNCg0KDQpCYXNlZCBvbiB0aGUgcHJldmlvdXMgZW1haWwgdGhy ZWFkLCBtYXkgSSBzdWdnZXN0IGEgY291cGxlIG9mIGl0ZW1zIHRvIGltcHJvdmUgdGhlIEJvRiBw cm9wb3NhbCAod2lraS9hZ2VuZGEpID8NCg0KLSBJIGd1ZXNzIHRoYXQgdGhlcmUgd2lsbCBiZSBt b3JlIHRoYW4gNTAgcGVvcGxlIGJhc2VkIG9uIHRoZSBpbml0aWFsIHJlYWN0aW9ucw0KDQotIGFk ZGluZyBjYXBwb3J0IGFzIGNvbmZsaWN0IHRvIGJlIGF2b2lkZWQgZm9yIHRoZSBCb0YNCg0KLSBh ZGRpbmcgYSBsaW5rIHRvIGRyYWZ0LWxlZS1yYW5kb21pemVkLW1hY2FkZHItcHMNCg0KLSBhc3N1 bWluZyB0aGF0IGl0IGlzIHRvbyBlYXJseSB0byBmb3JtIGEgV0csIHBsZWFzZSBzdGF0ZSB0aGUg c3RhdHVzIG9mIOKAmG5vbiBXRyBmb3JtaW5n4oCZDQoNCi0gcHV0dGluZyAgdGhlIGRlc2NyaXB0 aW9uICYgYWdlbmRhIG9uIHRoZSB3aWtpIGh0dHBzOi8vdHJhYy50b29scy5pZXRmLm9yZy9ib2Yv dHJhYy93aWtpIGJlZm9yZSB0aGlzIEZyaWRheSAybmQgb2YgT2N0b2JlciBkZWFkbGluZQ0KDQot IHN0YXJ0aW5nIHRvIGZpbmQgYSBwb3RlbnRpYWwgY2hhaXIgd2hvIGlzIG5vdCBhIHByb3BvbmVu dA0KDQotIEFkZGluZyBkaXNjdXNzaW9uIGFib3V0IHByaXZhY3kgaW1wYWN0IG9uIHRoZSBhZ2Vu ZGEgaXMgaW1wb3J0YW50IG9yIGV2ZW4gY3JpdGljYWwNCg0KLSBhZGRpbmcgSUVFRSBjb29yZGlu YXRpb24gaXMgYWxzbyBpbXBvcnRhbnQgKGNvdWxkIGJlIGhhbmRsZWQgYmVmb3JlIHRoZSBwb3Rl bnRpYWwgQm9GKQ0KDQoNCg0KTW9yZSBzcGVjaWZpYyB0byBkcmFmdC1sZWUtcmFuZG9taXplZC1t YWNhZGRyLXBzLTAxLCBoZXJlIGFyZSBhIGNvdXBsZSBvZiBjb21tZW50cyAobW9zdGx5IGRldGFp bHMpOg0KDQogICogICBNQUMgYWRkcmVzc2VzIGFyZSBub3QgYWx3YXlzIDQ4IGJpdHMgbG9uZw0K ICAqICAgTUFDIGFkZHJlc3NlcyBhcmUgbm90IGFsd2F5cyBhc3NpZ25lZCBieSBtYW51ZmFjdHVy ZXJzICh0aGluayBWTSkNCiAgKiAgIFN1Z2dlc3QgdG8gZGlzdGluZ3Vpc2ggYmV0d2VlbiDigJhz dGFibGXigJkgYW5kIOKAmHN0YXRpY+KAmSBhbmQg4oCYcGVyc2lzdGVudOKAmSBNQUMgYWRkcmVz cw0KICAqICAgT2YgY291cnNlIEJDUCAxNCBpcyBubyBtb3JlIFJGQyAyMTE5IDstKQ0KICAqICAg UFMtMDQgaXMgbW9yZSBhIHJlcXVpcmVtZW50IHRoYW4gYSBwcm9ibGVtIHN0YXRlbWVudA0KDQoN Cg0KSG9wZSB0aGlzIGhlbHBzIGFuZCBoYXBweSB0byBjb250aW51ZSB0aGUgZGlzY3Vzc2lvbiBv ZiBjb3Vyc2UgOy0pDQoNCg0KDQotw6lyaWMNCg== --_000_8268A3886A3E48348398A2353FFF642Aciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFp blRleHQsIGxpLk1zb1BsYWluVGV4dCwgZGl2Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJp b3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBj bTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm O30NCnNwYW4uUGxhaW5UZXh0Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiUGxhaW4gVGV4dCBDaGFy IjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQi Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCi5Nc29DaHBEZWZhdWx0DQoJ e21zby1zdHlsZS10eXBlOmV4cG9ydC1vbmx5O30NCkBwYWdlIFdvcmRTZWN0aW9uMQ0KCXtzaXpl OjYxMi4wcHQgNzkyLjBwdDsNCgltYXJnaW46NzIuMHB0IDcyLjBwdCA3Mi4wcHQgNzIuMHB0O30N CmRpdi5Xb3JkU2VjdGlvbjENCgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0 aW9ucyAqLw0KQGxpc3QgbDANCgl7bXNvLWxpc3QtaWQ6MTQxNDczODQ3OTsNCgltc28tbGlzdC10 eXBlOmh5YnJpZDsNCgltc28tbGlzdC10ZW1wbGF0ZS1pZHM6MTYxMTcxODY0NiAxNDQ5ODMzMjM0 IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3Njk4NjkxIDY3Njk4NjkzIDY3Njk4Njg5IDY3 Njk4NjkxIDY3Njk4NjkzO30NCkBsaXN0IGwwOmxldmVsMQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6LTsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBw dDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgltc28tZmFyZWFzdC1mb250 LWZhbWlseTpDYWxpYnJpO30NCkBsaXN0IGwwOmxldmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZv cm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBw dDsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1s ZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0 ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDps ZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0 Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0K QGxpc3QgbDA6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28t bGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1i ZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OiJD b3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw2DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0 OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7 DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7 DQoJZm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwt bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10 YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWlu ZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMDpsZXZlbDgNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlz dCBsMDpsZXZlbDkNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpXaW5n ZGluZ3M7fQ0Kb2wNCgl7bWFyZ2luLWJvdHRvbTowY207fQ0KdWwNCgl7bWFyZ2luLWJvdHRvbTow Y207fQ0KLS0+PC9zdHlsZT4NCjwvaGVhZD4NCjxib2R5IGxhbmc9ImVuLUJFIiBsaW5rPSIjMDU2 M0MxIiB2bGluaz0iIzk1NEY3MiIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYg Y2xhc3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5KYXNvbiwgSmFz b24sIFlpdSw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5i c3A7PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMi PkJhc2VkIG9uIHRoZSBwcmV2aW91cyBlbWFpbCB0aHJlYWQsIG08L3NwYW4+YXkgSSBzdWdnZXN0 IGEgY291cGxlIG9mIGl0ZW1zIHRvIGltcHJvdmUgdGhlIEJvRiBwcm9wb3NhbCAod2lraS9hZ2Vu ZGEpID88c3BhbiBsYW5nPSJFTi1VUyI+PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+LSBJIGd1ZXNzIHRoYXQgdGhlcmUgd2lsbCBiZSBtb3JlIHRoYW4gNTAg cGVvcGxlPHNwYW4gbGFuZz0iRU4tVVMiPiBiYXNlZCBvbiB0aGUgaW5pdGlhbCByZWFjdGlvbnM8 bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5n PSJFTi1VUyI+LSBhZGRpbmcgY2FwcG9ydCBhcyBjb25mbGljdCB0byBiZSBhdm9pZGVkIGZvciB0 aGUgQm9GPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PHNw YW4gbGFuZz0iRU4tVVMiPi0gYWRkaW5nIGEgbGluayB0byBkcmFmdC1sZWUtcmFuZG9taXplZC1t YWNhZGRyLXBzPC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+ PHNwYW4gbGFuZz0iRU4tVVMiPi0gYXNzdW1pbmcgdGhhdCBpdCBpcyB0b28gZWFybHkgdG8gZm9y bSBhIFdHLCBwbGVhc2Ugc3RhdGUgdGhlIHN0YXR1cyBvZiDigJhub24gV0cgZm9ybWluZ+KAmTxv OnA+PC9vOnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9 IkVOLVVTIj4tIHB1dHRpbmcgJm5ic3A7dGhlIGRlc2NyaXB0aW9uICZhbXA7IGFnZW5kYSBvbiB0 aGUgd2lraQ0KPGEgaHJlZj0iaHR0cHM6Ly90cmFjLnRvb2xzLmlldGYub3JnL2JvZi90cmFjL3dp a2kiPmh0dHBzOi8vdHJhYy50b29scy5pZXRmLm9yZy9ib2YvdHJhYy93aWtpPC9hPiBiZWZvcmUg dGhpcyBGcmlkYXkgMm5kIG9mIE9jdG9iZXIgZGVhZGxpbmU8bzpwPjwvbzpwPjwvc3Bhbj48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJFTi1VUyI+LSBzdGFydGluZyB0 byBmaW5kIGEgcG90ZW50aWFsIGNoYWlyIHdobyBpcyBub3QgYSBwcm9wb25lbnQ8bzpwPjwvbzpw Pjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tIEFkZGluZyBkaXNjdXNzaW9u IGFib3V0IHByaXZhY3kgaW1wYWN0IG9uIHRoZSBhZ2VuZGEgaXMgaW1wb3J0YW50PHNwYW4gbGFu Zz0iRU4tVVMiPiBvciBldmVuIGNyaXRpY2FsPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPi0gYWRkaW5nIElFRUUgY29vcmRp bmF0aW9uIGlzIGFsc28gaW1wb3J0YW50IChjb3VsZCBiZSBoYW5kbGVkIGJlZm9yZSB0aGUgcG90 ZW50aWFsIEJvRik8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb1BsYWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPk1vcmUgc3BlY2lmaWMgdG8gZHJh ZnQtbGVlLXJhbmRvbWl6ZWQtbWFjYWRkci1wcy0wMSwgaGVyZSBhcmUgYSBjb3VwbGUgb2YgY29t bWVudHMgKG1vc3RseSBkZXRhaWxzKTo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8dWwgc3R5bGU9 Im1hcmdpbi10b3A6MGNtIiB0eXBlPSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvUGxhaW5UZXh0IiBz dHlsZT0ibXNvLWxpc3Q6bDAgbGV2ZWwxIGxmbzEiPjxzcGFuIGxhbmc9IkVOLVVTIj5NQUMgYWRk cmVzc2VzIGFyZSBub3QgYWx3YXlzIDQ4IGJpdHMgbG9uZzxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+ PGxpIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+ PHNwYW4gbGFuZz0iRU4tVVMiPk1BQyBhZGRyZXNzZXMgYXJlIG5vdCBhbHdheXMgYXNzaWduZWQg YnkgbWFudWZhY3R1cmVycyAodGhpbmsgVk0pPG86cD48L286cD48L3NwYW4+PC9saT48bGkgY2xh c3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1zby1saXN0OmwwIGxldmVsMSBsZm8xIj48c3BhbiBs YW5nPSJFTi1VUyI+U3VnZ2VzdCB0byBkaXN0aW5ndWlzaCBiZXR3ZWVuIOKAmHN0YWJsZeKAmSBh bmQg4oCYc3RhdGlj4oCZIGFuZCDigJhwZXJzaXN0ZW504oCZIE1BQyBhZGRyZXNzPG86cD48L286 cD48L3NwYW4+PC9saT48bGkgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1zby1saXN0Omww IGxldmVsMSBsZm8xIj48c3BhbiBsYW5nPSJFTi1VUyI+T2YgY291cnNlIEJDUCAxNCBpcyBubyBt b3JlIFJGQyAyMTE5IDstKTxvOnA+PC9vOnA+PC9zcGFuPjwvbGk+PGxpIGNsYXNzPSJNc29QbGFp blRleHQiIHN0eWxlPSJtc28tbGlzdDpsMCBsZXZlbDEgbGZvMSI+PHNwYW4gbGFuZz0iRU4tVVMi PlBTLTA0IGlzIG1vcmUgYSByZXF1aXJlbWVudCB0aGFuIGEgcHJvYmxlbSBzdGF0ZW1lbnQ8bzpw PjwvbzpwPjwvc3Bhbj48L2xpPjwvdWw+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBs YW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCI+PHNwYW4gbGFuZz0iRU4tVVMiPkhvcGUgdGhpcyBoZWxwcyBhbmQgaGFwcHkgdG8g Y29udGludWUgdGhlIGRpc2N1c3Npb24gb2YgY291cnNlIDstKTxvOnA+PC9vOnA+PC9zcGFuPjwv cD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNw OzwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48c3BhbiBsYW5nPSJF Ti1VUyI+LcOpcmljPG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0 bWw+DQo= --_000_8268A3886A3E48348398A2353FFF642Aciscocom_-- From nobody Tue Sep 29 09:23:24 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88D223A0F25 for ; Tue, 29 Sep 2020 09:23:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.112 X-Spam-Level: X-Spam-Status: No, score=-2.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.213, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GHWwBYfL--RP for ; Tue, 29 Sep 2020 09:23:14 -0700 (PDT) Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABE223A0F71 for ; Tue, 29 Sep 2020 09:22:47 -0700 (PDT) Received: from xse475.mail2web.com ([66.113.197.221] helo=xse.mail2web.com) by mx165.antispamcloud.com with esmtp (Exim 4.92) (envelope-from ) id 1kNIOo-0013WU-J6 for captive-portals@ietf.org; Tue, 29 Sep 2020 18:22:43 +0200 Received: from xsmtp21.mail2web.com (unknown [10.100.68.60]) by xse.mail2web.com (Postfix) with ESMTPS id 4C14Rj4cf9z13HM for ; Tue, 29 Sep 2020 09:22:41 -0700 (PDT) Received: from [10.5.2.49] (helo=xmail11.myhosting.com) by xsmtp21.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1kNIOn-0008OV-HP for captive-portals@ietf.org; Tue, 29 Sep 2020 09:22:41 -0700 Received: (qmail 16658 invoked from network); 29 Sep 2020 16:22:41 -0000 Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.238]) (envelope-sender ) by xmail11.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 29 Sep 2020 16:22:41 -0000 To: Martin Thomson , "Lee, Yiu" , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> From: Christian Huitema Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH Message-ID: Date: Tue, 29 Sep 2020 09:22:41 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-Originating-IP: 66.113.197.221 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 66.113.197.0/24 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.197.0/24@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: unsure X-Spampanel-Outgoing-Evidence: Combined (0.15) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0Z1apovzGPsYhEeBL1aoZmqpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGD9NKqG/fmMP3yul5JhQOTK5aP BLMYd83MuhpCxTgKDz2nRezsSD9ggzIP81d/9RL0WmuNA8WTybi1JN85FSnfKfyrBBzCRb2oe4JC Nd2sOpeuAZSFpNKmPIWDmHyh6XPSp/2ojwWjHVrnU9l5N3uchZFVgpT1b21uZVckGp0ccOZsRgF0 wcvPx91nK3EE+9D+MzCOHPDavhUA6yQVlDyA0a5g95eyZBAGnSXepG9WpP+KeHGV1+GDbwcApRSC c9xvb9lLcno8+LMWQktE6OGVK1Cyj1RWE2fDFBwInXy3MWouNMfKNR0BJhgbBK7NDOmpQy17Ychx ni5a2VYVYiL6p0zFIS4eFFedtqTPxkQeRTOiomu5RawBHfscrcVNTNDmdXkcCRtBI89Ppivzm8CF 7foTcdRszDvfFFq71TR2vNS105zjbKsiPvrvVDH+VNpRclzFnL9mZb0jWXJhjtxPMCM76Y/SM8ga XNdGScJz4OUkZ/wD/TMMbgsGnEqUZSxCg7JpaBcrZVJBXyfQcHd7JadzQjz8ZFYlmRUNjM3bJBuD i1jwT58ciSMJFr3BrJRHtY/s/Uvv+FwuDLtpbo7237gbhIjFDhSjHjVkMDx/0PtgzpOKSmxt687c vHBXDigVPtzFNRLPZVWSDSo9y1Ikw7s02hkni945serl5nRV5ZFcFmoTrH8nT7kwnmD3gB+aNw6F lXH8EHjWuL0nDe5B5iG7X+t1TW39Ja77LGPpOwCUooiGwt/Lp2rwHpWEXc4SKIPTat9+SubgT5Jg 3eSXT/Oi6HTmY+/cXUo8ym6keVx5NKotYZMP4QxilpD1WJVxdwYWcRoGRTsLxqa8TRmmuv9qwM7R XpJS8RjTdyh2j5DIweuSooT6tSPU1x5zpUpIPziDkWQ5faPk5nJXHz00MDRj9D8HLKHAKpPGP8EP nuB53cHIFHavQpo3FUDrLYIQ X-Report-Abuse-To: spam@quarantine11.antispamcloud.com Archived-At: Subject: Re: [Captive-portals] [Int-area] [EXTERNAL] Re: [homenet] Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 16:23:17 -0000 On 9/22/2020 5:52 PM, Martin Thomson wrote: > There's an additional consideration that might be worth pulling out her= e. And it's not an impact on network operations, it's a potential for ap= plications that interact with these network services to undo the work of = lower parts of their stack. > > For instance, if your device connects to the same network and the same = captive portal it might open a web browser to connect to that portal. If= the web browser presents the cookies it received from the portal last ti= me they talked, it undoes the work of the OS. > > Now, some implementations use these nasty browser-like things with aggr= essive sandboxing that don't save cookies. That comes with other costs, = but it addresses the problem up until the point that the network connecti= on is restored and then who knows what happens once the pseudo-browser is= no longer involved. > > Maybe that is out of scope for your draft, but it shouldn't be out of s= cope for a group that attempts to look more closely at providing advice f= or dealing with these features. > > (Does this thread really need to be cross-posted so widely? Can we dec= ide on a single venue?) Martin is making an important point here. There are a number of privacy enhancing technologies deployed at different layers: MAC address randomization at L2, Privacy addresses at L3, various forms of encryption and compartments at L4 and above. Each of these technologies is useful by itself, but they can easily be defeated by deployment mistakes. For example: 1) Using the same IP address with different MAC addresses negates a lot of the benefits of randomized MAC addresses, 2) Using a private IP address provides some privacy to client connections. However, if the same address is also used for a publicly accessible server, a lot of the privacy benefits disappear. 3) Using a private IP address without also using a randomized MAC address is not going to provide privacy against local observers. 4) Web cookies and other forms of web tracking are widely used to enable surveillance. Randomizing the MAC address and the IP address without also doing something about web tracking is not going to provide much gain= s. Defining that "something about web tracking" is challenging, given requirements for users to identify themselves to social media sites and other services. My personal choice would be some form of compartments, each with their own IP address and MAC address, but opinions will probably vary. That would be a great topic for a BOF. -- Christian Huitema From nobody Tue Sep 29 10:30:07 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAE253A0F37; Tue, 29 Sep 2020 10:30:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DMlYCQF16SmQ; Tue, 29 Sep 2020 10:29:59 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 768953A0F36; Tue, 29 Sep 2020 10:29:59 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 0D9AC389D4; Tue, 29 Sep 2020 13:34:50 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id r26zzGsPn7ym; Tue, 29 Sep 2020 13:34:49 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 8AF54389C7; Tue, 29 Sep 2020 13:34:49 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 0CE5DAAD; Tue, 29 Sep 2020 13:29:56 -0400 (EDT) From: Michael Richardson To: Christian Huitema , Martin Thomson , "Lee, Yiu" , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" In-Reply-To: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Date: Tue, 29 Sep 2020 13:29:56 -0400 Message-ID: <19117.1601400596@localhost> Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 17:30:02 -0000 Christian Huitema wrote: > Martin is making an important point here. There are a number of privacy > enhancing technologies deployed at different layers: MAC address > randomization at L2, Privacy addresses at L3, various forms of > encryption and compartments at L4 and above. Each of these technologies > is useful by itself, but they can easily be defeated by deployment > mistakes. For example: You are spot on. But, even your four points muddle things. We need some diagrams that we can all agree upon, and we need to name the different observers. Each thing defends against different kinds of observers, and not all observers can see all things. Some observers may collaborate (I invoke, the WWII French resistance emotion for this term...) Some observers may have strong reasons not to. > 1) Using the same IP address with different MAC addresses negates a lot > of the benefits of randomized MAC addresses, This assumes that a single observer can observe both at the same time. WEP++ leaves MAC addresses visible, but encrypts the rest of L3 content. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ From nobody Tue Sep 29 10:59:53 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEC2E3A0F9C; Tue, 29 Sep 2020 10:59:50 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.097 X-Spam-Level: X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u23KVAgoZhOO; Tue, 29 Sep 2020 10:59:49 -0700 (PDT) Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 430203A0F9B; Tue, 29 Sep 2020 10:59:49 -0700 (PDT) Received: by mail-ua1-x929.google.com with SMTP id n26so3753318uao.8; Tue, 29 Sep 2020 10:59:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=dXWPNpKEmQY5sAoMAFFOSYKHR7HpmglxXC+borVUaV4=; b=gyBiG2VgMLnQQXWaFENq/mnCgQDX3pAEiMVs9ugsnqoMqaQfU1+yDuDkUp9eV+rRQm UFTbB1Sa8mwK2QGIxBWOWBse6TtUlVe5eqC2/jspGB7CzEtgl71FRHuNALoqoHFttd9R PbCG95YxGnb9VpEdqXIPQprRfDFo6wWQ4TEDj4NM4CLwIH7adV3Rqknj94oiE8aX7zPI P31q/rKmz2jBCpNrFHEqyiyWWF/9AXtTPsb2g1ThbWds2tuGxzV2q0t9zweHnmMy8F30 qdquJe4tCpW31ynh/lNXjAimMzysGhhJjErbDwmVJSwuMIRHJ4D90IkwtANri1mvNJZa JqJw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=dXWPNpKEmQY5sAoMAFFOSYKHR7HpmglxXC+borVUaV4=; b=Ht9XjLBFrjVdjZZkNskh+OUkQHNycy6XtvWpO7AoVm8QErNHtmkIHDNY/hN1kVt1h7 BwTrHVcwQZ3aR1k5+SMKDCgWz4ZnD3X0DQcllbzv5grLhUQnfLoRbofYz3eZM2VM98FC 2UmiBTKgcvSEIBIvQfT6LA/TIq0gPZIGXtyGZTUs2Zr9RD4JjQ8ITmaNNEyVGPn8hOD4 yT6hOgQK4coSEHwad5S7MmI4e/xJKdYIOOUnmcuiTjLBdQ0h2uf1aM6hYOSV6HtXK84r QOMQqNahPAuvudW9AJTNGx2frk4w8u7ZLJOkb6QKRKCxepVnvOgBzZJzwgwBG9DqNnFU +jHQ== X-Gm-Message-State: AOAM5302qDZLHfT0bvpPAiLgNHEgeZwGY3N/g4HeiaGd71SBUNnh3DXz BPPB5JfvzDHyrhmNgHNRFJJOeft0CRQQJ/1uMKs= X-Google-Smtp-Source: ABdhPJzZDbcfeFislL+DOV8TuiuSaW0hjTkfQPK4osv17+wIbn91t1GPtdgKfEBmQNO452/gU9PLz2SJZowHS4LgmTw= X-Received: by 2002:ab0:b18:: with SMTP id b24mr4993455uak.75.1601402388141; Tue, 29 Sep 2020 10:59:48 -0700 (PDT) MIME-Version: 1.0 References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> In-Reply-To: <19117.1601400596@localhost> From: Brian Dickson Date: Tue, 29 Sep 2020 10:59:37 -0700 Message-ID: To: Michael Richardson Cc: Christian Huitema , Martin Thomson , "Lee, Yiu" , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" Content-Type: multipart/alternative; boundary="0000000000007cdb4c05b0778c60" Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 17:59:51 -0000 --0000000000007cdb4c05b0778c60 Content-Type: text/plain; charset="UTF-8" On Tue, Sep 29, 2020 at 10:30 AM Michael Richardson wrote: > Christian Huitema wrote: > > Martin is making an important point here. There are a number of > privacy > > enhancing technologies deployed at different layers: MAC address > > randomization at L2, Privacy addresses at L3, various forms of > > encryption and compartments at L4 and above. Each of these > technologies > > is useful by itself, but they can easily be defeated by deployment > > mistakes. For example: > > You are spot on. > But, even your four points muddle things. > > We need some diagrams that we can all agree upon, and we need to name the > different observers. > > Each thing defends against different kinds of observers, and not all > observers can see all things. > Some observers may collaborate (I invoke, the WWII French resistance > emotion > for this term...) > Some observers may have strong reasons not to. > > > 1) Using the same IP address with different MAC addresses negates a > lot > > of the benefits of randomized MAC addresses, > > This assumes that a single observer can observe both at the same time. > WEP++ leaves MAC addresses visible, but encrypts the rest of L3 content. > Any host/interface that uses ARP (not sure whether any flavor of WiFi does, or if so which flavors), exposes the L3/L2 mapping. So, wired IPv4 for certain (except in very locked-down enterprise settings with static MAC addresses, perhaps) leaks this information to every host on the same broadcast domain (same subnet and possibly additional subnets on the same LAN/VLAN). ARP L2 broadcasts solicit information about IP addresses, and at a minimum each such query exposes its own MAC and IP address. Responses may be unicast or broadcast, not sure which. An active compromised host can easily solicit that information by iterating over all the IP addresses on the subnet and performing an ARP for each one. Brian --0000000000007cdb4c05b0778c60 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Tue, Sep 29, 2020 at 10:30 AM Mich= ael Richardson <mcr@sandelman.ca= > wrote:
Chri= stian Huitema <= huitema@huitema.net> wrote:
=C2=A0 =C2=A0 > Martin is making an important point here. There are a nu= mber of privacy
=C2=A0 =C2=A0 > enhancing technologies deployed at different layers: MAC= address
=C2=A0 =C2=A0 > randomization at L2, Privacy addresses at L3, various fo= rms of
=C2=A0 =C2=A0 > encryption and compartments at L4 and above. Each of the= se technologies
=C2=A0 =C2=A0 > is useful by itself, but they can easily be defeated by = deployment
=C2=A0 =C2=A0 > mistakes. For example:

You are spot on.
But, even your four points muddle things.

We need some diagrams that we can all agree upon, and we need to name the different observers.

Each thing defends against different kinds of observers, and not all
observers can see all things.
Some observers may collaborate (I invoke, the WWII French resistance emotio= n
for this term...)
Some observers may have strong reasons not to.

=C2=A0 =C2=A0 > 1) Using the same IP address with different MAC addresse= s negates a lot
=C2=A0 =C2=A0 > of the benefits of randomized MAC addresses,

This assumes that a single observer can observe both at the same time.
WEP++ leaves MAC addresses visible, but encrypts the rest of L3 content.

Any host/interface that uses ARP (not sur= e whether any flavor of WiFi does, or if so which flavors), exposes the L3/= L2 mapping.=C2=A0
So, wired IPv4 for certain (except in very lock= ed-down enterprise settings with static MAC addresses, perhaps) leaks this = information to every host on the same broadcast domain (same subnet and pos= sibly additional subnets on the same LAN/VLAN).

AR= P L2 broadcasts solicit information about IP addresses, and at a minimum ea= ch such query exposes its own MAC and IP address. Responses may be unicast = or broadcast, not sure which.
An active compromised host can easi= ly solicit that information by iterating over all the IP addresses on the s= ubnet and performing an ARP for each one.

Brian


--0000000000007cdb4c05b0778c60-- From nobody Tue Sep 29 11:41:30 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 988CC3A1043; Tue, 29 Sep 2020 11:41:28 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mT516XJ7vEq8; Tue, 29 Sep 2020 11:41:26 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E4C83A103D; Tue, 29 Sep 2020 11:41:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 9C3CD389D4; Tue, 29 Sep 2020 14:46:18 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id lcHtrGGy5jTJ; Tue, 29 Sep 2020 14:46:18 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 1D261389D3; Tue, 29 Sep 2020 14:46:18 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 64C0150C; Tue, 29 Sep 2020 14:41:24 -0400 (EDT) From: Michael Richardson To: Brian Dickson cc: "int-area\@ietf.org" , "captive-portals\@ietf.org" , "homenet\@ietf.org" In-Reply-To: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 18:41:29 -0000 <#secure method=3Dpgpmime mode=3Dsign> Brian Dickson wrote: > Any host/interface that uses ARP (not sure whether any flavor of WiFi > does, or if so which flavors), exposes the L3/L2 mapping. Yes, WIFI does use ARP. On all flavours. Encrypted WIFI, which is mostly the default now, encrypts everything above the L2, so the L3 part of the mapping is not seen by passive EM observers. ARP broadcasts as you mention, so other stations on the network could see t= he mapping, and the AP by default helpfully re-encrypts broadcasts to every station. But, that's not a passive observer: the observer is on the networ= k. Many APs filter ARP broadcasts as being useless chatter. > So, wired > IPv4 for certain (except in very locked-down enterprise settings with > static MAC addresses, perhaps) leaks this information to every host on > the same broadcast domain (same subnet and possibly additional subnets > on the same LAN/VLAN). Yes, but that's not wifi. Phones do not have wired connections. > ARP L2 broadcasts solicit information about IP addresses, and at a > minimum each such query exposes its own MAC and IP address. Responses > may be unicast or broadcast, not sure which. An active compromised > host can easily solicit that information by iterating over all the IP > addresses on the subnet and performing an ARP for each one. It will be good if we can get a document from the MAC randomization proponents (if there is such a group), to explain the thread profile. I don't think it includes active compromised hosts. Such hosts can also ARP/ND spoof, and can even do that for the router (".1"= ), capturing all the traffic on the network. -- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide From nobody Tue Sep 29 12:03:44 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFC293A10E0; Tue, 29 Sep 2020 12:03:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.212 X-Spam-Level: X-Spam-Status: No, score=-2.212 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EAaysqfMqgwU; Tue, 29 Sep 2020 12:03:35 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 703813A10F5; Tue, 29 Sep 2020 12:03:05 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id B95C4BE56; Tue, 29 Sep 2020 20:03:02 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vkhY59afjoBW; Tue, 29 Sep 2020 20:03:00 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 68A31BE50; Tue, 29 Sep 2020 20:03:00 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1601406180; bh=j5cTO/p2ASO1CyPxb3glNW8hI8Dustxksltr08hYVd8=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=bra0P87m66C3QOaAUNu3OOW6O8JK+N73Z3yDhZL+g1VIWW1JtbONWrKpDYA4GJvdb ugF/ZGwxNZz/TdJqs8ndcot1Cnq3yOy+gWpqrDw7vwHStS0ILIfLZK5KNAhweqlRPv sueZLed3KmYqY9hr0nS2M6p5+dLJPXzxojD0hpuU= To: Michael Richardson , Brian Dickson Cc: "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> Date: Tue, 29 Sep 2020 20:02:59 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <4215.1601404884@localhost> Content-Type: multipart/mixed; boundary="------------B6CC376DA78D24B44EC5FABA" Content-Language: en-US Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 19:03:38 -0000 This is a multi-part message in MIME format. --------------B6CC376DA78D24B44EC5FABA Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hiya, On 29/09/2020 19:41, Michael Richardson wrote: > It will be good if we can get a document from the MAC randomization > proponents (if there is such a group), to explain the thread profile. > I don't think it includes active compromised hosts. That is a problem yes. I no longer think "compromised host" is the correct term there though. In the case of android, we found google play services regularly calls home linking all these identifiers and more (phone#, sim serial, imei...) [1] for Google's own uses. I'd be very surprised if other entities (e.g. other OS and handset makers) weren't doing the same kind of thing (in fact I've seen some of that but we've not yet written it up). And supposedly innocuous "apps" can and do embed SDKs that also do that kind of thing. [2] I don't think "compromised" is an apt term for such a host. Perhaps it is apt for almost the entire mobile ecosystem? More on-topic, I do think MAC address randomisation has a role to play for WiFi as it does for BLE, but yes there is a lack of guidance as to how to implement and deploy such techniques well. It's a bit tricky though as it's fairly OS dependent so maybe not really in scope for the IETF? (For the last 3 years I've set a possible student project in this space, but each time a student has considered it, it turned out "too hard";-) Cheers, S. [1] https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf [2] https://arxiv.org/abs/2009.06077 --------------B6CC376DA78D24B44EC5FABA Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =YzQY -----END PGP PUBLIC KEY BLOCK----- --------------B6CC376DA78D24B44EC5FABA-- From nobody Tue Sep 29 12:04:25 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 887A83A1109 for ; Tue, 29 Sep 2020 12:04:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.111 X-Spam-Level: X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4QH2Ca2qGFSo for ; Tue, 29 Sep 2020 12:04:21 -0700 (PDT) Received: from mx36-out10.antispamcloud.com (mx36-out10.antispamcloud.com [209.126.121.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C62293A1165 for ; Tue, 29 Sep 2020 12:04:08 -0700 (PDT) Received: from xse123.mail2web.com ([66.113.196.123] helo=xse.mail2web.com) by mx168.antispamcloud.com with esmtp (Exim 4.92) (envelope-from ) id 1kNKv0-0013Db-1I for captive-portals@ietf.org; Tue, 29 Sep 2020 21:04:07 +0200 Received: from xsmtp22.mail2web.com (unknown [10.100.68.61]) by xse.mail2web.com (Postfix) with ESMTPS id 4C180v27YGz1kvm for ; Tue, 29 Sep 2020 12:03:11 -0700 (PDT) Received: from [10.5.2.31] (helo=xmail09.myhosting.com) by xsmtp22.mail2web.com with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.92) (envelope-from ) id 1kNKu7-0005px-50 for captive-portals@ietf.org; Tue, 29 Sep 2020 12:03:11 -0700 Received: (qmail 18891 invoked from network); 29 Sep 2020 19:03:10 -0000 Received: from unknown (HELO [192.168.1.107]) (Authenticated-user:_huitema@huitema.net@[172.58.43.238]) (envelope-sender ) by xmail09.myhosting.com (qmail-ldap-1.03) with ESMTPA for ; 29 Sep 2020 19:03:10 -0000 To: Brian Dickson , Michael Richardson Cc: Martin Thomson , "Lee, Yiu" , "captive-portals@ietf.org" , "homenet@ietf.org" , "int-area@ietf.org" References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> From: Christian Huitema Autocrypt: addr=huitema@huitema.net; prefer-encrypt=mutual; keydata= mDMEXtavGxYJKwYBBAHaRw8BAQdA1ou9A5MHTP9N3jfsWzlDZ+jPnQkusmc7sfLmWVz1Rmu0 J0NocmlzdGlhbiBIdWl0ZW1hIDxodWl0ZW1hQGh1aXRlbWEubmV0PoiWBBMWCAA+FiEEw3G4 Nwi4QEpAAXUUELAmqKBYtJQFAl7WrxsCGwMFCQlmAYAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQELAmqKBYtJQbMwD/ebj/qnSbthC/5kD5DxZ/Ip0CGJw5QBz/+fJp3R8iAlsBAMjK r2tmyWyJz0CUkVG24WaR5EAJDvgwDv8h22U6QVkAuDgEXtavGxIKKwYBBAGXVQEFAQEHQJoM 6MUAIqpoqdCIiACiEynZf7nlJg2Eu0pXIhbUGONdAwEIB4h+BBgWCAAmFiEEw3G4Nwi4QEpA AXUUELAmqKBYtJQFAl7WrxsCGwwFCQlmAYAACgkQELAmqKBYtJRm2wD7BzeK5gEXSmBcBf0j BYdSaJcXNzx4yPLbP4GnUMAyl2cBAJzcsR4RkwO4dCRqM9CHpVJCwHtbUDJaa55//E0kp+gH Message-ID: Date: Tue, 29 Sep 2020 12:03:09 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/alternative; boundary="------------79D2D7C80BA7374FFADDBDDD" Content-Language: en-US X-Originating-IP: 66.113.196.123 X-Spampanel-Domain: xsmtpout.mail2web.com X-Spampanel-Username: 66.113.196.123/32 Authentication-Results: antispamcloud.com; auth=pass smtp.auth=66.113.196.123/32@xsmtpout.mail2web.com X-Spampanel-Outgoing-Class: unsure X-Spampanel-Outgoing-Evidence: Combined (0.15) X-Recommended-Action: accept X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0Z1apovzGPsYhEeBL1aoZmqpSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGD9NKqG/fmMP3yul5JhQOTK5aP BLMYd83MuhpCxTgKDz2bFxYJnRQK0gEcuviCIvd+WmuNA8WTybi1JN85FSnfKfyrBBzCRb2oe4JC Nd2sOpeuAZSFpNKmPIWDmHyh6XPSNIO/emvhlwlcA0NK2OuLB5FVgpT1b21uZVckGp0ccOZsRgF0 wcvPx91nK3EE+9D+MzCOHPDavhUA6yQVlDyA0a5g95eyZBAGnSXepG9WpP+KeHGV1+GDbwcApRSC c9xvb9lLcno8+LMWQktE6OGVK1Cyj1RWE2fDFBwInXy3MWouNMfKNR0BJhgbBK7NDOmpQy17Ychx ni5a2VYVYiL6p0zFIS4eFFedtqTPxkQeRTOiomu5RawBHfscrcVNTNDmdXkcCRtBI89Ppivzm8CF 7foTcdRszDvfFFq71TR2vNS105zjbKsiPvrvVDH+VNpRclzFnL9mZb0jWXJhjtxPMCM76Y/SM8ga XNdGScJz4OUkZ/wD/TMMbgsGnEqUZSxCnVxASo9dHmMdBMpGA/F0Ea3nkY07HqD3TNAtU1GuOwZW TcUVh8zbZfcKACLJrQoefqrtsPZ1hcyhjIkCZT/HnPGISNE/hO231c8s4dw5L8oMhGfTGKeYohdq JlHBQlshrlP9M6a63suU95GjnImx4UvcvbjW7NQ6sDu9dQojc3NIYDh60e9w4/wmpOTrpF/vPUIV F2OW2qEaVbUHcFpJPHLYM3A6BXfvel8OEFDbU53AkkgbH6S0I3lUiwbrW8csqFRGTooeK78BeuwV S1l7cjVjn0ct4reaW46myUBetVNddn8KKfQU2n19Ayh48sIRmzvvJzEWC/ZHpFS+HYcdOon5y/vc IKE4+MoDT8NV3zdM7Ahub8TBeVhtYGLHDQnyEj+FTyUVIz4E3+N7ec+ThjDIZMcgCg0Vf6NxbsMa Z0R5yhTi9qm8IZJSHpFdJ5bb X-Report-Abuse-To: spam@quarantine11.antispamcloud.com Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 19:04:24 -0000 This is a multi-part message in MIME format. --------------79D2D7C80BA7374FFADDBDDD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 9/29/2020 10:59 AM, Brian Dickson wrote: > > On Tue, Sep 29, 2020 at 10:30 AM Michael Richardson > wrote: > > Christian Huitema > wrote: > =C2=A0 =C2=A0 > Martin is making an important point here. There are= a number > of privacy > =C2=A0 =C2=A0 > enhancing technologies deployed at different layers= : MAC address > =C2=A0 =C2=A0 > randomization at L2, Privacy addresses at L3, vario= us forms of > =C2=A0 =C2=A0 > encryption and compartments at L4 and above. Each o= f these > technologies > =C2=A0 =C2=A0 > is useful by itself, but they can easily be defeate= d by > deployment > =C2=A0 =C2=A0 > mistakes. For example: > > You are spot on. > But, even your four points muddle things. > There were meant as examples, so people quickly recognize that we do have a problem. It is very true that different classes of attackers have different views of the system, and that some defenses deter some attackers while being bypassed by others. But I was writing a short email, not a textbook... > > We need some diagrams that we can all agree upon, and we need to > name the > different observers. > > Each thing defends against different kinds of observers, and not al= l > observers can see all things. > Some observers may collaborate (I invoke, the WWII French > resistance emotion > for this term...) > Some observers may have strong reasons not to. > > =C2=A0 =C2=A0 > 1) Using the same IP address with different MAC add= resses > negates a lot > =C2=A0 =C2=A0 > of the benefits of randomized MAC addresses, > > This assumes that a single observer can observe both at the same ti= me. > WEP++ leaves MAC addresses visible, but encrypts the rest of L3 > content. > > > Any host/interface that uses ARP (not sure whether any flavor of WiFi > does, or if so which flavors), exposes the L3/L2 mapping.=C2=A0 > So, wired IPv4 for certain (except in very locked-down enterprise > settings with static MAC addresses, perhaps) leaks this information to > every host on the same broadcast domain (same subnet and possibly > additional subnets on the same LAN/VLAN). Yes. Michael has a point, though. Consider enterprise Wi-Fi network, typically access controlled using 802.1x. Then, consider an attacker who want to track which department of the enterprise is active on what project. The attacker have not penetrated the network, maybe because they don't want risk getting caught doing blatantly illegal stuff. They are merely listening to the radio waves. They can see the MAC addresses, which are outside the Wi-Fi encryption envelope, but they cannot see the IP headers, which are encrypted. In the absence of MAC address randomization, these MAC addresses still provide them with interesting information, such as the graph of who connects to whom, or maybe what type of hardware is being used. If a device is used inside and outside the enterprise, the attackers could monitor outside activity and identify the device owner, and then add that to the communication graph. MAC address randomization will be a big deterrent for this class of attackers. > > ARP L2 broadcasts solicit information about IP addresses, and at a > minimum each such query exposes its own MAC and IP address. Responses > may be unicast or broadcast, not sure which. > An active compromised host can easily solicit that information by > iterating over all the IP addresses on the subnet and performing an > ARP for each one. Yes, that's another class of attackers, those that have access to the link. For those, defense requires coordinated use of MAC address randomization and IP address selection. And yes to both of you, the threat model does require modeling the capacities of attackers. That's work. -- Christian Huitema --------------79D2D7C80BA7374FFADDBDDD Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit


On 9/29/2020 10:59 AM, Brian Dickson wrote:

On Tue, Sep 29, 2020 at 10:30 AM Michael Richardson <mcr@sandelman.ca> wrote:
Christian Huitema <huitema@huitema.net> wrote:
    > Martin is making an important point here. There are a number of privacy
    > enhancing technologies deployed at different layers: MAC address
    > randomization at L2, Privacy addresses at L3, various forms of
    > encryption and compartments at L4 and above. Each of these technologies
    > is useful by itself, but they can easily be defeated by deployment
    > mistakes. For example:

You are spot on.
But, even your four points muddle things.

There were meant as examples, so people quickly recognize that we do have a problem. It is very true that different classes of attackers have different views of the system, and that some defenses deter some attackers while being bypassed by others. But I was writing a short email, not a textbook...



We need some diagrams that we can all agree upon, and we need to name the
different observers.

Each thing defends against different kinds of observers, and not all
observers can see all things.
Some observers may collaborate (I invoke, the WWII French resistance emotion
for this term...)
Some observers may have strong reasons not to.

    > 1) Using the same IP address with different MAC addresses negates a lot
    > of the benefits of randomized MAC addresses,

This assumes that a single observer can observe both at the same time.
WEP++ leaves MAC addresses visible, but encrypts the rest of L3 content.

Any host/interface that uses ARP (not sure whether any flavor of WiFi does, or if so which flavors), exposes the L3/L2 mapping. 
So, wired IPv4 for certain (except in very locked-down enterprise settings with static MAC addresses, perhaps) leaks this information to every host on the same broadcast domain (same subnet and possibly additional subnets on the same LAN/VLAN).

Yes. Michael has a point, though. Consider enterprise Wi-Fi network, typically access controlled using 802.1x. Then, consider an attacker who want to track which department of the enterprise is active on what project. The attacker have not penetrated the network, maybe because they don't want risk getting caught doing blatantly illegal stuff. They are merely listening to the radio waves. They can see the MAC addresses, which are outside the Wi-Fi encryption envelope, but they cannot see the IP headers, which are encrypted. In the absence of MAC address randomization, these MAC addresses still provide them with interesting information, such as the graph of who connects to whom, or maybe what type of hardware is being used. If a device is used inside and outside the enterprise, the attackers could monitor outside activity and identify the device owner, and then add that to the communication graph. MAC address randomization will be a big deterrent for this class of attackers.



ARP L2 broadcasts solicit information about IP addresses, and at a minimum each such query exposes its own MAC and IP address. Responses may be unicast or broadcast, not sure which.
An active compromised host can easily solicit that information by iterating over all the IP addresses on the subnet and performing an ARP for each one.

Yes, that's another class of attackers, those that have access to the link. For those, defense requires coordinated use of MAC address randomization and IP address selection.

And yes to both of you, the threat model does require modeling the capacities of attackers. That's work.

-- Christian Huitema

--------------79D2D7C80BA7374FFADDBDDD-- From nobody Tue Sep 29 12:41:53 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 587433A1134 for ; Tue, 29 Sep 2020 12:41:49 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dC6FH4aCc210 for ; Tue, 29 Sep 2020 12:41:48 -0700 (PDT) Received: from p3plsmtpa11-05.prod.phx3.secureserver.net (p3plsmtpa11-05.prod.phx3.secureserver.net [68.178.252.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44EBE3A112A for ; Tue, 29 Sep 2020 12:41:48 -0700 (PDT) Received: from spectre ([173.8.184.78]) by :SMTPAUTH: with ESMTPSA id NLTIk1xj8kRKwNLTIkwuKj; Tue, 29 Sep 2020 12:39:32 -0700 X-CMAE-Analysis: v=2.3 cv=evyhMbhX c=1 sm=1 tr=0 a=PF7/PIuz6ZQ4FM3W1XNKAQ==:117 a=PF7/PIuz6ZQ4FM3W1XNKAQ==:17 a=IkcTkHD0fZMA:10 a=o83nqyVRAAAA:8 a=6Lgoe55huvWZ-8dSPcoA:9 a=EThZy5eMZ9Hr5_Nw:21 a=13DVRkTq51rSF8sD:21 a=QEXdDO2ut3YA:10 X-SECURESERVER-ACCT: peter@akayla.com From: "Peter Yee" To: "'Stephen Farrell'" Cc: , , References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> In-Reply-To: <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> Date: Tue, 29 Sep 2020 12:39:49 -0700 Message-ID: <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Outlook 14.0 Thread-Index: AQMHIWUk3ciIMSy+Ss7YNBHgXXt5/gGSEnqMAflLC+oA6RQusQHYWI0ZAS8ICnUArPZkDgJvHT9eAbl9DyEB4Jvk7wE4jiV8AZ9CTuamlpsyUA== Content-Language: en-us X-CMAE-Envelope: MS4wfOh4SnuqvmRHVLvkcVgI3eDPXUtuI5T43gkWftT6cQq8z0yiE/m7Nh2/Jul5rE7XkGQ9livU3R7MNlWfy2gwd+kQaCCViujJQGwsPC8VKWu4mHpvgRH4 uQEciIgxI3suc9NkACTo32csY/C4gP5zJdvNb7svzkHV7Qb7JILT3MooycAwt0e58UzIzd1tS3dBr0qBJTDsbaDvuYC/HW7pNTalro1YMkIUhWuGtIsXPuhL 65yz35vXV2gVEoM9mhiprQ== Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 19:41:52 -0000 On 29/09/2020 12:03, Stephen Farrell wrote: > More on-topic, I do think MAC address randomisation has a role to play = for WiFi as it does for BLE, but yes there is a lack of guidance as to = how to implement and deploy such techniques well. It's a bit tricky = though as it's fairly OS dependent so maybe not really in scope for the = IETF? > (For the last 3 years I've set a possible student project in this = space, but each time a student has considered it, it turned out "too = hard";-) As I mentioned previously, IEEE 802.11 is looking into this area, both = from an operational perspective and from a privacy perspective. New IEEE = 802.11 amendments (IEEE 802.11bh and IEEE 802.11bi, if approved) are = being discussed. The (very) high-level documents describing each can be = found at [1] and [2]. I would be happy to convey input to IEEE 802.11 = regarding either document, particularly in regards to layers 3 and = above. Without wishing to open up a can of worms about meeting fees, I = will note that IEEE 802.11 is currently not charging for its online = meetings, so if anyone wishes to take part in the random MAC address = discussions directly, the next meeting will be held in early November. = The RCM Study Group met yesterday morning (Americas) and will meet again = in two weeks. See [3]. -Peter [1] = https://mentor.ieee.org/802.11/dcn/20/11-20-0742-04-0rcm-proposed-par-dra= ft.docx [2] = https://mentor.ieee.org/802.11/dcn/20/11-20-0854-06-0rcm-par-proposal-for= -privacy.pdf [3] = https://mentor.ieee.org/802.11/dcn/20/11-20-0995-10-0rcm-rcm-sg-agenda.pp= tx From nobody Tue Sep 29 12:56:29 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E96F3A1129; Tue, 29 Sep 2020 12:56:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RDkzW221cao4; Tue, 29 Sep 2020 12:56:19 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 150BD3A1123; Tue, 29 Sep 2020 12:56:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id CE992389D5; Tue, 29 Sep 2020 16:01:11 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id GszqmttehTZk; Tue, 29 Sep 2020 16:01:11 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4D5C4389D4; Tue, 29 Sep 2020 16:01:11 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 67A9150C; Tue, 29 Sep 2020 15:56:17 -0400 (EDT) From: Michael Richardson To: Stephen Farrell cc: Brian Dickson , "captive-portals\@ietf.org" , "homenet\@ietf.org" , "int-area\@ietf.org" In-Reply-To: <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 19:56:21 -0000 --=-=-= Content-Type: text/plain Stephen Farrell wrote: > On 29/09/2020 19:41, Michael Richardson wrote: >> It will be good if we can get a document from the MAC randomization >> proponents (if there is such a group), to explain the thread profile. >> I don't think it includes active compromised hosts. > That is a problem yes. I no longer think "compromised host" is the > correct term there though. In the case of android, we found google play > services regularly calls home linking all these identifiers and more > (phone#, sim serial, imei...) [1] for Google's own uses. I'd be very I feel that you have confounded two things, and I don't think it's helpful. I won't dispute your observatrions about surveillance capitalism, but I feel that you've sensationalized what I thought was a pretty specific technical point. Namely: You can't see into the L3 layer of WIFI, even when there are ARP broadcasts, unless your are also part of that L2 network. I'm sure that Google Play calls home and tells Google all the your L2/L3/IMEI/etc. I don't doubt it. I don't see how this relates to a local passive eavesdropping observing the L2 frames with the encrypted L3. One not involved with the operation of the wifi, nor connected to that link. Unless you are saying that Google Play operates as active eavesdropper on all the networks on which it is connected? I.e. it sends the L2/L3 mappings for all devices on that network? > More on-topic, I do think MAC address randomisation has a role to play > for WiFi as it does for BLE, but yes there is a lack of guidance as to > how to implement and deploy such techniques well. It's a bit tricky > though as it's fairly OS dependent so maybe not really in scope for the > IETF? The IEEE has a spec on how to do MAC address ramdomization. It says nothing about how to automatically update the accept-list rules created by RFC8520, or RFC8908/RFC8910 (CAPPORT). Or EAP-FOO. > (For the last 3 years I've set a possible student project in > this space, but each time a student has considered it, it turned out > "too hard";-) :-( -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl9zkWEACgkQgItw+93Q 3WVPtgf/ZqlTNXTrxRww7nngYMobfJGgcHAUnusKrpNuhk5zVWHF+tnFE/CTz8Gg 3hvXFKBv9AxoVbfT9cI5DPg8BwYrrDoQ/L0d7tL519Q8EDFmESeVP6e/aQAe3+H5 znggTv5cvFQjPYJ0gSSaCidHKvymsPFSni2YPjaHOkt0yxx/O5h/7Uova8OhEAPu Fkww4O4WTvfNmdsefxKOBFCx6VdQRp4OjCtBzhQ3WAaaGLGOsyTZTOPP6JV2jZVk Jv8hImk4gcfqzfkkQmjijJZD4DQawZFK1meeQDjXbEDhjleXtXHfPZPtQ9rqLPqA 41wMYsNzVM4U7c8SDr7dALF7TOz0TQ== =hU2y -----END PGP SIGNATURE----- --=-=-=-- From nobody Tue Sep 29 13:10:52 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B160F3A113B for ; Tue, 29 Sep 2020 13:10:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.298 X-Spam-Level: X-Spam-Status: No, score=-3.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ieee.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XAfeZL5Q4VtG for ; Tue, 29 Sep 2020 13:10:41 -0700 (PDT) Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3025A3A113C for ; Tue, 29 Sep 2020 13:10:41 -0700 (PDT) Received: by mail-io1-xd29.google.com with SMTP id m17so6215552ioo.1 for ; Tue, 29 Sep 2020 13:10:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DxPESRM2XScl63SBNDAd48Y2HEIkWfmACREHiRAdr8M=; b=dzrfNG0C4T1Cm/iBPLZtSNZkugqRx7wll+VS3+yLB7Z9KVC0rn6JDvcchGfGcEPfL3 qCgwHm6Wc9a5rPHGp1iTkELodfvRBafa8JBHL3SFLIJ7fnv3B/21XfJJk3rhlAgvTtjY XML2u9HWNN9JXmSavHYchWdb8/kqYmHr4vIyo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DxPESRM2XScl63SBNDAd48Y2HEIkWfmACREHiRAdr8M=; b=cWwZzqDy3Bpi7HCS/rL8+Z9mUUri+9uVDTRGMBCmIe1wkOzvPc0ukqM+O2UiggC3yN uJzWs0IB6C093BPznn7bHTVl1yZhxwZUnpSd3FZrJX09FSczCCmnbAg/bs+j0hiZX4vj ASn9F38sOMUPiQj9pvLUAjHD+6uI4MonAG1K10iQ/ESXDos61l63W9xjTs+vQuc6LzCH Zgx90acTA9FZqBBQcfWeFaCiz/MaVIi+bWA+9qz/9nC/sf2XI7dyosguiogWZfyNqIYp Ue5JqinoH/ZddEVb2wf/kfNThjpyb6UmN9S/XLMR/gF82F8uIuXop3ET2CeVW4SDjonh KJ+Q== X-Gm-Message-State: AOAM532wZEM6COMuldWZsviTTBzPjRY4KcFjvdiw6UP5/GtroGgcbyPu bOXsAXlNGZy8W/U3sikubuKDTnn9kajNh2qujnerYyKMvqv3tg== X-Google-Smtp-Source: ABdhPJyfrD3+O/bBtnjcbqN/pFp3IRDGBIFptMBkF0kufv8Z18MdG/nodATorDpB85zr1+AYsBo8ybtPf48Ht7z+VPg= X-Received: by 2002:a5e:8c0c:: with SMTP id n12mr3782440ioj.147.1601410240274; Tue, 29 Sep 2020 13:10:40 -0700 (PDT) MIME-Version: 1.0 References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com> In-Reply-To: <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com> From: Juan Carlos Zuniga Date: Tue, 29 Sep 2020 16:10:28 -0400 Message-ID: To: Peter Yee Cc: Stephen Farrell , captive-portals@ietf.org, homenet@ietf.org, int-area@ietf.org Content-Type: multipart/alternative; boundary="00000000000083256905b0796086" Archived-At: Subject: Re: [Captive-portals] [Int-area] [homenet] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 20:10:44 -0000 --00000000000083256905b0796086 Content-Type: text/plain; charset="UTF-8" Indeed, this is a continuation of the work started at IEEE 802 back in 2014 after the STRINT Workshop pre-IETF 89 [1] [2]. So far IEEE 802 has developed the (soon to be published) 802E Privacy Recommendations [3], the recommended use of MAC address randomization in 802c [4], and now the work in 802.11 that Peter points out. We carried out the experiment on the IETF (x2) and IEEE 802 Wi-Fi meeting networks and we published some results at the time [5]. Even though we found some very minor impact on DHCP, the experiment showed that MAC address randomization worked fine. However, as we pointed out the Privacy issues should not stop at L3. If there is a good take away from that work, it is that Privacy cannot be solved at a single layer, and effective solutions should be system-wide. Juan Carlos [1] https://mentor.ieee.org/802-ec/dcn/14/ec-14-0043-01-00EC-internet-privacy-tutorial.pdf [2] http://www.ieee802.org/PrivRecsg/ [3] https://1.ieee802.org/security/802e/ [4] https://ieeexplore.ieee.org/document/8016709 [5] https://ieeexplore.ieee.org/abstract/document/7390443/ pre-print: https://www.it.uc3m.es/cjbc/papers/pdf/2015_bernardos_cscn_privacy.pdf On Tue, Sep 29, 2020 at 3:40 PM Peter Yee wrote: > On 29/09/2020 12:03, Stephen Farrell wrote: > > > More on-topic, I do think MAC address randomisation has a role to play > for WiFi as it does for BLE, but yes there is a lack of guidance as to how > to implement and deploy such techniques well. It's a bit tricky though as > it's fairly OS dependent so maybe not really in scope for the IETF? > > (For the last 3 years I've set a possible student project in this space, > but each time a student has considered it, it turned out "too hard";-) > > As I mentioned previously, IEEE 802.11 is looking into this area, both > from an operational perspective and from a privacy perspective. New IEEE > 802.11 amendments (IEEE 802.11bh and IEEE 802.11bi, if approved) are being > discussed. The (very) high-level documents describing each can be found at > [1] and [2]. I would be happy to convey input to IEEE 802.11 regarding > either document, particularly in regards to layers 3 and above. Without > wishing to open up a can of worms about meeting fees, I will note that IEEE > 802.11 is currently not charging for its online meetings, so if anyone > wishes to take part in the random MAC address discussions directly, the > next meeting will be held in early November. The RCM Study Group met > yesterday morning (Americas) and will meet again in two weeks. See [3]. > > -Peter > > [1] > https://mentor.ieee.org/802.11/dcn/20/11-20-0742-04-0rcm-proposed-par-draft.docx > [2] > https://mentor.ieee.org/802.11/dcn/20/11-20-0854-06-0rcm-par-proposal-for-privacy.pdf > [3] > https://mentor.ieee.org/802.11/dcn/20/11-20-0995-10-0rcm-rcm-sg-agenda.pptx > > > > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area > --00000000000083256905b0796086 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Indeed, this is a con= tinuation of the work started at IEEE 802 back in 2014 after the STRINT Workshop pre-IETF 89 [1] [2].

=C2=A0

So far IEEE 802 has developed the (soo= n to be published) 802E Privacy Recommendations [3], the recommended use of MAC address randomization in 802c [4], and now the work in 802.11 that Peter points out= .

=C2=A0

We carried out the experiment on the I= ETF (x2) and IEEE 802 Wi-Fi meeting networks and we published some results at the time [5]. Even = though we found some very minor impact on DHCP, the experiment showed that MAC addres= s randomization=C2=A0worked fine. However, as we pointed out the Privacy is= sues should not stop at L3.

=C2=A0

If there is a good take away from that= work, it is that Privacy cannot be solved at a single layer, and effective solutions should be syste= m-wide.

=C2=A0

Juan Carlos

=C2=A0

=C2=A0

[1] https://mentor.ieee.org/802-ec/dcn/14/ec-14-0043-01-00E= C-internet-privacy-tutorial.pdf =C2=A0=C2=A0

[2] http://www.ieee802.org/PrivRecsg/= =C2=A0

[3] https://1.ieee802.org/security= /802e/ =C2=A0

[4] https://ieeexplore.iee= e.org/document/8016709 =C2=A0

[5] https://ieeexplore.ieee.org/abstract/document/7390443/ =C2=A0pre-print: https://www.it.uc3m.= es/cjbc/papers/pdf/2015_bernardos_cscn_privacy.pdf


On Tue, Sep 29, 2020 at 3:40 PM Peter Yee <peter@akayla.com> wrote:
On 29/09/2020 12:03, Stephen Farrell wrot= e:

> More on-topic, I do think MAC address randomisation has a role to play= for WiFi as it does for BLE, but yes there is a lack of guidance as to how= to implement and deploy such techniques well. It's a bit tricky though= as it's fairly OS dependent so maybe not really in scope for the IETF?=
> (For the last 3 years I've set a possible student project in this = space, but each time a student has considered it, it turned out "too h= ard";-)

As I mentioned previously, IEEE 802.11 is looking into this area, both from= an operational perspective and from a privacy perspective. New IEEE 802.11= amendments (IEEE 802.11bh and IEEE 802.11bi, if approved) are being discus= sed. The (very) high-level documents describing each can be found at [1] an= d [2]. I would be happy to convey input to IEEE 802.11 regarding either doc= ument, particularly in regards to layers 3 and above. Without wishing to op= en up a can of worms about meeting fees, I will note that IEEE 802.11 is cu= rrently not charging for its online meetings, so if anyone wishes to take p= art in the random MAC address discussions directly, the next meeting will b= e held in early November. The RCM Study Group met yesterday morning (Americ= as) and will meet again in two weeks. See [3].

=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -Peter

[1] https://mentor.i= eee.org/802.11/dcn/20/11-20-0742-04-0rcm-proposed-par-draft.docx
[2] https://men= tor.ieee.org/802.11/dcn/20/11-20-0854-06-0rcm-par-proposal-for-privacy.pdf<= /a>
[3]
https://mentor.ieee.o= rg/802.11/dcn/20/11-20-0995-10-0rcm-rcm-sg-agenda.pptx



_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
--00000000000083256905b0796086-- From nobody Tue Sep 29 13:48:57 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1287D3A1186; Tue, 29 Sep 2020 13:48:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.212 X-Spam-Level: X-Spam-Status: No, score=-2.212 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vJVfolGM7wNW; Tue, 29 Sep 2020 13:48:53 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 798593A1185; Tue, 29 Sep 2020 13:48:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id CAD29BE3E; Tue, 29 Sep 2020 21:48:49 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jx1VrqLhTOWz; Tue, 29 Sep 2020 21:48:44 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 26295BE2F; Tue, 29 Sep 2020 21:48:44 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1601412524; bh=btQVOltNVdpQtX3kX1nDmv9nRVFae0dLST1Pyn7xn5A=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=jVBy6QT+NKPI0nfo+48ViNBQC+iUx0Zl7Ije12rqFnFzPrB1wuWKkg41L4yaJ+fvw EXaq2g2Wo9PclogZOoJNgspcj97rgdhDaVqKzr5qRv7IVdAxJ7HqGyJ3wNGl4pmr6A hY1KyFQpGR+3mm2oIYrwG1hDCy0jcSOkz5V12/tU= To: Michael Richardson Cc: "int-area@ietf.org" , "homenet@ietf.org" , "captive-portals@ietf.org" , Brian Dickson References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <23594.1601409377@localhost> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: Date: Tue, 29 Sep 2020 21:48:43 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <23594.1601409377@localhost> Content-Type: multipart/mixed; boundary="------------B67FB6A03C527AF81F75DAAD" Content-Language: en-US Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 20:48:56 -0000 This is a multi-part message in MIME format. --------------B67FB6A03C527AF81F75DAAD Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hiya, On 29/09/2020 20:56, Michael Richardson wrote: > > Stephen Farrell wrote: > > > On 29/09/2020 19:41, Michael Richardson wrote: > >> It will be good if we can get a document from the MAC randomization > >> proponents (if there is such a group), to explain the thread profile. > >> I don't think it includes active compromised hosts. > > > That is a problem yes. I no longer think "compromised host" is the > > correct term there though. In the case of android, we found google play > > services regularly calls home linking all these identifiers and more > > (phone#, sim serial, imei...) [1] for Google's own uses. I'd be very > > I feel that you have confounded two things, and I don't think it's helpful. > I won't dispute your observatrions about surveillance capitalism, but I feel > that you've sensationalized what I thought was a pretty specific technical > point. Namely: > You can't see into the L3 layer of WIFI, even when there are > ARP broadcasts, unless your are also part of that L2 network. I disagree about sensationalising, obviously;-) The point is that we tended to think of a compromised host as one that had been subject to a successful attack often run by an unknown party. For mobile phones, the privacy adversary seems more often to be an entity that the phone user has accepted one way or another, whether that be the OS or handset vendor or whoever wrote that cute spirit- level app. > > I'm sure that Google Play calls home and tells Google all the your > L2/L3/IMEI/etc. I don't doubt it. > > I don't see how this relates to a local passive eavesdropping observing the > L2 frames with the encrypted L3. One not involved with the operation > of the wifi, nor connected to that link. The MAC address and other identifiers are payload with the source IP address and thus correlated at the destination without having to locally eavesdrop. But they can be used to later correlate with the local eavesdropper's data, probably after that's also been centralised (perhaps via another app using the same SDK). > > Unless you are saying that Google Play operates as active eavesdropper on all > the networks on which it is connected? I.e. it sends the L2/L3 mappings for > all devices on that network? I don't believe google do that for that attack, but they can correlate the MAC and IP addresses, yes, for all the devices on a n/w running their OS. > > > More on-topic, But yeah the above is a bit off-topic, except that it shows there's a *lot* more to do in the mobile context to get benefit from address randomisation. S. PS: to be clear - the above's not really anti-google - we've seen similar looking traffic from handset vendors' pre-installed s/w too. > I do think MAC address randomisation has a role to play > > for WiFi as it does for BLE, but yes there is a lack of guidance as to > > how to implement and deploy such techniques well. It's a bit tricky > > though as it's fairly OS dependent so maybe not really in scope for the > > IETF? > > The IEEE has a spec on how to do MAC address ramdomization. > It says nothing about how to automatically update the accept-list rules > created by RFC8520, or RFC8908/RFC8910 (CAPPORT). Or EAP-FOO. > > > (For the last 3 years I've set a possible student project in > > this space, but each time a student has considered it, it turned out > > "too hard";-) > > :-( > > -- > ] Never tell me the odds! | ipv6 mesh networks [ > ] Michael Richardson, Sandelman Software Works | IoT architect [ > ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ > > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > --------------B67FB6A03C527AF81F75DAAD Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =YzQY -----END PGP PUBLIC KEY BLOCK----- --------------B67FB6A03C527AF81F75DAAD-- From nobody Tue Sep 29 14:04:51 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFF823A1198; Tue, 29 Sep 2020 14:04:46 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nN9CrhsuQ44G; Tue, 29 Sep 2020 14:04:44 -0700 (PDT) Received: from nce.mail.chartercom.com (nce.mail.chartercom.com [142.136.234.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6CFF3A11A0; Tue, 29 Sep 2020 14:04:43 -0700 (PDT) IronPort-SDR: o+mBDJ/azSW5TZCLLLK15yWVijNkCn1FKl+zeFJ8kwcAeDO/tuTHOko+cZjS4nJDbGaeBOg+rD URncr3Cnugng== X-IronPort-AV: E=Sophos;i="5.77,319,1596517200"; d="scan'208,217";a="119500812" Received: from unknown (HELO NCEMEXGP002.CORP.CHARTERCOM.com) ([142.136.234.7]) by nce.mail.chartercom.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 29 Sep 2020 16:04:40 -0500 Received: from NCEMEXGP003.CORP.CHARTERCOM.COM (2002:8e88:ea08::8e88:ea08) by NCEMEXGP002.CORP.CHARTERCOM.com (2002:8e88:ea07::8e88:ea07) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 29 Sep 2020 16:04:40 -0500 Received: from NCEMEXGP003.CORP.CHARTERCOM.COM ([fe80::8c4b:a9c4:de9c:e113]) by NCEMEXGP003.CORP.CHARTERCOM.com ([fe80::8c4b:a9c4:de9c:e113%20]) with mapi id 15.00.1473.003; Tue, 29 Sep 2020 16:04:40 -0500 From: "Weil, Jason" To: Juan Carlos Zuniga , Peter Yee CC: "int-area@ietf.org" , "homenet@ietf.org" , "captive-portals@ietf.org" , Stephen Farrell Thread-Topic: [Int-area] [Captive-portals] [homenet] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWlphXK8/hPZVeSUqopGW6nlwH/KmAX8cA///MFYA= Date: Tue, 29 Sep 2020 21:04:39 +0000 Message-ID: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.10.19.200810 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [142.136.235.123] Content-Type: multipart/alternative; boundary="_000_D3230F2EE01740B3B3866593973E803Fchartercom_" MIME-Version: 1.0 Archived-At: Subject: Re: [Captive-portals] [Int-area] [homenet] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Sep 2020 21:04:47 -0000 --_000_D3230F2EE01740B3B3866593973E803Fchartercom_ Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 VGhhbmsgeW91IEp1YW4gYW5kIFBldGVyIGZvciB0aGUgbGlua3MgdG8gdGhlIHByaW9yIHdvcmsg aW4gdGhlIElFRUUgb24gdGhpcyB0b3BpYy4gSSBoYXZlIGJlZW4gZm9sbG93aW5nIFJDTSBhbmQg d2FzIGFjdHVhbGx5IGp1c3QgcmVhZGluZyBvbmUgb2YgdGhlIHB1YmxpY2x5IGF2YWlsYWJsZSBk cmFmdCB2ZXJzaW9ucyBvZiB0aGUgODAyRSBQcml2YWN5IFJlY29tbWVuZGF0aW9ucy4gVGhpcyB3 b3JrIHdpbGwgYmUgdmVyeSB1c2VmdWwgZm9yIHJlZmVyZW5jZSBvbmNlIGl0IGlzIHB1Ymxpc2hl ZC4NCg0KTXkgaW50ZXJlc3QgaW4gY29uc2lkZXJpbmcgdGhpcyB3b3JrIHdpdGhpbiB0aGUgSUVU RiBnb2VzIGRpcmVjdGx5IHRvIHRoZSBwb2ludCBzdGF0ZWQgaGVyZSBhbmQgaW4gdGhlIElFRUUg ZHJhZnQgd29yayB0aGF0IHByaXZhY3kgZG9lc27igJl0IGV4aXN0IGF0IG9uZSBsYXllciBvZiB0 aGVuIG5ldHdvcmsgYW5kIGluIGZhY3QgY292ZXJzIGFsbCBvZiB0aGVtLiBUaGUgSUVFRSBpcyBt YWtpbmcgZ29vZCBwcm9ncmVzcyBvbiBjaGFuZ2VzIHRvIDgwMiB0aGF0IGltcHJvdmUgdGhlIG9w ZXJhdGlvbiBvZiB0aGUgbmV0d29yayBhdCB0aGUgZGF0YSBsaW5rIGxheWVyLiBJIHNlZSB0aGUg V2lGaSBBbGxpYW5jZSBpcyBhbHNvIGxvb2tpbmcgYXQgb3B0aW9ucyBmb3IgaW4gaXRzIHZhcmlv dXMgc3BlY2lmaWNhdGlvbnMgYW5kIHdoaWNoIHVzZSBjYXNlcyB0aG9zZSBzcGVjcyBjYW4gYmUg YXBwbGllZCB0byBpbiB0aGUgcmVhbG0gb2YgTUFDIHJhbmRvbWl6YXRpb24gaW1wYWN0cy4NCg0K VGhlIGdvYWwgb2YgdGhpcyBCb0YgZnJvbSBteSB2aWV3cG9pbnQgaXMgdG8gZ2F1Z2UgSUVURiBj b21tdW5pdHkgaW50ZXJlc3Qgb24gaWRlbnRpZnlpbmcgYW5kIHdvcmtpbmcgIG9uIHVwZGF0ZXMs IG5ldyB3b3JrIG9yIEJDUC9zIHRoYXQgd291bGQgY2FwdHVyZSB0aGUgcHJpdmFjeSBjb25jZXJu cyBhbmQgbmVlZHMgb2YgZW5kIHVzZXJzIGFzIHdlbGwgYXMgdGhlIGltcGFjdCB0byBuZXR3b3Jr IG9wZXJhdG9ycyBhbmQgbG9jYWwgbmV0d29yayBhZG1pbmlzdHJhdG9ycyAoY2FtcHVzIG5ldHdv cmtzLCBob21lIG5ldHdvcmtzLCBwdWJsaWMgV2lGaXMgbmV0cywgZXRjKS4gQSBudW1iZXIgb2Yg YXJlYXMvV0cgd29yayBoYXZlIGFscmVhZHkgYmVlbiBicm91Z2h0IHVwIGluIHRoZSBkaXNjdXNz aW9uIG9uIHRoaXMgbGlzdC4NCg0KSSB0aGluayBzb21lIG9mIHBvaW50cyB0aGF0IGNhbWUgdXAg aW4gdGhlIElFRUUgYW5kIFdpRmkgZGlzY3Vzc2lvbnMgYXJlIGVxdWFsbHkgd29ydGggZGlzY3Vz c2luZyBpbiB0aGlzIG9yZyBpbmNsdWRpbmcgdGhlIHBlcmlvZGljaXR5IG9mIGVuZHBvaW50IGFk ZHJlc3MgKG9yIG90aGVyIOKAmHRoaW5n4oCZIHRoYXQgcmVwcmVzZW50cyBhIGRldmljZSkgY2hh bmdlLiAgVGhlIGltcGFjdCBvbiB2YXJ5aW5nIHRydXN0IG1vZGVscyB0aGF0IHdvdWxkIGFsbG93 IGFuIGVuZCB1c2VyIHRvIGNob29zZSBiZXR3ZWVuIHZhcmlvdXMgbGV2ZWxzIG9mIHRydXN0IGFu ZCB0aGUgaW1wYWN0IG9uIGhvdyBtdWNoIHRoZSBuZXR3b3JrIGlzIGFibGUgdG8gcmVtZW1iZXIg dGhlbSBpcyBhbHNvIGFuIGludGVyZXN0aW5nIGRpc2N1c3Npb24gdG9waWMuDQoNCkphc29uIFdl aWwNCg0KRnJvbTogSW50LWFyZWEgPGludC1hcmVhLWJvdW5jZXNAaWV0Zi5vcmc+IG9uIGJlaGFs ZiBvZiBKdWFuIENhcmxvcyBadW5pZ2EgPGouYy56dW5pZ2FAaWVlZS5vcmc+DQpEYXRlOiBUdWVz ZGF5LCBTZXB0ZW1iZXIgMjksIDIwMjAgYXQgNDoxMSBQTQ0KVG86IFBldGVyIFllZSA8cGV0ZXJA YWtheWxhLmNvbT4NCkNjOiAiaW50LWFyZWFAaWV0Zi5vcmciIDxpbnQtYXJlYUBpZXRmLm9yZz4s ICJob21lbmV0QGlldGYub3JnIiA8aG9tZW5ldEBpZXRmLm9yZz4sICJjYXB0aXZlLXBvcnRhbHNA aWV0Zi5vcmciIDxjYXB0aXZlLXBvcnRhbHNAaWV0Zi5vcmc+LCBTdGVwaGVuIEZhcnJlbGwgPHN0 ZXBoZW4uZmFycmVsbEBjcy50Y2QuaWU+DQpTdWJqZWN0OiBSZTogW0ludC1hcmVhXSBbQ2FwdGl2 ZS1wb3J0YWxzXSBbaG9tZW5ldF0gW0VYVEVSTkFMXSBSZTogRXZhbHVhdGUgaW1wYWN0IG9mIE1B QyBhZGRyZXNzIHJhbmRvbWl6YXRpb24gdG8gSVAgYXBwbGljYXRpb25zDQoNCkNBVVRJT046IFRo ZSBlLW1haWwgYmVsb3cgaXMgZnJvbSBhbiBleHRlcm5hbCBzb3VyY2UuIFBsZWFzZSBleGVyY2lz ZSBjYXV0aW9uIGJlZm9yZSBvcGVuaW5nIGF0dGFjaG1lbnRzLCBjbGlja2luZyBsaW5rcywgb3Ig Zm9sbG93aW5nIGd1aWRhbmNlLg0KDQpJbmRlZWQsIHRoaXMgaXMgYSBjb250aW51YXRpb24gb2Yg dGhlIHdvcmsgc3RhcnRlZCBhdCBJRUVFIDgwMiBiYWNrIGluIDIwMTQgYWZ0ZXIgdGhlIFNUUklO VCBXb3Jrc2hvcCBwcmUtSUVURiA4OSBbMV0gWzJdLg0KDQoNCg0KU28gZmFyIElFRUUgODAyIGhh cyBkZXZlbG9wZWQgdGhlIChzb29uIHRvIGJlIHB1Ymxpc2hlZCkgODAyRSBQcml2YWN5IFJlY29t bWVuZGF0aW9ucyBbM10sIHRoZSByZWNvbW1lbmRlZCB1c2Ugb2YgTUFDIGFkZHJlc3MgcmFuZG9t aXphdGlvbiBpbiA4MDJjIFs0XSwgYW5kIG5vdyB0aGUgd29yayBpbiA4MDIuMTEgdGhhdCBQZXRl ciBwb2ludHMgb3V0Lg0KDQoNCg0KV2UgY2FycmllZCBvdXQgdGhlIGV4cGVyaW1lbnQgb24gdGhl IElFVEYgKHgyKSBhbmQgSUVFRSA4MDIgV2ktRmkgbWVldGluZyBuZXR3b3JrcyBhbmQgd2UgcHVi bGlzaGVkIHNvbWUgcmVzdWx0cyBhdCB0aGUgdGltZSBbNV0uIEV2ZW4gdGhvdWdoIHdlIGZvdW5k IHNvbWUgdmVyeSBtaW5vciBpbXBhY3Qgb24gREhDUCwgdGhlIGV4cGVyaW1lbnQgc2hvd2VkIHRo YXQgTUFDIGFkZHJlc3MgcmFuZG9taXphdGlvbiB3b3JrZWQgZmluZS4gSG93ZXZlciwgYXMgd2Ug cG9pbnRlZCBvdXQgdGhlIFByaXZhY3kgaXNzdWVzIHNob3VsZCBub3Qgc3RvcCBhdCBMMy4NCg0K DQoNCklmIHRoZXJlIGlzIGEgZ29vZCB0YWtlIGF3YXkgZnJvbSB0aGF0IHdvcmssIGl0IGlzIHRo YXQgUHJpdmFjeSBjYW5ub3QgYmUgc29sdmVkIGF0IGEgc2luZ2xlIGxheWVyLCBhbmQgZWZmZWN0 aXZlIHNvbHV0aW9ucyBzaG91bGQgYmUgc3lzdGVtLXdpZGUuDQoNCg0KDQpKdWFuIENhcmxvcw0K DQoNCg0KDQoNClsxXSBodHRwczovL21lbnRvci5pZWVlLm9yZy84MDItZWMvZGNuLzE0L2VjLTE0 LTAwNDMtMDEtMDBFQy1pbnRlcm5ldC1wcml2YWN5LXR1dG9yaWFsLnBkZg0KDQpbMl0gaHR0cDov L3d3dy5pZWVlODAyLm9yZy9Qcml2UmVjc2cvDQoNClszXSBodHRwczovLzEuaWVlZTgwMi5vcmcv c2VjdXJpdHkvODAyZS8NCg0KWzRdIGh0dHBzOi8vaWVlZXhwbG9yZS5pZWVlLm9yZy9kb2N1bWVu dC84MDE2NzA5DQoNCls1XSBodHRwczovL2llZWV4cGxvcmUuaWVlZS5vcmcvYWJzdHJhY3QvZG9j dW1lbnQvNzM5MDQ0My8gIHByZS1wcmludDogaHR0cHM6Ly93d3cuaXQudWMzbS5lcy9jamJjL3Bh cGVycy9wZGYvMjAxNV9iZXJuYXJkb3NfY3Njbl9wcml2YWN5LnBkZg0KDQpPbiBUdWUsIFNlcCAy OSwgMjAyMCBhdCAzOjQwIFBNIFBldGVyIFllZSA8cGV0ZXJAYWtheWxhLmNvbTxtYWlsdG86cGV0 ZXJAYWtheWxhLmNvbT4+IHdyb3RlOg0KT24gMjkvMDkvMjAyMCAxMjowMywgU3RlcGhlbiBGYXJy ZWxsIHdyb3RlOg0KDQo+IE1vcmUgb24tdG9waWMsIEkgZG8gdGhpbmsgTUFDIGFkZHJlc3MgcmFu ZG9taXNhdGlvbiBoYXMgYSByb2xlIHRvIHBsYXkgZm9yIFdpRmkgYXMgaXQgZG9lcyBmb3IgQkxF LCBidXQgeWVzIHRoZXJlIGlzIGEgbGFjayBvZiBndWlkYW5jZSBhcyB0byBob3cgdG8gaW1wbGVt ZW50IGFuZCBkZXBsb3kgc3VjaCB0ZWNobmlxdWVzIHdlbGwuIEl0J3MgYSBiaXQgdHJpY2t5IHRo b3VnaCBhcyBpdCdzIGZhaXJseSBPUyBkZXBlbmRlbnQgc28gbWF5YmUgbm90IHJlYWxseSBpbiBz Y29wZSBmb3IgdGhlIElFVEY/DQo+IChGb3IgdGhlIGxhc3QgMyB5ZWFycyBJJ3ZlIHNldCBhIHBv c3NpYmxlIHN0dWRlbnQgcHJvamVjdCBpbiB0aGlzIHNwYWNlLCBidXQgZWFjaCB0aW1lIGEgc3R1 ZGVudCBoYXMgY29uc2lkZXJlZCBpdCwgaXQgdHVybmVkIG91dCAidG9vIGhhcmQiOy0pDQoNCkFz IEkgbWVudGlvbmVkIHByZXZpb3VzbHksIElFRUUgODAyLjExIGlzIGxvb2tpbmcgaW50byB0aGlz IGFyZWEsIGJvdGggZnJvbSBhbiBvcGVyYXRpb25hbCBwZXJzcGVjdGl2ZSBhbmQgZnJvbSBhIHBy aXZhY3kgcGVyc3BlY3RpdmUuIE5ldyBJRUVFIDgwMi4xMSBhbWVuZG1lbnRzIChJRUVFIDgwMi4x MWJoIGFuZCBJRUVFIDgwMi4xMWJpLCBpZiBhcHByb3ZlZCkgYXJlIGJlaW5nIGRpc2N1c3NlZC4g VGhlICh2ZXJ5KSBoaWdoLWxldmVsIGRvY3VtZW50cyBkZXNjcmliaW5nIGVhY2ggY2FuIGJlIGZv dW5kIGF0IFsxXSBhbmQgWzJdLiBJIHdvdWxkIGJlIGhhcHB5IHRvIGNvbnZleSBpbnB1dCB0byBJ RUVFIDgwMi4xMSByZWdhcmRpbmcgZWl0aGVyIGRvY3VtZW50LCBwYXJ0aWN1bGFybHkgaW4gcmVn YXJkcyB0byBsYXllcnMgMyBhbmQgYWJvdmUuIFdpdGhvdXQgd2lzaGluZyB0byBvcGVuIHVwIGEg Y2FuIG9mIHdvcm1zIGFib3V0IG1lZXRpbmcgZmVlcywgSSB3aWxsIG5vdGUgdGhhdCBJRUVFIDgw Mi4xMSBpcyBjdXJyZW50bHkgbm90IGNoYXJnaW5nIGZvciBpdHMgb25saW5lIG1lZXRpbmdzLCBz byBpZiBhbnlvbmUgd2lzaGVzIHRvIHRha2UgcGFydCBpbiB0aGUgcmFuZG9tIE1BQyBhZGRyZXNz IGRpc2N1c3Npb25zIGRpcmVjdGx5LCB0aGUgbmV4dCBtZWV0aW5nIHdpbGwgYmUgaGVsZCBpbiBl YXJseSBOb3ZlbWJlci4gVGhlIFJDTSBTdHVkeSBHcm91cCBtZXQgeWVzdGVyZGF5IG1vcm5pbmcg KEFtZXJpY2FzKSBhbmQgd2lsbCBtZWV0IGFnYWluIGluIHR3byB3ZWVrcy4gU2VlIFszXS4NCg0K ICAgICAgICAgICAgICAgIC1QZXRlcg0KDQpbMV0gaHR0cHM6Ly9tZW50b3IuaWVlZS5vcmcvODAy LjExL2Rjbi8yMC8xMS0yMC0wNzQyLTA0LTByY20tcHJvcG9zZWQtcGFyLWRyYWZ0LmRvY3gNClsy XSBodHRwczovL21lbnRvci5pZWVlLm9yZy84MDIuMTEvZGNuLzIwLzExLTIwLTA4NTQtMDYtMHJj bS1wYXItcHJvcG9zYWwtZm9yLXByaXZhY3kucGRmDQpbM10gaHR0cHM6Ly9tZW50b3IuaWVlZS5v cmcvODAyLjExL2Rjbi8yMC8xMS0yMC0wOTk1LTEwLTByY20tcmNtLXNnLWFnZW5kYS5wcHR4DQoN Cg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KSW50 LWFyZWEgbWFpbGluZyBsaXN0DQpJbnQtYXJlYUBpZXRmLm9yZzxtYWlsdG86SW50LWFyZWFAaWV0 Zi5vcmc+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2ludC1hcmVhDQpF LU1BSUwgQ09ORklERU5USUFMSVRZIE5PVElDRTogDQpUaGUgY29udGVudHMgb2YgdGhpcyBlLW1h aWwgbWVzc2FnZSBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBpbnRlbmRlZCBzb2xlbHkgZm9yIHRo ZSBhZGRyZXNzZWUocykgYW5kIG1heSBjb250YWluIGNvbmZpZGVudGlhbCBhbmQvb3IgbGVnYWxs eSBwcml2aWxlZ2VkIGluZm9ybWF0aW9uLiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVj aXBpZW50IG9mIHRoaXMgbWVzc2FnZSBvciBpZiB0aGlzIG1lc3NhZ2UgaGFzIGJlZW4gYWRkcmVz c2VkIHRvIHlvdSBpbiBlcnJvciwgcGxlYXNlIGltbWVkaWF0ZWx5IGFsZXJ0IHRoZSBzZW5kZXIg YnkgcmVwbHkgZS1tYWlsIGFuZCB0aGVuIGRlbGV0ZSB0aGlzIG1lc3NhZ2UgYW5kIGFueSBhdHRh Y2htZW50cy4gSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgeW91IGFyZSBu b3RpZmllZCB0aGF0IGFueSB1c2UsIGRpc3NlbWluYXRpb24sIGRpc3RyaWJ1dGlvbiwgY29weWlu Zywgb3Igc3RvcmFnZSBvZiB0aGlzIG1lc3NhZ2Ugb3IgYW55IGF0dGFjaG1lbnQgaXMgc3RyaWN0 bHkgcHJvaGliaXRlZC4K --_000_D3230F2EE01740B3B3866593973E803Fchartercom_ Content-Type: text/html; charset="utf-8" Content-ID: <89AAE67CE62A12408DCB6BB8463DA48D@charter.com> MIME-Version: 1.0 Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2 IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy aW9yaXR5Ojk5Ow0KCWNvbG9yOmJsdWU7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQph OnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9yaXR5 Ojk5Ow0KCWNvbG9yOnB1cnBsZTsNCgl0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lO30NCnAubXNv bm9ybWFsMCwgbGkubXNvbm9ybWFsMCwgZGl2Lm1zb25vcm1hbDANCgl7bXNvLXN0eWxlLW5hbWU6 bXNvbm9ybWFsOw0KCW1zby1tYXJnaW4tdG9wLWFsdDphdXRvOw0KCW1hcmdpbi1yaWdodDowaW47 DQoJbXNvLW1hcmdpbi1ib3R0b20tYWx0OmF1dG87DQoJbWFyZ2luLWxlZnQ6MGluOw0KCWZvbnQt c2l6ZToxMS4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KcC5nbWFp bC1tc29wbGFpbnRleHQsIGxpLmdtYWlsLW1zb3BsYWludGV4dCwgZGl2LmdtYWlsLW1zb3BsYWlu dGV4dA0KCXttc28tc3R5bGUtbmFtZTpnbWFpbC1tc29wbGFpbnRleHQ7DQoJbXNvLW1hcmdpbi10 b3AtYWx0OmF1dG87DQoJbWFyZ2luLXJpZ2h0OjBpbjsNCgltc28tbWFyZ2luLWJvdHRvbS1hbHQ6 YXV0bzsNCgltYXJnaW4tbGVmdDowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWls eToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQpzcGFuLkVtYWlsU3R5bGUyMA0KCXttc28tc3R5bGUt dHlwZTpwZXJzb25hbC1yZXBseTsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsN Cgljb2xvcjp3aW5kb3d0ZXh0O30NCi5Nc29DaHBEZWZhdWx0DQoJe21zby1zdHlsZS10eXBlOmV4 cG9ydC1vbmx5Ow0KCWZvbnQtc2l6ZToxMC4wcHQ7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3Np emU6OC41aW4gMTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYu V29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+ DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iYmx1ZSIgdmxpbms9InB1cnBsZSI+DQo8ZGl2IGNs YXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+VGhhbmsgeW91IEp1YW4g YW5kIFBldGVyIGZvciB0aGUgbGlua3MgdG8gdGhlIHByaW9yIHdvcmsgaW4gdGhlIElFRUUgb24g dGhpcyB0b3BpYy4gSSBoYXZlIGJlZW4gZm9sbG93aW5nIFJDTSBhbmQgd2FzIGFjdHVhbGx5IGp1 c3QgcmVhZGluZyBvbmUgb2YgdGhlIHB1YmxpY2x5IGF2YWlsYWJsZSBkcmFmdCB2ZXJzaW9ucyBv ZiB0aGUgODAyRSBQcml2YWN5IFJlY29tbWVuZGF0aW9ucy4gVGhpcyB3b3JrIHdpbGwNCiBiZSB2 ZXJ5IHVzZWZ1bCBmb3IgcmVmZXJlbmNlIG9uY2UgaXQgaXMgcHVibGlzaGVkLiA8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+TXkgaW50ZXJlc3QgaW4gY29uc2lkZXJpbmcgdGhpcyB3b3JrIHdpdGhp biB0aGUgSUVURiBnb2VzIGRpcmVjdGx5IHRvIHRoZSBwb2ludCBzdGF0ZWQgaGVyZSBhbmQgaW4g dGhlIElFRUUgZHJhZnQgd29yayB0aGF0IHByaXZhY3kgZG9lc27igJl0IGV4aXN0IGF0IG9uZSBs YXllciBvZiB0aGVuIG5ldHdvcmsgYW5kIGluIGZhY3QgY292ZXJzIGFsbCBvZiB0aGVtLiBUaGUg SUVFRSBpcyBtYWtpbmcgZ29vZCBwcm9ncmVzcw0KIG9uIGNoYW5nZXMgdG8gODAyIHRoYXQgaW1w cm92ZSB0aGUgb3BlcmF0aW9uIG9mIHRoZSBuZXR3b3JrIGF0IHRoZSBkYXRhIGxpbmsgbGF5ZXIu IEkgc2VlIHRoZSBXaUZpIEFsbGlhbmNlIGlzIGFsc28gbG9va2luZyBhdCBvcHRpb25zIGZvciBp biBpdHMgdmFyaW91cyBzcGVjaWZpY2F0aW9ucyBhbmQgd2hpY2ggdXNlIGNhc2VzIHRob3NlIHNw ZWNzIGNhbiBiZSBhcHBsaWVkIHRvIGluIHRoZSByZWFsbSBvZiBNQUMgcmFuZG9taXphdGlvbiBp bXBhY3RzLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5UaGUgZ29hbCBvZiB0aGlzIEJvRiBmcm9t IG15IHZpZXdwb2ludCBpcyB0byBnYXVnZSBJRVRGIGNvbW11bml0eSBpbnRlcmVzdCBvbiBpZGVu dGlmeWluZyBhbmQgd29ya2luZyAmbmJzcDtvbiB1cGRhdGVzLCBuZXcgd29yayBvciBCQ1AvcyB0 aGF0IHdvdWxkIGNhcHR1cmUgdGhlIHByaXZhY3kgY29uY2VybnMgYW5kIG5lZWRzIG9mIGVuZCB1 c2VycyBhcyB3ZWxsIGFzIHRoZSBpbXBhY3QgdG8gbmV0d29yayBvcGVyYXRvcnMNCiBhbmQgbG9j YWwgbmV0d29yayBhZG1pbmlzdHJhdG9ycyAoY2FtcHVzIG5ldHdvcmtzLCBob21lIG5ldHdvcmtz LCBwdWJsaWMgV2lGaXMgbmV0cywgZXRjKS4gQSBudW1iZXIgb2YgYXJlYXMvV0cgd29yayBoYXZl IGFscmVhZHkgYmVlbiBicm91Z2h0IHVwIGluIHRoZSBkaXNjdXNzaW9uIG9uIHRoaXMgbGlzdC4N CjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5JIHRoaW5rIHNvbWUgb2YgcG9pbnRzIHRoYXQgY2Ft ZSB1cCBpbiB0aGUgSUVFRSBhbmQgV2lGaSBkaXNjdXNzaW9ucyBhcmUgZXF1YWxseSB3b3J0aCBk aXNjdXNzaW5nIGluIHRoaXMgb3JnIGluY2x1ZGluZyB0aGUgcGVyaW9kaWNpdHkgb2YgZW5kcG9p bnQgYWRkcmVzcyAob3Igb3RoZXIg4oCYdGhpbmfigJkgdGhhdCByZXByZXNlbnRzIGEgZGV2aWNl KSBjaGFuZ2UuICZuYnNwO1RoZSBpbXBhY3Qgb24gdmFyeWluZyB0cnVzdA0KIG1vZGVscyB0aGF0 IHdvdWxkIGFsbG93IGFuIGVuZCB1c2VyIHRvIGNob29zZSBiZXR3ZWVuIHZhcmlvdXMgbGV2ZWxz IG9mIHRydXN0IGFuZCB0aGUgaW1wYWN0IG9uIGhvdyBtdWNoIHRoZSBuZXR3b3JrIGlzIGFibGUg dG8gcmVtZW1iZXIgdGhlbSBpcyBhbHNvIGFuIGludGVyZXN0aW5nIGRpc2N1c3Npb24gdG9waWMu ICZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PGJyPg0KSmFzb24g V2VpbCAmbmJzcDsmbmJzcDsmbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3Jt YWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVyOm5vbmU7Ym9yZGVy LXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGluIDBpbiAwaW4iPg0KPHAg Y2xhc3M9Ik1zb05vcm1hbCI+PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6 YmxhY2siPkZyb206IDwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29s b3I6YmxhY2siPkludC1hcmVhICZsdDtpbnQtYXJlYS1ib3VuY2VzQGlldGYub3JnJmd0OyBvbiBi ZWhhbGYgb2YgSnVhbiBDYXJsb3MgWnVuaWdhICZsdDtqLmMuenVuaWdhQGllZWUub3JnJmd0Ozxi cj4NCjxiPkRhdGU6IDwvYj5UdWVzZGF5LCBTZXB0ZW1iZXIgMjksIDIwMjAgYXQgNDoxMSBQTTxi cj4NCjxiPlRvOiA8L2I+UGV0ZXIgWWVlICZsdDtwZXRlckBha2F5bGEuY29tJmd0Ozxicj4NCjxi PkNjOiA8L2I+JnF1b3Q7aW50LWFyZWFAaWV0Zi5vcmcmcXVvdDsgJmx0O2ludC1hcmVhQGlldGYu b3JnJmd0OywgJnF1b3Q7aG9tZW5ldEBpZXRmLm9yZyZxdW90OyAmbHQ7aG9tZW5ldEBpZXRmLm9y ZyZndDssICZxdW90O2NhcHRpdmUtcG9ydGFsc0BpZXRmLm9yZyZxdW90OyAmbHQ7Y2FwdGl2ZS1w b3J0YWxzQGlldGYub3JnJmd0OywgU3RlcGhlbiBGYXJyZWxsICZsdDtzdGVwaGVuLmZhcnJlbGxA Y3MudGNkLmllJmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5SZTogW0ludC1hcmVhXSBbQ2FwdGl2 ZS1wb3J0YWxzXSBbaG9tZW5ldF0gW0VYVEVSTkFMXSBSZTogRXZhbHVhdGUgaW1wYWN0IG9mIE1B QyBhZGRyZXNzIHJhbmRvbWl6YXRpb24gdG8gSVAgYXBwbGljYXRpb25zPG86cD48L286cD48L3Nw YW4+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8 L286cD48L3A+DQo8L2Rpdj4NCjxkaXYgc3R5bGU9ImJvcmRlcjpzb2xpZCAjNUE1QTVBIDEuMHB0 O3BhZGRpbmc6Mi4wcHQgMi4wcHQgMi4wcHQgMi4wcHQiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIg c3R5bGU9Im1zby1tYXJnaW4tdG9wLWFsdDphdXRvO21zby1tYXJnaW4tYm90dG9tLWFsdDphdXRv O2xpbmUtaGVpZ2h0OjEyLjBwdDtiYWNrZ3JvdW5kOiMyMzVDNzAiPg0KPHN0cm9uZz48c3BhbiBz dHlsZT0iZm9udC1zaXplOjEwLjBwdDtmb250LWZhbWlseTomcXVvdDtDYWxpYnJpJnF1b3Q7LHNh bnMtc2VyaWY7Y29sb3I6d2hpdGUiPkNBVVRJT046PC9zcGFuPjwvc3Ryb25nPjxzcGFuIHN0eWxl PSJmb250LXNpemU6MTAuMHB0O2NvbG9yOndoaXRlIj4gVGhlIGUtbWFpbCBiZWxvdyBpcyBmcm9t IGFuIGV4dGVybmFsIHNvdXJjZS4gUGxlYXNlIGV4ZXJjaXNlIGNhdXRpb24gYmVmb3JlIG9wZW5p bmcgYXR0YWNobWVudHMsIGNsaWNraW5nDQogbGlua3MsIG9yIGZvbGxvd2luZyBndWlkYW5jZS4g PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9ImdtYWlsLW1z b3BsYWludGV4dCIgc3R5bGU9Im1hcmdpbjowaW47bWFyZ2luLWJvdHRvbTouMDAwMXB0Ij5JbmRl ZWQsIHRoaXMgaXMgYSBjb250aW51YXRpb24gb2YgdGhlIHdvcmsgc3RhcnRlZCBhdCBJRUVFIDgw MiBiYWNrIGluIDIwMTQgYWZ0ZXIgdGhlIFNUUklOVCBXb3Jrc2hvcCBwcmUtSUVURiA4OSBbMV0g WzJdLjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9ImdtYWlsLW1zb3BsYWludGV4dCIgc3R5bGU9 Im1hcmdpbjowaW47bWFyZ2luLWJvdHRvbTouMDAwMXB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJnbWFpbC1tc29wbGFpbnRleHQiIHN0eWxlPSJtYXJnaW46MGluO21hcmdpbi1i b3R0b206LjAwMDFwdCI+U28gZmFyIElFRUUgODAyIGhhcyBkZXZlbG9wZWQgdGhlIChzb29uIHRv IGJlIHB1Ymxpc2hlZCkgODAyRSBQcml2YWN5IFJlY29tbWVuZGF0aW9ucyBbM10sIHRoZSByZWNv bW1lbmRlZCB1c2Ugb2YgTUFDIGFkZHJlc3MgcmFuZG9taXphdGlvbiBpbiA4MDJjIFs0XSwgYW5k IG5vdyB0aGUgd29yayBpbiA4MDIuMTEgdGhhdCBQZXRlcg0KIHBvaW50cyBvdXQuPG86cD48L286 cD48L3A+DQo8cCBjbGFzcz0iZ21haWwtbXNvcGxhaW50ZXh0IiBzdHlsZT0ibWFyZ2luOjBpbjtt YXJnaW4tYm90dG9tOi4wMDAxcHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Imdt YWlsLW1zb3BsYWludGV4dCIgc3R5bGU9Im1hcmdpbjowaW47bWFyZ2luLWJvdHRvbTouMDAwMXB0 Ij5XZSBjYXJyaWVkIG91dCB0aGUgZXhwZXJpbWVudCBvbiB0aGUgSUVURiAoeDIpIGFuZCBJRUVF IDgwMiBXaS1GaSBtZWV0aW5nIG5ldHdvcmtzIGFuZCB3ZSBwdWJsaXNoZWQgc29tZSByZXN1bHRz IGF0IHRoZSB0aW1lIFs1XS4gRXZlbiB0aG91Z2ggd2UgZm91bmQgc29tZSB2ZXJ5IG1pbm9yIGlt cGFjdCBvbiBESENQLCB0aGUNCiBleHBlcmltZW50IHNob3dlZCB0aGF0IE1BQyBhZGRyZXNzIHJh bmRvbWl6YXRpb24mbmJzcDt3b3JrZWQgZmluZS4gSG93ZXZlciwgYXMgd2UgcG9pbnRlZCBvdXQg dGhlIFByaXZhY3kgaXNzdWVzIHNob3VsZCBub3Qgc3RvcCBhdCBMMy48bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJnbWFpbC1tc29wbGFpbnRleHQiIHN0eWxlPSJtYXJnaW46MGluO21hcmdpbi1i b3R0b206LjAwMDFwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iZ21haWwtbXNv cGxhaW50ZXh0IiBzdHlsZT0ibWFyZ2luOjBpbjttYXJnaW4tYm90dG9tOi4wMDAxcHQiPklmIHRo ZXJlIGlzIGEgZ29vZCB0YWtlIGF3YXkgZnJvbSB0aGF0IHdvcmssIGl0IGlzIHRoYXQgUHJpdmFj eSBjYW5ub3QgYmUgc29sdmVkIGF0IGEgc2luZ2xlIGxheWVyLCBhbmQgZWZmZWN0aXZlIHNvbHV0 aW9ucyBzaG91bGQgYmUgc3lzdGVtLXdpZGUuPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iZ21h aWwtbXNvcGxhaW50ZXh0IiBzdHlsZT0ibWFyZ2luOjBpbjttYXJnaW4tYm90dG9tOi4wMDAxcHQi PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9ImdtYWlsLW1zb3BsYWludGV4dCIgc3R5 bGU9Im1hcmdpbjowaW47bWFyZ2luLWJvdHRvbTouMDAwMXB0Ij5KdWFuIENhcmxvcw0KPG86cD48 L286cD48L3A+DQo8cCBjbGFzcz0iZ21haWwtbXNvcGxhaW50ZXh0IiBzdHlsZT0ibWFyZ2luOjBp bjttYXJnaW4tYm90dG9tOi4wMDAxcHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 ImdtYWlsLW1zb3BsYWludGV4dCIgc3R5bGU9Im1hcmdpbjowaW47bWFyZ2luLWJvdHRvbTouMDAw MXB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJnbWFpbC1tc29wbGFpbnRleHQi IHN0eWxlPSJtYXJnaW46MGluO21hcmdpbi1ib3R0b206LjAwMDFwdCI+WzFdIDxhIGhyZWY9Imh0 dHBzOi8vbWVudG9yLmllZWUub3JnLzgwMi1lYy9kY24vMTQvZWMtMTQtMDA0My0wMS0wMEVDLWlu dGVybmV0LXByaXZhY3ktdHV0b3JpYWwucGRmIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjojMDU2M0Mx Ij5odHRwczovL21lbnRvci5pZWVlLm9yZy84MDItZWMvZGNuLzE0L2VjLTE0LTAwNDMtMDEtMDBF Qy1pbnRlcm5ldC1wcml2YWN5LXR1dG9yaWFsLnBkZjwvc3Bhbj48L2E+ICZuYnNwOyZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9ImdtYWlsLW1zb3BsYWludGV4dCIgc3R5bGU9Im1hcmdp bjowaW47bWFyZ2luLWJvdHRvbTouMDAwMXB0Ij5bMl0gPGEgaHJlZj0iaHR0cDovL3d3dy5pZWVl ODAyLm9yZy9Qcml2UmVjc2cvIj4NCjxzcGFuIHN0eWxlPSJjb2xvcjojMDU2M0MxIj5odHRwOi8v d3d3LmllZWU4MDIub3JnL1ByaXZSZWNzZy88L3NwYW4+PC9hPiAmbmJzcDs8bzpwPjwvbzpwPjwv cD4NCjxwIGNsYXNzPSJnbWFpbC1tc29wbGFpbnRleHQiIHN0eWxlPSJtYXJnaW46MGluO21hcmdp bi1ib3R0b206LjAwMDFwdCI+WzNdIDxhIGhyZWY9Imh0dHBzOi8vMS5pZWVlODAyLm9yZy9zZWN1 cml0eS84MDJlLyI+DQo8c3BhbiBzdHlsZT0iY29sb3I6IzA1NjNDMSI+aHR0cHM6Ly8xLmllZWU4 MDIub3JnL3NlY3VyaXR5LzgwMmUvPC9zcGFuPjwvYT4gJm5ic3A7PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iZ21haWwtbXNvcGxhaW50ZXh0IiBzdHlsZT0ibWFyZ2luOjBpbjttYXJnaW4tYm90 dG9tOi4wMDAxcHQiPls0XSA8YSBocmVmPSJodHRwczovL2llZWV4cGxvcmUuaWVlZS5vcmcvZG9j dW1lbnQvODAxNjcwOSI+DQo8c3BhbiBzdHlsZT0iY29sb3I6IzA1NjNDMSI+aHR0cHM6Ly9pZWVl eHBsb3JlLmllZWUub3JnL2RvY3VtZW50LzgwMTY3MDk8L3NwYW4+PC9hPiAmbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJnbWFpbC1tc29wbGFpbnRleHQiIHN0eWxlPSJtYXJnaW46MGlu O21hcmdpbi1ib3R0b206LjAwMDFwdCI+PHNwYW4gbGFuZz0iRlIiPls1XQ0KPGEgaHJlZj0iaHR0 cHM6Ly9pZWVleHBsb3JlLmllZWUub3JnL2Fic3RyYWN0L2RvY3VtZW50LzczOTA0NDMvIj48c3Bh biBzdHlsZT0iY29sb3I6IzA1NjNDMSI+aHR0cHM6Ly9pZWVleHBsb3JlLmllZWUub3JnL2Fic3Ry YWN0L2RvY3VtZW50LzczOTA0NDMvPC9zcGFuPjwvYT4gJm5ic3A7cHJlLXByaW50Og0KPGEgaHJl Zj0iaHR0cHM6Ly93d3cuaXQudWMzbS5lcy9jamJjL3BhcGVycy9wZGYvMjAxNV9iZXJuYXJkb3Nf Y3Njbl9wcml2YWN5LnBkZiI+DQo8c3BhbiBzdHlsZT0iY29sb3I6IzA1NjNDMSI+aHR0cHM6Ly93 d3cuaXQudWMzbS5lcy9jamJjL3BhcGVycy9wZGYvMjAxNV9iZXJuYXJkb3NfY3Njbl9wcml2YWN5 LnBkZjwvc3Bhbj48L2E+DQo8L3NwYW4+PG86cD48L286cD48L3A+DQo8L2Rpdj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPGRpdj4NCjxkaXY+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj5PbiBUdWUsIFNlcCAyOSwgMjAyMCBhdCAzOjQwIFBNIFBldGVyIFllZSAm bHQ7PGEgaHJlZj0ibWFpbHRvOnBldGVyQGFrYXlsYS5jb20iPnBldGVyQGFrYXlsYS5jb208L2E+ Jmd0OyB3cm90ZTo8bzpwPjwvbzpwPjwvcD4NCjwvZGl2Pg0KPGJsb2NrcXVvdGUgc3R5bGU9ImJv cmRlcjpub25lO2JvcmRlci1sZWZ0OnNvbGlkICNDQ0NDQ0MgMS4wcHQ7cGFkZGluZzowaW4gMGlu IDBpbiA2LjBwdDttYXJnaW4tbGVmdDo0LjhwdDttYXJnaW4tcmlnaHQ6MGluIj4NCjxwIGNsYXNz PSJNc29Ob3JtYWwiPk9uIDI5LzA5LzIwMjAgMTI6MDMsIFN0ZXBoZW4gRmFycmVsbCB3cm90ZTo8 YnI+DQo8YnI+DQomZ3Q7IE1vcmUgb24tdG9waWMsIEkgZG8gdGhpbmsgTUFDIGFkZHJlc3MgcmFu ZG9taXNhdGlvbiBoYXMgYSByb2xlIHRvIHBsYXkgZm9yIFdpRmkgYXMgaXQgZG9lcyBmb3IgQkxF LCBidXQgeWVzIHRoZXJlIGlzIGEgbGFjayBvZiBndWlkYW5jZSBhcyB0byBob3cgdG8gaW1wbGVt ZW50IGFuZCBkZXBsb3kgc3VjaCB0ZWNobmlxdWVzIHdlbGwuIEl0J3MgYSBiaXQgdHJpY2t5IHRo b3VnaCBhcyBpdCdzIGZhaXJseSBPUyBkZXBlbmRlbnQgc28gbWF5YmUgbm90DQogcmVhbGx5IGlu IHNjb3BlIGZvciB0aGUgSUVURj88YnI+DQomZ3Q7IChGb3IgdGhlIGxhc3QgMyB5ZWFycyBJJ3Zl IHNldCBhIHBvc3NpYmxlIHN0dWRlbnQgcHJvamVjdCBpbiB0aGlzIHNwYWNlLCBidXQgZWFjaCB0 aW1lIGEgc3R1ZGVudCBoYXMgY29uc2lkZXJlZCBpdCwgaXQgdHVybmVkIG91dCAmcXVvdDt0b28g aGFyZCZxdW90OzstKTxicj4NCjxicj4NCkFzIEkgbWVudGlvbmVkIHByZXZpb3VzbHksIElFRUUg ODAyLjExIGlzIGxvb2tpbmcgaW50byB0aGlzIGFyZWEsIGJvdGggZnJvbSBhbiBvcGVyYXRpb25h bCBwZXJzcGVjdGl2ZSBhbmQgZnJvbSBhIHByaXZhY3kgcGVyc3BlY3RpdmUuIE5ldyBJRUVFIDgw Mi4xMSBhbWVuZG1lbnRzIChJRUVFIDgwMi4xMWJoIGFuZCBJRUVFIDgwMi4xMWJpLCBpZiBhcHBy b3ZlZCkgYXJlIGJlaW5nIGRpc2N1c3NlZC4gVGhlICh2ZXJ5KSBoaWdoLWxldmVsIGRvY3VtZW50 cw0KIGRlc2NyaWJpbmcgZWFjaCBjYW4gYmUgZm91bmQgYXQgWzFdIGFuZCBbMl0uIEkgd291bGQg YmUgaGFwcHkgdG8gY29udmV5IGlucHV0IHRvIElFRUUgODAyLjExIHJlZ2FyZGluZyBlaXRoZXIg ZG9jdW1lbnQsIHBhcnRpY3VsYXJseSBpbiByZWdhcmRzIHRvIGxheWVycyAzIGFuZCBhYm92ZS4g V2l0aG91dCB3aXNoaW5nIHRvIG9wZW4gdXAgYSBjYW4gb2Ygd29ybXMgYWJvdXQgbWVldGluZyBm ZWVzLCBJIHdpbGwgbm90ZSB0aGF0IElFRUUgODAyLjExDQogaXMgY3VycmVudGx5IG5vdCBjaGFy Z2luZyBmb3IgaXRzIG9ubGluZSBtZWV0aW5ncywgc28gaWYgYW55b25lIHdpc2hlcyB0byB0YWtl IHBhcnQgaW4gdGhlIHJhbmRvbSBNQUMgYWRkcmVzcyBkaXNjdXNzaW9ucyBkaXJlY3RseSwgdGhl IG5leHQgbWVldGluZyB3aWxsIGJlIGhlbGQgaW4gZWFybHkgTm92ZW1iZXIuIFRoZSBSQ00gU3R1 ZHkgR3JvdXAgbWV0IHllc3RlcmRheSBtb3JuaW5nIChBbWVyaWNhcykgYW5kIHdpbGwgbWVldCBh Z2FpbiBpbg0KIHR3byB3ZWVrcy4gU2VlIFszXS48YnI+DQo8YnI+DQombmJzcDsgJm5ic3A7ICZu YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IC1QZXRlcjxicj4NCjxicj4N ClsxXSA8YSBocmVmPSJodHRwczovL21lbnRvci5pZWVlLm9yZy84MDIuMTEvZGNuLzIwLzExLTIw LTA3NDItMDQtMHJjbS1wcm9wb3NlZC1wYXItZHJhZnQuZG9jeCIgdGFyZ2V0PSJfYmxhbmsiPg0K aHR0cHM6Ly9tZW50b3IuaWVlZS5vcmcvODAyLjExL2Rjbi8yMC8xMS0yMC0wNzQyLTA0LTByY20t cHJvcG9zZWQtcGFyLWRyYWZ0LmRvY3g8L2E+PGJyPg0KWzJdIDxhIGhyZWY9Imh0dHBzOi8vbWVu dG9yLmllZWUub3JnLzgwMi4xMS9kY24vMjAvMTEtMjAtMDg1NC0wNi0wcmNtLXBhci1wcm9wb3Nh bC1mb3ItcHJpdmFjeS5wZGYiIHRhcmdldD0iX2JsYW5rIj4NCmh0dHBzOi8vbWVudG9yLmllZWUu b3JnLzgwMi4xMS9kY24vMjAvMTEtMjAtMDg1NC0wNi0wcmNtLXBhci1wcm9wb3NhbC1mb3ItcHJp dmFjeS5wZGY8L2E+PGJyPg0KWzNdIDxhIGhyZWY9Imh0dHBzOi8vbWVudG9yLmllZWUub3JnLzgw Mi4xMS9kY24vMjAvMTEtMjAtMDk5NS0xMC0wcmNtLXJjbS1zZy1hZ2VuZGEucHB0eCIgdGFyZ2V0 PSJfYmxhbmsiPg0KaHR0cHM6Ly9tZW50b3IuaWVlZS5vcmcvODAyLjExL2Rjbi8yMC8xMS0yMC0w OTk1LTEwLTByY20tcmNtLXNnLWFnZW5kYS5wcHR4PC9hPjxicj4NCjxicj4NCjxicj4NCjxicj4N Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyPg0KSW50 LWFyZWEgbWFpbGluZyBsaXN0PGJyPg0KPGEgaHJlZj0ibWFpbHRvOkludC1hcmVhQGlldGYub3Jn IiB0YXJnZXQ9Il9ibGFuayI+SW50LWFyZWFAaWV0Zi5vcmc8L2E+PGJyPg0KPGEgaHJlZj0iaHR0 cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9pbnQtYXJlYSIgdGFyZ2V0PSJfYmxh bmsiPmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vaW50LWFyZWE8L2E+PG86 cD48L286cD48L3A+DQo8L2Jsb2NrcXVvdGU+DQo8L2Rpdj4NCjwvZGl2Pg0KVGhlIGNvbnRlbnRz IG9mIHRoaXMgZS1tYWlsIG1lc3NhZ2UgYW5kIDxicj5hbnkgYXR0YWNobWVudHMgYXJlIGludGVu ZGVkIHNvbGVseSBmb3IgdGhlIDxicj5hZGRyZXNzZWUocykgYW5kIG1heSBjb250YWluIGNvbmZp ZGVudGlhbCA8YnI+YW5kL29yIGxlZ2FsbHkgcHJpdmlsZWdlZCBpbmZvcm1hdGlvbi4gSWYgeW91 PGJyPmFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCBvZiB0aGlzIG1lc3NhZ2U8YnI+b3Ig aWYgdGhpcyBtZXNzYWdlIGhhcyBiZWVuIGFkZHJlc3NlZCB0byB5b3UgPGJyPmluIGVycm9yLCBw bGVhc2UgaW1tZWRpYXRlbHkgYWxlcnQgdGhlIHNlbmRlcjxicj5ieSByZXBseSBlLW1haWwgYW5k IHRoZW4gZGVsZXRlIHRoaXMgbWVzc2FnZSA8YnI+YW5kIGFueSBhdHRhY2htZW50cy4gSWYgeW91 IGFyZSBub3QgdGhlIDxicj5pbnRlbmRlZCByZWNpcGllbnQsIHlvdSBhcmUgbm90aWZpZWQgdGhh dCA8YnI+YW55IHVzZSwgZGlzc2VtaW5hdGlvbiwgZGlzdHJpYnV0aW9uLCBjb3B5aW5nLDxicj5v ciBzdG9yYWdlIG9mIHRoaXMgbWVzc2FnZSBvciBhbnkgYXR0YWNobWVudCA8YnI+aXMgc3RyaWN0 bHkgcHJvaGliaXRlZC48L2JvZHk+DQo8L2h0bWw+DQo= --_000_D3230F2EE01740B3B3866593973E803Fchartercom_-- From nobody Tue Sep 29 21:17:04 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84FDB3A0D40 for ; Tue, 29 Sep 2020 21:17:02 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.996 X-Spam-Level: X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.com header.b=6ETKt+Z/; dkim=pass (2048-bit key) header.d=comcast.com header.b=JWUjwOXg; dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=comcastcorp.onmicrosoft.com header.b=lHv9ft59 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id usapEOFfZw_U for ; Tue, 29 Sep 2020 21:17:00 -0700 (PDT) Received: from mx0a-00143702.pphosted.com (mx0a-00143702.pphosted.com [148.163.145.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97FCE3A0D33 for ; Tue, 29 Sep 2020 21:17:00 -0700 (PDT) Received: from pps.filterd (m0156893.ppops.net [127.0.0.1]) by mx0a-00143702.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08U49Qb1011344 for ; Wed, 30 Sep 2020 00:17:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.com; h=from : to : cc : subject : date : message-id : content-type : mime-version; s=20190412; bh=fRTAAQEgTq0Ap6vjT7NqcqVWDqIr42+t8VT/r9c0Xfw=; b=6ETKt+Z/E0bvxOg/LFMvb45L/Tczm8DhAlUc0Qs1SML1Yw1Sg94Jsr5Mw9DRr8g801mn S2iZbZ4zeryqHRScbk5hQcCRxWJlb2RHELWPNZOihbOIzQSczuq9esi9bKwJbVqLw7uG kr2ZYmKe1aU7q+VAVjv+iy0OMc6LutypIk3AADvv4nbCfPsUtErkJoQkkT9ORJbp+rCp mQDpVkHSPaUtwZvJD2MEzPvm/blNTTPAmfZUlIfnpSYLJXuGWegq8G9lOD60ev0bb8AI j4JKC2cEB/7AtA5ml9/PPFOt/yfzZTubAaJVEeO2Ux3bSiTJYcKb6gZ/sKJLUvocYOWn Yw== Received: from pacdcmhout01.cable.comcast.com (PACDCMHOUT01.cable.comcast.com [68.87.31.167]) by mx0a-00143702.pphosted.com with ESMTP id 33t2bnkv49-49 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 30 Sep 2020 00:17:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; d=comcast.com; s=20190412; c=relaxed/simple; q=dns/txt; i=@comcast.com; t=1601439417; x=2465353017; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=fRTAAQEgTq0Ap6vjT7NqcqVWDqIr42+t8VT/r9c0Xfw=; b=JWUjwOXg95nOkKfoR+qkxyPmpwX97C7hTEEf4LTHcq/lSL8In7elEns0B5UzknnR Q37ZY0Y4B5p3JNZqmq2uMIPWKG3pefyQRUmBcTpZBTUzbVfFfEu8mvTxEA+Nr8fg D4tpwqrulyTNQt65zhxHFIskhBRV0LP4ppg4iLXDVYuU0/45wRo0AxwOomSlGT2z brvNGCLaKx1f3zX0gXDlMBxyQ7Et6EU+gUS04TlsQPcgsIumVRH1iN4suUeIdzB/ /bTzkMO1Sl4aPQzfKgxxyRkknxDmnD8tGeIhKJOzJsZt4Dpfqf57qGIY7vFdzwn4 r3Ipr3CRQU2nr+P6a1pMwA==; X-AuditID: 44571fa7-417ff70000018e96-ca-5f7406b93bdc Received: from PACDCEX49.cable.comcast.com (cas-umc02.ndceast.pa.bo.comcast.net [68.87.34.28]) (using TLS with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client did not present a certificate) by pacdcmhout01.cable.comcast.com (SMTP Gateway) with SMTP id 25.3F.36502.9B6047F5; Wed, 30 Sep 2020 00:16:57 -0400 (EDT) Received: from PACDCEX09.cable.comcast.com (24.40.1.132) by PACDCEX49.cable.comcast.com (24.40.2.148) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Sep 2020 00:16:57 -0400 Received: from PACDCEXEDGE01.cable.comcast.com (76.96.78.71) by PACDCEX09.cable.comcast.com (24.40.1.132) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 30 Sep 2020 00:16:57 -0400 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.36.51) by webmail.comcast.com (76.96.78.71) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 30 Sep 2020 00:16:57 -0400 Received: from MN2PR11MB3582.namprd11.prod.outlook.com (2603:10b6:208:ec::28) by MN2PR11MB3839.namprd11.prod.outlook.com (2603:10b6:208:fa::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.32; Wed, 30 Sep 2020 04:16:55 +0000 Received: from MN2PR11MB3582.namprd11.prod.outlook.com ([fe80::905a:3a8c:e7a6:ad26]) by MN2PR11MB3582.namprd11.prod.outlook.com ([fe80::905a:3a8c:e7a6:ad26%3]) with mapi id 15.20.3412.028; Wed, 30 Sep 2020 04:16:55 +0000 From: "Lee, Yiu" To: "Eric Vyncke (evyncke)" , "captive-portals@ietf.org" , "Livingood, Jason" , "Jason.Weil@charter.com" CC: Magnus Westerlund , Erik Kline , Roman Danyliw , Benjamin Kaduk , "martin.h.duke@gmail.com" Thread-Topic: [EXTERNAL] BoF proposal: Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWluCILYzAJNgchkOu8iI3mUMrgA== Date: Wed, 30 Sep 2020 04:16:55 +0000 Message-ID: <0A4F523D-654D-4F44-B93C-8BFDA268DAB5@comcast.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.41.20091302 authentication-results: cisco.com; dkim=none (message not signed) header.d=none;cisco.com; dmarc=none action=none header.from=Cable.Comcast.com; x-originating-ip: [2601:42:1:8220:5972:7ba0:4a2d:f3c7] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4800496d-c70c-4c6a-23bf-08d864f7aac5 x-ms-traffictypediagnostic: MN2PR11MB3839: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ZfP0JQKqRFI1vHCP3exnPoLVO0mHXizJicui0R1LPbyPDPCKkIEb/TvIoCJGAOb4Go7sztaUKF9SbhiaACd4cgcZpq6J15SXDSKMMbGPkQGhVWu/BK/zt8NyqDY0ppDrSDOtqW8Nv/qjDYXYsliunKqfHvVl5JqNI+LffiQiW51o30p5/YP5eBrIwF52zLnli5CNlS5ZKuUEQ4NwbGOcZzBbCAzf2Vj4dwF/xpO5rWB9dfsJqgC+pGQAKSTfp7PaUllSeu70JXRLJxSs/Kj64EvIF/sBehewCuCBvhKqlrdG7nVW7IqixX7Qmc6P4czKEgtNnGisXFRltLmDXWqsGn8ZiZmRoNTQLDzYw3+vCPfY+vPmaayuCvx4QcBf9d3KwcF/Q5gYTfvI3Rm31zeaYw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3582.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(376002)(366004)(39860400002)(346002)(966005)(66446008)(66476007)(66946007)(66556008)(64756008)(4326008)(53546011)(6506007)(8676002)(71200400001)(86362001)(6486002)(76116006)(5660300002)(36756003)(186003)(8936002)(166002)(33656002)(316002)(2906002)(54906003)(478600001)(9326002)(6512007)(110136005)(9686003)(83080400001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: 6a6aiz1MJdU8thgUf8DV3uULpnqSUpp5Rbm8StqPh82AkT6hK82iS3GNvnCoOe1zp+w4YuiYv6seHz1AgcnWiZ4RcDWIbCQ3njo74Qa6kkreTVJMWzGUQ3GTACv0aKvEsMe/gVoYT49TD3rwKsBHTCzrhwEESbQne4/wZgqWMOgZV4ZOH6Otgav2/uqKlzWr4dh1m6aD3f+ebs6UO8GTKQKpo+QKC0z8dOMYlvg/cSiOjqS1RQONAqJZ7WexjwfjoK59pV3gKivak3zCd7PGAk7iV53NiuUksbtsKIxrveP7ryFvBwPDcbzGMzkgHx+CHWBWfdBOc8YM+5ClntyTDX7xHT3O2T05fcel71+QfA/SYKqrprYqWwCP9O30xCl3mvESvBsINuzrvFtNcHiDeGQkS9eyyOlEsccu9AEpREs/3zpno71RWtzNC+NVPrFLoTepIKQteimUi3XW9R04z1U6Y+vbtpZMQgsUHR46asiiK21mxNFOat/4waFeUEQRHY1hS4ZxGeCOFasSYf6yaMAUpVEoyywUTcUntTDklKnDF3f9tACuRkDUUCMiMkPIbS+6T8+9OAxIchKA6sQ0JDakeXpDJN1X1dsxla2mfoF5bZENj0iRCdG2oHSsWDcKl0MhmGJCeEsngX3JAQldz/9H4V+hv78D8kG4kBQJTOaL87wqjSI7Tk0jgHnXHXwgHT379w2MMXVc0C2D7tcgcg== arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nVQDzpU+VtPHlzKCBKD+9ov1+TE7NvnI2dL/UjGQhT5nMKmBuwwUlkOT2DabarSwz5lL0dbce+aqR7y+tpD/GZ8Xfn1INoIzT0ySRXXOC0S32W5VsZxZgWHmw6UA2WMR/5qV54TbC6kTZHB2Zk4Q06+EOq/s/M45beYcdbrPqxvVP2jS0ofvEs9CUe7x6fIGiTm93ODg42dhPg9rUTSTRB2fJ/QtqXace5hbm7oJFVlQypAn2XvakgTtbQrYdebpESl3STBk18ueYKz8oFIs7rf8FVEYoqgI4pDVQc2/oHn2M3v0HDdAQJcy6Mmr3mq1juT8dNFp3jsulLDpt8HFPA== arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MRHhHcT36ZBD2+x/iifpKm/2/+uVZvd2KwUzT0GQYEw=; b=by7/TgKbH1V1K+2fmoVnBeWBDRAO+f7OsNS8Zr4VGUnANzaEhSE8WvNg2wsnTfwFSmxrMRIVzJFjGWWXDkJM9+i4eVsEK86bs3thNMjBvsULgJfUe/xqNE+6FwF3NwEHM56m1b9ANTqy/GTwKuKilkLkggjJ+72giGX5IgtQCIcTH6IeEuYU0IewwXV6rWN6Iu3ExyT3QwTsKs5KP1ynq3pvRnlVzfTJC4GzNPdM2QJ8z0RONHJk56Ht8Qlo4KCXzh42adX/KcJcvxs+/NrlEDU3Z14Jy0hwAYVfB6ZZmtSVAxvISkuHHEMMNsg6ZTDnpAbWOYUwU7I9ime2iRFlBQ== arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cable.comcast.com; dmarc=pass action=none header.from=cable.comcast.com; dkim=pass header.d=cable.comcast.com; arc=none dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcastcorp.onmicrosoft.com; s=selector1-comcastcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MRHhHcT36ZBD2+x/iifpKm/2/+uVZvd2KwUzT0GQYEw=; b=lHv9ft59NOfAxgYgo/9FmyL6lrHKqS23/QPMgqVIPIgqTni0xi/xlUPSkq72ROMrRV3zad0j4JttH8rMgteb4Ap5o1CekEV6K1SruDfNNzbvC2y1X6EeIjgaA1zs/9wUc0lPRfuW04ZtTqcjtllhXCpgc4OsvPEkCR6w+UbxvFM= x-ms-exchange-crosstenant-authas: Internal x-ms-exchange-crosstenant-authsource: MN2PR11MB3582.namprd11.prod.outlook.com x-ms-exchange-crosstenant-network-message-id: 4800496d-c70c-4c6a-23bf-08d864f7aac5 x-ms-exchange-crosstenant-originalarrivaltime: 30 Sep 2020 04:16:55.6781 (UTC) x-ms-exchange-crosstenant-fromentityheader: Hosted x-ms-exchange-crosstenant-id: 906aefe9-76a7-4f65-b82d-5ec20775d5aa x-ms-exchange-crosstenant-mailboxtype: HOSTED x-ms-exchange-crosstenant-userprincipalname: 3HceX8E2gkMzMn7vc7Nx4ysr9dWS39y4x/s59NtWBuWuIkATR/xAdh5hcYUmcK41O/bW0E8Mm3wRT/xNo/tqnFbXP+J7+Wh0fMW0zqzhHKc= x-ms-exchange-transport-crosstenantheadersstamped: MN2PR11MB3839 x-originatororg: cable.comcast.com Content-Type: multipart/alternative; boundary="_000_0A4F523D654D4F44B93C8BFDA268DAB5comcastcom_" MIME-Version: 1.0 X-CFilter-Loop: Forward AAETWH X-Brightmail-Tracker: H4sIAAAAAAAAA02Ta0wUVxiGc2ZmZwbj6nGF+oVYWCeVqMkCq1wGosRGCaORaMKPtvpjGWBk jcvsZhYoEEyJ8RIgtrpdIq4iGjahAe16SYtY0GQpUbDGgoFShHJvQGsDalE0ojs724R/z/ud 97xfvnNhScPPdCR7SC6UFFm0cfQyaucX3FpTK11oie8e3cLXeSp0fL/rdx3/6u4lxLcO/Unw jdfPEXyv7y+CPzsxTfMvT9DbWaH22h5hYeayTnC/u64T3v7XRwutnmFG8HoXCOHob53kPmb/ jq1WScyTFKMk59rzDsn527hdWXtNPJ+YYjJzRlkskLZxX5qyMjNM6fJBu5IrccZi0VYUqNpl hyIVcHFp2Tusj/89xjj+OIVK2ntmmQo0W4mqEMsCTgDvZHoVCmMN+FcC6npTq9CyAN9GUHur j9BEH4KHl/9mNNGJ4AevH2migYCb049DYhxBj+t7nRpG4xhovtZFqwvhuAeBz9WkUwWJHyJ4 0XKeVl2rcT6471dTKodjK/wzrEapHAsTA0+CSRReD339A4zKepwGJyvdQT/Cn8Dr7iuEyiRe A4OT9UEGjMHb9ojUOAJmJhaDORE4DuZOPwkOgbAbweDzmZApCdoGRyiNP4Xe+urQ0WTC04vp WnkTvJirobTyZ7DoL9XKh2FkajrUNgZa+h+FOAqaTo2FEtfC6EBL8CAA/0JCR9WPOk0cpWCw 8xhzGm32LJlB4xyoOfGM8QRnXgVd5yYpT6A3iTeC73acZlkH7uoxRuMNcPxCXYgFeDB1hlzq uYTYJrQ8iY/lk2O3mGPNSck3UPDNRjfeQi0eqx9hFnHL9fXzTotBJxY7Swv8CFiSC9dn2hwW gz5PLC2TFLtFKbJJTj9KDFzKGTIyItce+AFyocWcmJKSnMCnmDebk+O5Nfr1o9kWA84XC6XD kuSQlP/3EWxYZAVSpmZ2j9tq/fqcDO474d6Boa8+vDvpamuuGV7l+zb1/TdjGcaS6PKGqBX+ dtqUcDd7Y8dTW/3Bdvn1RXlDSfSR/Ktka/NQx85dmalXHPPPjzyLb4zZm1YRabwTQxW8eunP +vD5fNn5s+O+mgWvoJT/tHJR/Joyh49UPmi4c3P4jcvIUU6raN5EKk7xI6vVT2jJAwAA X-SMG-Enforce: onprem X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-30_01:2020-09-29, 2020-09-30 signatures=0 X-Proofpoint-Spam-Reason: safe Archived-At: Subject: Re: [Captive-portals] [EXTERNAL] BoF proposal: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 04:17:03 -0000 --_000_0A4F523D654D4F44B93C8BFDA268DAB5comcastcom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGkgRXJpYywNCg0KU29ycnkgZm9yIHRoZSBkZWxheS4gIENvbW1lbnRzIGlubGluZToNCg0KVGhh bmtzLA0KWWl1DQoNCkZyb206ICJFcmljIFZ5bmNrZSAoZXZ5bmNrZSkiIDxldnluY2tlQGNpc2Nv LmNvbT4NCkRhdGU6IFR1ZXNkYXksIFNlcHRlbWJlciAyOSwgMjAyMCBhdCA4OjM1IEFNDQpUbzog ImNhcHRpdmUtcG9ydGFsc0BpZXRmLm9yZyIgPGNhcHRpdmUtcG9ydGFsc0BpZXRmLm9yZz4sIEph c29uIExpdmluZ29vZCA8SmFzb25fTGl2aW5nb29kQGNhYmxlLmNvbWNhc3QuY29tPiwgIkxlZSwg WWl1IiA8WWl1X0xlZUBDYWJsZS5Db21jYXN0LmNvbT4sICJKYXNvbi5XZWlsQGNoYXJ0ZXIuY29t IiA8SmFzb24uV2VpbEBjaGFydGVyLmNvbT4NCkNjOiBNYWdudXMgV2VzdGVybHVuZCA8bWFnbnVz Lndlc3Rlcmx1bmRAZXJpY3Nzb24uY29tPiwgRXJpayBLbGluZSA8ZWsuaWV0ZkBnbWFpbC5jb20+ LCBSb21hbiBEYW55bGl3IDxyZGRAY2VydC5vcmc+LCBCZW5qYW1pbiBLYWR1ayA8a2FkdWtAbWl0 LmVkdT4sICJtYXJ0aW4uaC5kdWtlQGdtYWlsLmNvbSIgPG1hcnRpbi5oLmR1a2VAZ21haWwuY29t Pg0KU3ViamVjdDogW0VYVEVSTkFMXSBCb0YgcHJvcG9zYWw6IEV2YWx1YXRlIGltcGFjdCBvZiBN QUMgYWRkcmVzcyByYW5kb21pemF0aW9uIHRvIElQIGFwcGxpY2F0aW9ucw0KDQoNCkphc29uLCBK YXNvbiwgWWl1LA0KDQoNCg0KQmFzZWQgb24gdGhlIHByZXZpb3VzIGVtYWlsIHRocmVhZCwgbWF5 IEkgc3VnZ2VzdCBhIGNvdXBsZSBvZiBpdGVtcyB0byBpbXByb3ZlIHRoZSBCb0YgcHJvcG9zYWwg KHdpa2kvYWdlbmRhKSA/DQoNCi0gSSBndWVzcyB0aGF0IHRoZXJlIHdpbGwgYmUgbW9yZSB0aGFu IDUwIHBlb3BsZSBiYXNlZCBvbiB0aGUgaW5pdGlhbCByZWFjdGlvbnMNCg0KLSBhZGRpbmcgY2Fw cG9ydCBhcyBjb25mbGljdCB0byBiZSBhdm9pZGVkIGZvciB0aGUgQm9GDQoNCltZTF0gQ2FuIHlv dSBlbGFib3JhdGU/DQoNCg0KDQotIGFkZGluZyBhIGxpbmsgdG8gZHJhZnQtbGVlLXJhbmRvbWl6 ZWQtbWFjYWRkci1wcw0KDQpbWUxdIFdpbGwgZG8NCg0KDQoNCi0gYXNzdW1pbmcgdGhhdCBpdCBp cyB0b28gZWFybHkgdG8gZm9ybSBhIFdHLCBwbGVhc2Ugc3RhdGUgdGhlIHN0YXR1cyBvZiDigJhu b24gV0cgZm9ybWluZ+KAmQ0KDQpbWUxdIE5vdGVkDQoNCg0KDQotIHB1dHRpbmcgIHRoZSBkZXNj cmlwdGlvbiAmIGFnZW5kYSBvbiB0aGUgd2lraSBodHRwczovL3RyYWMudG9vbHMuaWV0Zi5vcmcv Ym9mL3RyYWMvd2lraTxodHRwczovL3VybGRlZmVuc2UuY29tL3YzL19faHR0cHM6L3RyYWMudG9v bHMuaWV0Zi5vcmcvYm9mL3RyYWMvd2lraV9fOyEhQ1FsM21jSFgyQSFSU1htYXhrQkg2SkNFcnZF bUdHRDdsdXFhcUNEYzNmOXdJaU02V1JIdmtCbVBacWFlRk5IQmU4UEhBYnN2R0UkPiBiZWZvcmUg dGhpcyBGcmlkYXkgMm5kIG9mIE9jdG9iZXIgZGVhZGxpbmUNCg0KW1lMXSBXaWxsIHdvcmsgb24g aXQgdG9tb3Jyb3cuDQoNCg0KDQotIHN0YXJ0aW5nIHRvIGZpbmQgYSBwb3RlbnRpYWwgY2hhaXIg d2hvIGlzIG5vdCBhIHByb3BvbmVudA0KDQpbWUxdIE9rDQoNCg0KDQotIEFkZGluZyBkaXNjdXNz aW9uIGFib3V0IHByaXZhY3kgaW1wYWN0IG9uIHRoZSBhZ2VuZGEgaXMgaW1wb3J0YW50IG9yIGV2 ZW4gY3JpdGljYWwNCg0KW1lMXSBPSw0KDQoNCg0KLSBhZGRpbmcgSUVFRSBjb29yZGluYXRpb24g aXMgYWxzbyBpbXBvcnRhbnQgKGNvdWxkIGJlIGhhbmRsZWQgYmVmb3JlIHRoZSBwb3RlbnRpYWwg Qm9GKQ0KDQpbWUxdIEpXIHdpbGwgaGVscCBoZXJlLg0KDQoNCg0KDQoNCk1vcmUgc3BlY2lmaWMg dG8gZHJhZnQtbGVlLXJhbmRvbWl6ZWQtbWFjYWRkci1wcy0wMSwgaGVyZSBhcmUgYSBjb3VwbGUg b2YgY29tbWVudHMgKG1vc3RseSBkZXRhaWxzKToNCg0KICAqICAgTUFDIGFkZHJlc3NlcyBhcmUg bm90IGFsd2F5cyA0OCBiaXRzIGxvbmcNCiAgKiAgIE1BQyBhZGRyZXNzZXMgYXJlIG5vdCBhbHdh eXMgYXNzaWduZWQgYnkgbWFudWZhY3R1cmVycyAodGhpbmsgVk0pDQogICogICBTdWdnZXN0IHRv IGRpc3Rpbmd1aXNoIGJldHdlZW4g4oCYc3RhYmxl4oCZIGFuZCDigJhzdGF0aWPigJkgYW5kIOKA mHBlcnNpc3RlbnTigJkgTUFDIGFkZHJlc3MNCiAgKiAgIE9mIGNvdXJzZSBCQ1AgMTQgaXMgbm8g bW9yZSBSRkMgMjExOSA7LSkNCiAgKiAgIFBTLTA0IGlzIG1vcmUgYSByZXF1aXJlbWVudCB0aGFu IGEgcHJvYmxlbSBzdGF0ZW1lbnQNCg0KW1ldIFdlIHdpbGwgYWRkIHRoZXNlIHRvIDAyLg0KDQoN Cg0KDQoNCkhvcGUgdGhpcyBoZWxwcyBhbmQgaGFwcHkgdG8gY29udGludWUgdGhlIGRpc2N1c3Np b24gb2YgY291cnNlIDstKQ0KDQpbWUxdIFRoYW5rcyENCg0KDQoNCg0KDQotw6lyaWMNCg== --_000_0A4F523D654D4F44B93C8BFDA268DAB5comcastcom_ Content-Type: text/html; charset="utf-8" Content-ID: <3FC3D2B8248E094D8205679F86A01876@namprd11.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OlBNaW5nTGlVOw0KCXBhbm9zZS0xOjIgMiA1 IDAgMCAwIDAgMCAwIDA7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRo IjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1m YW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToyIDE1IDUgMiAyIDIgNCAzIDIgNDt9DQpAZm9udC1m YWNlDQoJe2ZvbnQtZmFtaWx5OiJcQFBNaW5nTGlVIjsNCglwYW5vc2UtMToyIDEgNiAxIDAgMSAx IDEgMSAxO30NCi8qIFN0eWxlIERlZmluaXRpb25zICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9y bWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjowaW47DQoJZm9udC1zaXplOjExLjBwdDsNCglm b250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJs aW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsNCgljb2xvcjojMDU2M0MxOw0KCXRleHQtZGVj b3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFpblRleHQsIGxpLk1zb1BsYWluVGV4dCwgZGl2 Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6 IlBsYWluIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBpbjsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZv bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uUGxhaW5UZXh0Q2hhcg0KCXtt c28tc3R5bGUtbmFtZToiUGxhaW4gVGV4dCBDaGFyIjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7 DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQiOw0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixz YW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTIwDQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFs LXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRv d3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJ Zm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3JkU2VjdGlvbjENCgl7c2l6ZTo4LjVpbiAxMS4w aW47DQoJbWFyZ2luOjEuMGluIDEuMGluIDEuMGluIDEuMGluO30NCmRpdi5Xb3JkU2VjdGlvbjEN Cgl7cGFnZTpXb3JkU2VjdGlvbjE7fQ0KLyogTGlzdCBEZWZpbml0aW9ucyAqLw0KQGxpc3QgbDAN Cgl7bXNvLWxpc3QtaWQ6OTQ2MDM4MDk1Ow0KCW1zby1saXN0LXRlbXBsYXRlLWlkczotMTM5MDQ4 ODg2Njt9DQpAbGlzdCBsMDpsZXZlbDENCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6LjVpbjsNCgltc28t bGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1h bnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxl dmVsMg0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6 74K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoxLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0 aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4w cHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsMw0KCXttc28tbGV2ZWwt bnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10 YWItc3RvcDoxLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6 U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxs ZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyLjBpbjsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1z by1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGww OmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRl eHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDoyLjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZTox MC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZl bC10YWItc3RvcDozLjBpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4 dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1p bHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNw0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpi dWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDozLjVpbjsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0K CW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0 IGwwOmxldmVsOA0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674K3Ow0KCW1zby1sZXZlbC10YWItc3RvcDo0LjBpbjsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6 ZToxMC4wcHQ7DQoJZm9udC1mYW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsOQ0KCXttc28t bGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3Ow0KCW1zby1s ZXZlbC10YWItc3RvcDo0LjVpbjsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJ dGV4dC1pbmRlbnQ6LS4yNWluOw0KCW1zby1hbnNpLWZvbnQtc2l6ZToxMC4wcHQ7DQoJZm9udC1m YW1pbHk6U3ltYm9sO30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjE0MTQ3Mzg0Nzk7DQoJbXNv LWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjE2MTE3MTg2NDYgMTQ0 OTgzMzIzNCA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5 ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsMTpsZXZlbDENCgl7bXNvLWxldmVsLW51 bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Oi07DQoJbXNvLWxldmVsLXRhYi1z dG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50 Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJpZjsNCgltc28tZmFyZWFz dC1mb250LWZhbWlseTpDYWxpYnJpO30NCkBsaXN0IGwxOmxldmVsMg0KCXttc28tbGV2ZWwtbnVt YmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6 LS4yNWluOw0KCWZvbnQtZmFtaWx5OiJDb3VyaWVyIE5ldyI7fQ0KQGxpc3QgbDE6bGV2ZWwzDQoJ e21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJ bXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0 Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpXaW5nZGluZ3M7fQ0KQGxpc3Qg bDE6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwt dGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1w b3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseTpTeW1ib2w7 fQ0KQGxpc3QgbDE6bGV2ZWw1DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCglt c28tbGV2ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1u dW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6 IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBsMTpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJlci1mb3Jt YXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9u ZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LS4yNWlu Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMTpsZXZlbDcNCgl7bXNvLWxldmVs LW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwt dGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LS4yNWluOw0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDgNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNv LWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0K CXRleHQtaW5kZW50Oi0uMjVpbjsNCglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0 IGwxOmxldmVsOQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVs LXRleHQ674KnOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotLjI1aW47DQoJZm9udC1mYW1pbHk6V2luZ2Rp bmdzO30NCm9sDQoJe21hcmdpbi1ib3R0b206MGluO30NCnVsDQoJe21hcmdpbi1ib3R0b206MGlu O30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBsYW5nPSJFTi1VUyIgbGluaz0iIzA1NjND MSIgdmxpbms9InB1cnBsZSIgc3R5bGU9IndvcmQtd3JhcDpicmVhay13b3JkIj4NCjxkaXYgY2xh c3M9IldvcmRTZWN0aW9uMSI+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj5IaSBFcmljLDxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIj5Tb3JyeSBmb3IgdGhlIGRlbGF5LiZuYnNwOyBDb21tZW50cyBpbmxp bmU6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48bzpwPiZuYnNwOzwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPlRoYW5rcyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPllpdTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+ PG86cD4mbmJzcDs8L286cD48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9w OnNvbGlkICNCNUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwaW4gMGluIDBpbiI+DQo8cCBjbGFz cz0iTXNvTm9ybWFsIj48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpibGFj ayI+RnJvbTogPC9zcGFuPjwvYj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEyLjBwdDtjb2xvcjpi bGFjayI+JnF1b3Q7RXJpYyBWeW5ja2UgKGV2eW5ja2UpJnF1b3Q7ICZsdDtldnluY2tlQGNpc2Nv LmNvbSZndDs8YnI+DQo8Yj5EYXRlOiA8L2I+VHVlc2RheSwgU2VwdGVtYmVyIDI5LCAyMDIwIGF0 IDg6MzUgQU08YnI+DQo8Yj5UbzogPC9iPiZxdW90O2NhcHRpdmUtcG9ydGFsc0BpZXRmLm9yZyZx dW90OyAmbHQ7Y2FwdGl2ZS1wb3J0YWxzQGlldGYub3JnJmd0OywgSmFzb24gTGl2aW5nb29kICZs dDtKYXNvbl9MaXZpbmdvb2RAY2FibGUuY29tY2FzdC5jb20mZ3Q7LCAmcXVvdDtMZWUsIFlpdSZx dW90OyAmbHQ7WWl1X0xlZUBDYWJsZS5Db21jYXN0LmNvbSZndDssICZxdW90O0phc29uLldlaWxA Y2hhcnRlci5jb20mcXVvdDsgJmx0O0phc29uLldlaWxAY2hhcnRlci5jb20mZ3Q7PGJyPg0KPGI+ Q2M6IDwvYj5NYWdudXMgV2VzdGVybHVuZCAmbHQ7bWFnbnVzLndlc3Rlcmx1bmRAZXJpY3Nzb24u Y29tJmd0OywgRXJpayBLbGluZSAmbHQ7ZWsuaWV0ZkBnbWFpbC5jb20mZ3Q7LCBSb21hbiBEYW55 bGl3ICZsdDtyZGRAY2VydC5vcmcmZ3Q7LCBCZW5qYW1pbiBLYWR1ayAmbHQ7a2FkdWtAbWl0LmVk dSZndDssICZxdW90O21hcnRpbi5oLmR1a2VAZ21haWwuY29tJnF1b3Q7ICZsdDttYXJ0aW4uaC5k dWtlQGdtYWlsLmNvbSZndDs8YnI+DQo8Yj5TdWJqZWN0OiA8L2I+W0VYVEVSTkFMXSBCb0YgcHJv cG9zYWw6IEV2YWx1YXRlIGltcGFjdCBvZiBNQUMgYWRkcmVzcyByYW5kb21pemF0aW9uIHRvIElQ IGFwcGxpY2F0aW9uczxvOnA+PC9vOnA+PC9zcGFuPjwvcD4NCjwvZGl2Pg0KPGRpdj4NCjxwIGNs YXNzPSJNc29Ob3JtYWwiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPC9kaXY+DQo8cCBjbGFzcz0i TXNvUGxhaW5UZXh0Ij5KYXNvbiwgSmFzb24sIFlpdSw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+QmFzZWQgb24gdGhlIHByZXZpb3VzIGVtYWlsIHRocmVhZCwgbWF5IEkgc3VnZ2VzdCBh IGNvdXBsZSBvZiBpdGVtcyB0byBpbXByb3ZlIHRoZSBCb0YgcHJvcG9zYWwgKHdpa2kvYWdlbmRh KSA/PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tIEkgZ3Vlc3MgdGhh dCB0aGVyZSB3aWxsIGJlIG1vcmUgdGhhbiA1MCBwZW9wbGUgYmFzZWQgb24gdGhlIGluaXRpYWwg cmVhY3Rpb25zPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tIGFkZGlu ZyBjYXBwb3J0IGFzIGNvbmZsaWN0IHRvIGJlIGF2b2lkZWQgZm9yIHRoZSBCb0Y8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPltZTF0gQ2FuIHlvdSBlbGFib3JhdGU/IDxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tIGFkZGluZyBhIGxpbmsgdG8gZHJhZnQtbGVl LXJhbmRvbWl6ZWQtbWFjYWRkci1wczxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+W1lMXSBXaWxsIGRvPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPi0gYXNzdW1p bmcgdGhhdCBpdCBpcyB0b28gZWFybHkgdG8gZm9ybSBhIFdHLCBwbGVhc2Ugc3RhdGUgdGhlIHN0 YXR1cyBvZiDigJhub24gV0cgZm9ybWluZ+KAmTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1z b1BsYWluVGV4dCI+W1lMXSBOb3RlZDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tIHB1 dHRpbmcgJm5ic3A7dGhlIGRlc2NyaXB0aW9uICZhbXA7IGFnZW5kYSBvbiB0aGUgd2lraSA8YSBo cmVmPSJodHRwczovL3VybGRlZmVuc2UuY29tL3YzL19faHR0cHM6L3RyYWMudG9vbHMuaWV0Zi5v cmcvYm9mL3RyYWMvd2lraV9fOyEhQ1FsM21jSFgyQSFSU1htYXhrQkg2SkNFcnZFbUdHRDdsdXFh cUNEYzNmOXdJaU02V1JIdmtCbVBacWFlRk5IQmU4UEhBYnN2R0UkIj4NCmh0dHBzOi8vdHJhYy50 b29scy5pZXRmLm9yZy9ib2YvdHJhYy93aWtpPC9hPiBiZWZvcmUgdGhpcyBGcmlkYXkgMm5kIG9m IE9jdG9iZXIgZGVhZGxpbmU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi PltZTF0gV2lsbCB3b3JrIG9uIGl0IHRvbW9ycm93LjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5U ZXh0Ij4tIHN0YXJ0aW5nIHRvIGZpbmQgYSBwb3RlbnRpYWwgY2hhaXIgd2hvIGlzIG5vdCBhIHBy b3BvbmVudDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+W1lMXSBPazxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+PG86cD4mbmJzcDs8L286cD48 L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij4tIEFkZGluZyBkaXNjdXNzaW9uIGFib3V0IHBy aXZhY3kgaW1wYWN0IG9uIHRoZSBhZ2VuZGEgaXMgaW1wb3J0YW50IG9yIGV2ZW4gY3JpdGljYWw8 bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPltZTF0gT0s8bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCI+LSBhZGRpbmcgSUVFRSBjb29yZGluYXRpb24gaXMgYWxzbyBp bXBvcnRhbnQgKGNvdWxkIGJlIGhhbmRsZWQgYmVmb3JlIHRoZSBwb3RlbnRpYWwgQm9GKTxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+W1lMXSBKVyB3aWxsIGhlbHAgaGVy ZS48bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPjxvOnA+Jm5ic3A7PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5Nb3JlIHNwZWNpZmljIHRvIGRyYWZ0LWxlZS1yYW5kb21p emVkLW1hY2FkZHItcHMtMDEsIGhlcmUgYXJlIGEgY291cGxlIG9mIGNvbW1lbnRzIChtb3N0bHkg ZGV0YWlscyk6PG86cD48L286cD48L3A+DQo8dWwgc3R5bGU9Im1hcmdpbi10b3A6MGluIiB0eXBl PSJkaXNjIj4NCjxsaSBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibXNvLWxpc3Q6bDEgbGV2 ZWwxIGxmbzMiPk1BQyBhZGRyZXNzZXMgYXJlIG5vdCBhbHdheXMgNDggYml0cyBsb25nPG86cD48 L286cD48L2xpPjxsaSBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibXNvLWxpc3Q6bDEgbGV2 ZWwxIGxmbzMiPk1BQyBhZGRyZXNzZXMgYXJlIG5vdCBhbHdheXMgYXNzaWduZWQgYnkgbWFudWZh Y3R1cmVycyAodGhpbmsgVk0pPG86cD48L286cD48L2xpPjxsaSBjbGFzcz0iTXNvUGxhaW5UZXh0 IiBzdHlsZT0ibXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzMiPlN1Z2dlc3QgdG8gZGlzdGluZ3Vpc2gg YmV0d2VlbiDigJhzdGFibGXigJkgYW5kIOKAmHN0YXRpY+KAmSBhbmQg4oCYcGVyc2lzdGVudOKA mSBNQUMgYWRkcmVzczxvOnA+PC9vOnA+PC9saT48bGkgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5 bGU9Im1zby1saXN0OmwxIGxldmVsMSBsZm8zIj5PZiBjb3Vyc2UgQkNQIDE0IGlzIG5vIG1vcmUg UkZDIDIxMTkgOy0pPG86cD48L286cD48L2xpPjxsaSBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHls ZT0ibXNvLWxpc3Q6bDEgbGV2ZWwxIGxmbzMiPlBTLTA0IGlzIG1vcmUgYSByZXF1aXJlbWVudCB0 aGFuIGEgcHJvYmxlbSBzdGF0ZW1lbnQ8bzpwPjwvbzpwPjwvbGk+PC91bD4NCjxwIGNsYXNzPSJN c29QbGFpblRleHQiPltZXSBXZSB3aWxsIGFkZCB0aGVzZSB0byAwMi4gPG86cD48L286cD48L3A+ DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpwPiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCI+SG9wZSB0aGlzIGhlbHBzIGFuZCBoYXBweSB0byBjb250aW51ZSB0aGUgZGlzY3Vzc2lv biBvZiBjb3Vyc2UgOy0pPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij5b WUxdIFRoYW5rcyEgPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0Ij48bzpw PiZuYnNwOzwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiPiZuYnNwOzxvOnA+PC9v OnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCI+LcOpcmljPG86cD48L286cD48L3A+DQo8 L2Rpdj4NCjwvYm9keT4NCjwvaHRtbD4NCg== --_000_0A4F523D654D4F44B93C8BFDA268DAB5comcastcom_-- From nobody Tue Sep 29 23:14:00 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 978C33A125E for ; Tue, 29 Sep 2020 23:13:58 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -11.797 X-Spam-Level: X-Spam-Status: No, score=-11.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=gUraQMH1; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=lUGBZocc Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gWlqZ-RutZ3v for ; Tue, 29 Sep 2020 23:13:56 -0700 (PDT) Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C7993A125D for ; Tue, 29 Sep 2020 23:13:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27145; q=dns/txt; s=iport; t=1601446436; x=1602656036; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=K15+hl399ZUDpmBl2reXpXe7Pwts2Vq4SXZRMA5bohw=; b=gUraQMH1Fhq7nVSM3ZrlyVWcQsyYQcXJB0blZt/vD8NDRXwlAoNhqMku TvOcmYkbWkTFIbpw/oN5zCLQrTv3+86P+E5mVROirnRj/VtnoTGwLl4tl jz/dKuwO5YldPwf2YH/OdQ/qcYkRHZS5iPeImK9FRL+s4Hvb9DfWRzYiW c=; IronPort-PHdr: =?us-ascii?q?9a23=3AetW9FxWvufrntVv0JKc1U/I5EkbV8LGuZFwc94?= =?us-ascii?q?YnhrRSc6+q45XlOgnF6O5wiEPSBNyLuflDjuHfqLymUmsFst6Ns3EHJZpLUR?= =?us-ascii?q?JNycAbhBcpD8PND0rnZOXrYCo3EIUnNhdl8ni3PFITFJP4YFvf8Xa16DUbAQ?= =?us-ascii?q?m5Pg1wdaz5H4fIhJGx0Oa/s5TYfwRPgm+7ZrV/ZBW7pAncrI8Ym4xnf60w0R?= =?us-ascii?q?DO5HBPfrdb?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0DcCAATIXRf/4oNJK1ggliBIy9RB3B?= =?us-ascii?q?ZLyyEPYFdgWkDjX6KD45ogUKBEQNVCwEBAQ0BAR4PAgQBAYMWgTUCF4IYAiU?= =?us-ascii?q?3Bg4CAwEBCwEBBQEBAQIBBgRthVwMhXIBAQEBAxIRChMBATcBDwIBCBEDAQI?= =?us-ascii?q?hCgICAh8RHQgCBAENBSKDBAGBfk0DLgEOqloCgTmIYXaBMoMBAQEFhQoNC4I?= =?us-ascii?q?QAwaBOIJyg2mCQYQSG4FBP4ERJxyCTT6CGkICA4EnARIBLxINgmozgi2QBQ+?= =?us-ascii?q?CaAE8hn+Lf5A+UgqCZ4h7jFSFCQMfgw6JfpQJkwmKa4JqkjkCBAIEBQIOAQE?= =?us-ascii?q?FgWokZ3BwFTsqAYIKATNQFwINV40lWoM6hRSFQnQCATQCBgEJAQEDCXyOBgE?= =?us-ascii?q?B?= X-IronPort-AV: E=Sophos;i="5.77,321,1596499200"; d="scan'208,217";a="835462707" Received: from alln-core-5.cisco.com ([173.36.13.138]) by rcdn-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 30 Sep 2020 06:13:54 +0000 Received: from XCH-ALN-001.cisco.com (xch-aln-001.cisco.com [173.36.7.11]) by alln-core-5.cisco.com (8.15.2/8.15.2) with ESMTPS id 08U6DrZo009183 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 30 Sep 2020 06:13:54 GMT Received: from xhs-rcd-002.cisco.com (173.37.227.247) by XCH-ALN-001.cisco.com (173.36.7.11) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 30 Sep 2020 01:13:53 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 30 Sep 2020 01:13:53 -0500 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 30 Sep 2020 01:13:53 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oC5C8qQWLwaLAg0djnlkEQ3FpFYhkicpDMYbv/JkJpOx/n9Ss2TffvmMYZ3UoVqSTIcDUMlrXk0Wssc9NGdSLYLHnZpH/jqUXNQro+5Y+RWY9LaoRER3S4dUuFRnz/wWInBUS8ohSKwMhfAzS1QxMZwmPj+RWE3PPz6bgBz4tCjA2X3Bd0l0nlrhr4e+hTzTft3ssTrXj2Z1IFDOR6Lc6Ib5+1BqS2ivYd7DvVsMW5XLt34wEqVgP+b9bJZD6EUWin6ZM81Dwl3cE2Klw122uGcmWrO87I9BbpiVaRe3lRh5vx6acvF2EdkhZt74flhnYk8PHozNHdIFJ76d6njZ0Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K15+hl399ZUDpmBl2reXpXe7Pwts2Vq4SXZRMA5bohw=; b=Up8suE0pOzWzs2aVHyfmf5K/nCcMHSnA0sJNeQ77qC96a9gQoM4DJU9xcPeMTHJuLYHR5W7VgfoXAkyNIi+j4kLTcWS7fQES3KOMBM6yZkS5dcstMazAku3vxZaVoCsuS3WZP3+R61TQiUUnokwDIn8oarwQMgawJIEqY/ZwYBYOwphG2HUKGwYR2EaiIbmCZoyVZsWqk/+S522m1ZKnuHCkZokt0wgcyI/NnEDyD7s+Df2xYMuQExp1jMQHvpJesKYp7Ke1qOS59llo/ejHsfdeZcuAXPKjrUuNWYeIlnaNNyh4ppTpCzklp3HIT1lktSljaeheGNRFeLUXLvY9Wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K15+hl399ZUDpmBl2reXpXe7Pwts2Vq4SXZRMA5bohw=; b=lUGBZocchuxT1E2r4YDDXnlliqQnpcIu5afzE+zPsojj01Ar4a+8wckh2NEN1mI1voOl/gxT7xhpEIdjl114Qm8bGOIKrvYp/lbXVt3JOYEezvCzlHJm0TwvqEsJ5xDIYzYC+W8NvIjef9I1/AI0AwtDDwguDtQRJnsVXfKw1TM= Received: from BN6PR11MB1844.namprd11.prod.outlook.com (2603:10b6:404:103::20) by BN8PR11MB3794.namprd11.prod.outlook.com (2603:10b6:408:8f::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.25; Wed, 30 Sep 2020 06:13:52 +0000 Received: from BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7]) by BN6PR11MB1844.namprd11.prod.outlook.com ([fe80::d525:a81a:74e0:12e7%12]) with mapi id 15.20.3433.032; Wed, 30 Sep 2020 06:13:52 +0000 From: "Eric Vyncke (evyncke)" To: "Lee, Yiu" , "captive-portals@ietf.org" , "Livingood, Jason" , "Jason.Weil@charter.com" CC: Magnus Westerlund , Erik Kline , Roman Danyliw , Benjamin Kaduk , "martin.h.duke@gmail.com" Thread-Topic: [EXTERNAL] BoF proposal: Evaluate impact of MAC address randomization to IP applications Thread-Index: AQHWluCILYzAJNgchkOu8iI3mUMrgKmA1YGA Date: Wed, 30 Sep 2020 06:13:52 +0000 Message-ID: References: <0A4F523D-654D-4F44-B93C-8BFDA268DAB5@comcast.com> In-Reply-To: <0A4F523D-654D-4F44-B93C-8BFDA268DAB5@comcast.com> Accept-Language: fr-BE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/16.41.20091302 authentication-results: comcast.com; dkim=none (message not signed) header.d=none;comcast.com; dmarc=none action=none header.from=cisco.com; x-originating-ip: [2001:420:c0c1:36:9142:f78b:7560:e82] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: dd1bdbef-4fd4-4d7d-1cc1-08d8650800dd x-ms-traffictypediagnostic: BN8PR11MB3794: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: WWBrM9D7pjSUKgzu54iHfc4gYWTsSG3CcKiiLJhuZoAW5yIjJv5XX1dD+7OfbjbsRGJNXEG3zmhFzIDzuaaumvn8UP4YG+EdRKjMBedPpkUhcWt4OeqkpfMsUnP6vk0iWWOBx4I+ydM7+7NWvYAvOwGUXlnt6oXPlpUBU4wrKju5y6jfkt0eEEXTMgdFKz5Et5uumTWX6q8iQskwPJNcL6K1i/nzLIlsnfnN6PuKU/ZjwsJrPlg3HkB/YJ5SG626wOHM6Xbkx5NFrgy8MtYQMGZutsBWsnRJSxoCxLNlCLAn4VGCPPpFy8MqN/WnN6FBxanuD0+60RQLMNyz6JP72UpWesUbRTOtvtqp6K0CWJjGbZtttj+idnULoZfWOlKYeitsRDwx398+PmuPVbudsaFuPOotDLNIxq+DeaW1DLzyYgO8xI32Pd70gHfZYn+1wPELavm5BrLwXeKs9GEQPw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN6PR11MB1844.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(136003)(376002)(346002)(396003)(366004)(39860400002)(53546011)(6506007)(316002)(478600001)(166002)(110136005)(186003)(2616005)(36756003)(86362001)(2906002)(6486002)(71200400001)(8936002)(5660300002)(33656002)(6512007)(54906003)(91956017)(76116006)(66476007)(66446008)(66946007)(66556008)(64756008)(966005)(8676002)(4326008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: 5rxEzFQM/irafVouxVrkCbjCkK0HhI2f9I6MFcRhYl0DICKRqkL4zQ+FCgGl6ZzJmQtpUPYpFheArA+682aL4tTRFNNKYn1GdzG4gK//+yotDqZja+Iz22C9GN37bgH0M9beamF1UU2TxMpgMKfa1Cz3eAFMGDjVEA4VAgE6lLPQoahAJS2XwhOT6ShXHAndaoPzMHNCTUP20HJlF9IHkLhHBO5ul3iWeR2CUle8fLqFSsyyHSDKP0t4bXJ9P59lngRJRmsNVVEfrQiWwnNpgAEDopvHroIhHI7qHGKd4WhnHrdeRKSgYLaUItjhyNiH2qkE6CtHKpWykEl8a61lWbNyhErcorCnN5EUP8lttMLwm1UXVyrHX8YluJ96fsulFExFuwKCVHIhFT6K/mGICCVWFBGF2roz5pmGq8Dv4z5FedHchGwQh725ur6rFEI0hrTAoF+VbRVpg3zeAbXoSFmcGVDFzVGcT+2DRLP6REi5OPbk8nxBxdmEZgn57eIRQ3Q6CKM5YRHOYJ6B02x3A1oidVezmOgVffsmKiw4UEVcanaMCGItbZ2rLKAS/8G9swcBDxvnr/yxvgf/BiXDV9r9C2iUHDuPgiQ0GPN+CaN/SLKPiqrk8Jxx+CrhuNb+v4Vl3OGnamZ6oIouK4PwJEQGTZ41SkoLaKwGEVuXkt0Isp7541dqP4pi/Gm4KiqZ70NW4DQ90B/mxoDe0MWWHw== x-ms-exchange-transport-forked: True Content-Type: multipart/alternative; boundary="_000_D5EB1B293F764DE3A12D2B3A9F5D40E8ciscocom_" MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN6PR11MB1844.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd1bdbef-4fd4-4d7d-1cc1-08d8650800dd X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Sep 2020 06:13:52.0780 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4CFcWiTH5Hs9nqAcXCtPSPuVXHl++Rxb6axP1jDQk+VjWEQHXx/dYXJqmCAuElGHE7og0bmeStJ+64cTHOrtoA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR11MB3794 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.11, xch-aln-001.cisco.com X-Outbound-Node: alln-core-5.cisco.com Archived-At: Subject: Re: [Captive-portals] [EXTERNAL] BoF proposal: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 06:13:59 -0000 --_000_D5EB1B293F764DE3A12D2B3A9F5D40E8ciscocom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 WWl1LA0KDQpUaGFuayB5b3UgZm9yIHlvdXIgcmVwbHkuDQoNCk15IGZpcnN0IHR3byBwb2ludHMg YXJlIGFib3V0IHRoZSB3aWtpIGh0dHBzOi8vdHJhYy50b29scy5pZXRmLm9yZy9ib2YvdHJhYy93 aWtpPGh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMvX19odHRwczovdHJhYy50b29scy5pZXRmLm9y Zy9ib2YvdHJhYy93aWtpX187ISFDUWwzbWNIWDJBIVJTWG1heGtCSDZKQ0VydkVtR0dEN2x1cWFx Q0RjM2Y5d0lpTTZXUkh2a0JtUFpxYWVGTkhCZThQSEFic3ZHRSQ+IHdoZXJlIHRoZSBCb0YgcHJv cG9uZW50cyBzaG91bGQgaW5kaWNhdGUgdGhlIGV4cGVjdGVkIG51bWJlciBvZiBwZW9wbGUgYW5k IHRoZSBwb3RlbnRpYWwgY29uZmxpY3Qgd2l0aCBvdGhlciBXRyBtZWV0aW5ncy4NCg0KV2hpbGUg dGhlIOKAmGV4cGVjdGVkIG51bWJlciBvZiBwZW9wbGXigJkgaXMgbm90IHJlYWxseSByZWxldmFu dCBmb3IgYW4gb24tbGluZSBtZWV0aW5nLCBteSBlc3RpbWF0ZSBpcyB0aGF0IHRoZXJlIHdpbGwg YmUgbW9yZSB0aGFuIDUwIHBhcnRpY2lwYW50cy4NCg0KRmluYWxseSwgaW4gdGhlIGxpc3Qgb2Yg b3RoZXIgV0cgbWVldGluZ3MgdGhhdCBjb3VsZCBjcmVhdGUgYSBjb25mbGljdCBmb3IgdGhlIHBh cnRpY2lwYW50cywgSSBzdWdnZXN0IHRvIGFkZCDigJhjYXBwb3J04oCZIFdHIGh0dHBzOi8vZGF0 YXRyYWNrZXIuaWV0Zi5vcmcvd2cvY2FwcG9ydC9jaGFydGVyLyAodGhpcyBlbWFpbCBpcyBwb3N0 ZWQgb24gdGhpcyBXRyBtZWV0aW5nKSBhcyBJTUhPIGNhcHBvcnQgcGFydGljaXBhbnRzIGNvdWxk IGJlIGludGVyZXN0ZWQgaW4gTUFESU5BUy4NCg0KUmVnYXJkcw0KDQotw6lyaWMNCg0KRnJvbTog IkxlZSwgWWl1IiA8WWl1X0xlZUBjb21jYXN0LmNvbT4NCkRhdGU6IFdlZG5lc2RheSwgMzAgU2Vw dGVtYmVyIDIwMjAgYXQgMDY6MTcNClRvOiBFcmljIFZ5bmNrZSA8ZXZ5bmNrZUBjaXNjby5jb20+ LCAiY2FwdGl2ZS1wb3J0YWxzQGlldGYub3JnIiA8Y2FwdGl2ZS1wb3J0YWxzQGlldGYub3JnPiwg IkxpdmluZ29vZCwgSmFzb24iIDxKYXNvbl9MaXZpbmdvb2RAY29tY2FzdC5jb20+LCAiSmFzb24u V2VpbEBjaGFydGVyLmNvbSIgPEphc29uLldlaWxAY2hhcnRlci5jb20+DQpDYzogTWFnbnVzIFdl c3Rlcmx1bmQgPG1hZ251cy53ZXN0ZXJsdW5kQGVyaWNzc29uLmNvbT4sIEVyaWsgS2xpbmUgPGVr LmlldGZAZ21haWwuY29tPiwgUm9tYW4gRGFueWxpdyA8cmRkQGNlcnQub3JnPiwgQmVuamFtaW4g S2FkdWsgPGthZHVrQG1pdC5lZHU+LCAibWFydGluLmguZHVrZUBnbWFpbC5jb20iIDxtYXJ0aW4u aC5kdWtlQGdtYWlsLmNvbT4NClN1YmplY3Q6IFJlOiBbRVhURVJOQUxdIEJvRiBwcm9wb3NhbDog RXZhbHVhdGUgaW1wYWN0IG9mIE1BQyBhZGRyZXNzIHJhbmRvbWl6YXRpb24gdG8gSVAgYXBwbGlj YXRpb25zDQoNCkhpIEVyaWMsDQoNClNvcnJ5IGZvciB0aGUgZGVsYXkuICBDb21tZW50cyBpbmxp bmU6DQoNClRoYW5rcywNCllpdQ0KDQpGcm9tOiAiRXJpYyBWeW5ja2UgKGV2eW5ja2UpIiA8ZXZ5 bmNrZUBjaXNjby5jb20+DQpEYXRlOiBUdWVzZGF5LCBTZXB0ZW1iZXIgMjksIDIwMjAgYXQgODoz NSBBTQ0KVG86ICJjYXB0aXZlLXBvcnRhbHNAaWV0Zi5vcmciIDxjYXB0aXZlLXBvcnRhbHNAaWV0 Zi5vcmc+LCBKYXNvbiBMaXZpbmdvb2QgPEphc29uX0xpdmluZ29vZEBjYWJsZS5jb21jYXN0LmNv bT4sICJMZWUsIFlpdSIgPFlpdV9MZWVAQ2FibGUuQ29tY2FzdC5jb20+LCAiSmFzb24uV2VpbEBj aGFydGVyLmNvbSIgPEphc29uLldlaWxAY2hhcnRlci5jb20+DQpDYzogTWFnbnVzIFdlc3Rlcmx1 bmQgPG1hZ251cy53ZXN0ZXJsdW5kQGVyaWNzc29uLmNvbT4sIEVyaWsgS2xpbmUgPGVrLmlldGZA Z21haWwuY29tPiwgUm9tYW4gRGFueWxpdyA8cmRkQGNlcnQub3JnPiwgQmVuamFtaW4gS2FkdWsg PGthZHVrQG1pdC5lZHU+LCAibWFydGluLmguZHVrZUBnbWFpbC5jb20iIDxtYXJ0aW4uaC5kdWtl QGdtYWlsLmNvbT4NClN1YmplY3Q6IFtFWFRFUk5BTF0gQm9GIHByb3Bvc2FsOiBFdmFsdWF0ZSBp bXBhY3Qgb2YgTUFDIGFkZHJlc3MgcmFuZG9taXphdGlvbiB0byBJUCBhcHBsaWNhdGlvbnMNCg0K DQpKYXNvbiwgSmFzb24sIFlpdSwNCg0KDQoNCkJhc2VkIG9uIHRoZSBwcmV2aW91cyBlbWFpbCB0 aHJlYWQsIG1heSBJIHN1Z2dlc3QgYSBjb3VwbGUgb2YgaXRlbXMgdG8gaW1wcm92ZSB0aGUgQm9G IHByb3Bvc2FsICh3aWtpL2FnZW5kYSkgPw0KDQotIEkgZ3Vlc3MgdGhhdCB0aGVyZSB3aWxsIGJl IG1vcmUgdGhhbiA1MCBwZW9wbGUgYmFzZWQgb24gdGhlIGluaXRpYWwgcmVhY3Rpb25zDQoNCi0g YWRkaW5nIGNhcHBvcnQgYXMgY29uZmxpY3QgdG8gYmUgYXZvaWRlZCBmb3IgdGhlIEJvRg0KDQpb WUxdIENhbiB5b3UgZWxhYm9yYXRlPw0KDQoNCg0KLSBhZGRpbmcgYSBsaW5rIHRvIGRyYWZ0LWxl ZS1yYW5kb21pemVkLW1hY2FkZHItcHMNCg0KW1lMXSBXaWxsIGRvDQoNCg0KDQotIGFzc3VtaW5n IHRoYXQgaXQgaXMgdG9vIGVhcmx5IHRvIGZvcm0gYSBXRywgcGxlYXNlIHN0YXRlIHRoZSBzdGF0 dXMgb2Yg4oCYbm9uIFdHIGZvcm1pbmfigJkNCg0KW1lMXSBOb3RlZA0KDQoNCg0KLSBwdXR0aW5n ICB0aGUgZGVzY3JpcHRpb24gJiBhZ2VuZGEgb24gdGhlIHdpa2kgaHR0cHM6Ly90cmFjLnRvb2xz LmlldGYub3JnL2JvZi90cmFjL3dpa2k8aHR0cHM6Ly91cmxkZWZlbnNlLmNvbS92My9fX2h0dHBz Oi90cmFjLnRvb2xzLmlldGYub3JnL2JvZi90cmFjL3dpa2lfXzshIUNRbDNtY0hYMkEhUlNYbWF4 a0JINkpDRXJ2RW1HR0Q3bHVxYXFDRGMzZjl3SWlNNldSSHZrQm1QWnFhZUZOSEJlOFBIQWJzdkdF JD4gYmVmb3JlIHRoaXMgRnJpZGF5IDJuZCBvZiBPY3RvYmVyIGRlYWRsaW5lDQoNCltZTF0gV2ls bCB3b3JrIG9uIGl0IHRvbW9ycm93Lg0KDQoNCg0KLSBzdGFydGluZyB0byBmaW5kIGEgcG90ZW50 aWFsIGNoYWlyIHdobyBpcyBub3QgYSBwcm9wb25lbnQNCg0KW1lMXSBPaw0KDQoNCg0KLSBBZGRp bmcgZGlzY3Vzc2lvbiBhYm91dCBwcml2YWN5IGltcGFjdCBvbiB0aGUgYWdlbmRhIGlzIGltcG9y dGFudCBvciBldmVuIGNyaXRpY2FsDQoNCltZTF0gT0sNCg0KDQoNCi0gYWRkaW5nIElFRUUgY29v cmRpbmF0aW9uIGlzIGFsc28gaW1wb3J0YW50IChjb3VsZCBiZSBoYW5kbGVkIGJlZm9yZSB0aGUg cG90ZW50aWFsIEJvRikNCg0KW1lMXSBKVyB3aWxsIGhlbHAgaGVyZS4NCg0KDQoNCg0KDQpNb3Jl IHNwZWNpZmljIHRvIGRyYWZ0LWxlZS1yYW5kb21pemVkLW1hY2FkZHItcHMtMDEsIGhlcmUgYXJl IGEgY291cGxlIG9mIGNvbW1lbnRzIChtb3N0bHkgZGV0YWlscyk6DQoNCi0gICAgICAgICAgTUFD IGFkZHJlc3NlcyBhcmUgbm90IGFsd2F5cyA0OCBiaXRzIGxvbmcNCg0KLSAgICAgICAgICBNQUMg YWRkcmVzc2VzIGFyZSBub3QgYWx3YXlzIGFzc2lnbmVkIGJ5IG1hbnVmYWN0dXJlcnMgKHRoaW5r IFZNKQ0KDQotICAgICAgICAgIFN1Z2dlc3QgdG8gZGlzdGluZ3Vpc2ggYmV0d2VlbiDigJhzdGFi bGXigJkgYW5kIOKAmHN0YXRpY+KAmSBhbmQg4oCYcGVyc2lzdGVudOKAmSBNQUMgYWRkcmVzcw0K DQotICAgICAgICAgIE9mIGNvdXJzZSBCQ1AgMTQgaXMgbm8gbW9yZSBSRkMgMjExOSA7LSkNCg0K LSAgICAgICAgICBQUy0wNCBpcyBtb3JlIGEgcmVxdWlyZW1lbnQgdGhhbiBhIHByb2JsZW0gc3Rh dGVtZW50DQoNCltZXSBXZSB3aWxsIGFkZCB0aGVzZSB0byAwMi4NCg0KDQoNCg0KDQpIb3BlIHRo aXMgaGVscHMgYW5kIGhhcHB5IHRvIGNvbnRpbnVlIHRoZSBkaXNjdXNzaW9uIG9mIGNvdXJzZSA7 LSkNCg0KW1lMXSBUaGFua3MhDQoNCg0KDQoNCg0KLcOpcmljDQo= --_000_D5EB1B293F764DE3A12D2B3A9F5D40E8ciscocom_ Content-Type: text/html; charset="utf-8" Content-ID: <518ADB51011337478D420F799F884B04@namprd11.prod.outlook.com> Content-Transfer-Encoding: base64 PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4 bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj ZQ0KCXtmb250LWZhbWlseTpXaW5nZGluZ3M7DQoJcGFub3NlLTE6NSAwIDAgMCAwIDAgMCAwIDAg MDt9DQpAZm9udC1mYWNlDQoJe2ZvbnQtZmFtaWx5OiJDYW1icmlhIE1hdGgiOw0KCXBhbm9zZS0x OjIgNCA1IDMgNSA0IDYgMyAyIDQ7fQ0KQGZvbnQtZmFjZQ0KCXtmb250LWZhbWlseTpDYWxpYnJp Ow0KCXBhbm9zZS0xOjIgMTUgNSAyIDIgMiA0IDMgMiA0O30NCi8qIFN0eWxlIERlZmluaXRpb25z ICovDQpwLk1zb05vcm1hbCwgbGkuTXNvTm9ybWFsLCBkaXYuTXNvTm9ybWFsDQoJe21hcmdpbjow Y207DQoJZm9udC1zaXplOjExLjBwdDsNCglmb250LWZhbWlseToiQ2FsaWJyaSIsc2Fucy1zZXJp Zjt9DQphOmxpbmssIHNwYW4uTXNvSHlwZXJsaW5rDQoJe21zby1zdHlsZS1wcmlvcml0eTo5OTsN Cgljb2xvcjojMDU2M0MxOw0KCXRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7fQ0KcC5Nc29QbGFp blRleHQsIGxpLk1zb1BsYWluVGV4dCwgZGl2Lk1zb1BsYWluVGV4dA0KCXttc28tc3R5bGUtcHJp b3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQgQ2hhciI7DQoJbWFyZ2luOjBj bTsNCglmb250LXNpemU6MTEuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlm O30NCnNwYW4uUGxhaW5UZXh0Q2hhcg0KCXttc28tc3R5bGUtbmFtZToiUGxhaW4gVGV4dCBDaGFy IjsNCgltc28tc3R5bGUtcHJpb3JpdHk6OTk7DQoJbXNvLXN0eWxlLWxpbms6IlBsYWluIFRleHQi Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmO30NCnNwYW4uRW1haWxTdHlsZTIx DQoJe21zby1zdHlsZS10eXBlOnBlcnNvbmFsLXJlcGx5Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp IixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1zb0NocERlZmF1bHQNCgl7bXNv LXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1zaXplOjEwLjBwdDt9DQpAcGFnZSBXb3Jk U2VjdGlvbjENCgl7c2l6ZTo2MTIuMHB0IDc5Mi4wcHQ7DQoJbWFyZ2luOjcyLjBwdCA3Mi4wcHQg NzIuMHB0IDcyLjBwdDt9DQpkaXYuV29yZFNlY3Rpb24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30N Ci8qIExpc3QgRGVmaW5pdGlvbnMgKi8NCkBsaXN0IGwwDQoJe21zby1saXN0LWlkOjE0MTQ3Mzg0 Nzk7DQoJbXNvLWxpc3QtdHlwZTpoeWJyaWQ7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOjE2MTE3 MTg2NDYgMTQ0OTgzMzIzNCA2NzY5ODY5MSA2NzY5ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5 ODY5MyA2NzY5ODY4OSA2NzY5ODY5MSA2NzY5ODY5Mzt9DQpAbGlzdCBsMDpsZXZlbDENCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Oi07DQoJbXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNhbGlicmkiLHNhbnMtc2VyaWY7DQoJ bXNvLWZhcmVhc3QtZm9udC1mYW1pbHk6Q2FsaWJyaTt9DQpAbGlzdCBsMDpsZXZlbDINCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Om87DQoJbXNvLWxl dmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRl eHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1mYW1pbHk6IkNvdXJpZXIgTmV3Ijt9DQpAbGlzdCBs MDpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10 ZXh0Ou+CpzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBv c2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpXaW5nZGlu Z3M7fQ0KQGxpc3QgbDA6bGV2ZWw0DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsN Cgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJbXNvLWxl dmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJZm9udC1m YW1pbHk6U3ltYm9sO30NCkBsaXN0IGwwOmxldmVsNQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1h dDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ6bzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsN Cglmb250LWZhbWlseToiQ291cmllciBOZXciO30NCkBsaXN0IGwwOmxldmVsNg0KCXttc28tbGV2 ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674KnOw0KCW1zby1sZXZl bC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXItcG9zaXRpb246bGVmdDsNCgl0ZXh0 LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OldpbmdkaW5nczt9DQpAbGlzdCBsMDpsZXZl bDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+C tzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6bm9uZTsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9u OmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxp c3QgbDA6bGV2ZWw4DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2 ZWwtdGV4dDpvOw0KCW1zby1sZXZlbC10YWItc3RvcDpub25lOw0KCW1zby1sZXZlbC1udW1iZXIt cG9zaXRpb246bGVmdDsNCgl0ZXh0LWluZGVudDotMTguMHB0Ow0KCWZvbnQtZmFtaWx5OiJDb3Vy aWVyIE5ldyI7fQ0KQGxpc3QgbDA6bGV2ZWw5DQoJe21zby1sZXZlbC1udW1iZXItZm9ybWF0OmJ1 bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgqc7DQoJbXNvLWxldmVsLXRhYi1zdG9wOm5vbmU7DQoJ bXNvLWxldmVsLW51bWJlci1wb3NpdGlvbjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJ Zm9udC1mYW1pbHk6V2luZ2RpbmdzO30NCkBsaXN0IGwxDQoJe21zby1saXN0LWlkOjE0NDMwNjc0 NjA7DQoJbXNvLWxpc3QtdGVtcGxhdGUtaWRzOi0xMTM2MjQzNjk4O30NCkBsaXN0IGwxOmxldmVs MQ0KCXttc28tbGV2ZWwtbnVtYmVyLWZvcm1hdDpidWxsZXQ7DQoJbXNvLWxldmVsLXRleHQ674K3 Ow0KCW1zby1sZXZlbC10YWItc3RvcDozNi4wcHQ7DQoJbXNvLWxldmVsLW51bWJlci1wb3NpdGlv bjpsZWZ0Ow0KCXRleHQtaW5kZW50Oi0xOC4wcHQ7DQoJbXNvLWFuc2ktZm9udC1zaXplOjEwLjBw dDsNCglmb250LWZhbWlseTpTeW1ib2w7fQ0KQGxpc3QgbDE6bGV2ZWwyDQoJe21zby1sZXZlbC1u dW1iZXItZm9ybWF0OmJ1bGxldDsNCgltc28tbGV2ZWwtdGV4dDrvgrc7DQoJbXNvLWxldmVsLXRh Yi1zdG9wOjcyLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1p bmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5 OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDMNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVs bGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTA4LjBwdDsN Cgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsN Cgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlz dCBsMTpsZXZlbDQNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZl bC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MTQ0LjBwdDsNCgltc28tbGV2ZWwtbnVt YmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250 LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDUNCgl7 bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCglt c28tbGV2ZWwtdGFiLXN0b3A6MTgwLjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxl ZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0K CWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDYNCgl7bXNvLWxldmVsLW51bWJl ci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0 b3A6MjE2LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRl bnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5 bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDcNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0 Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6MjUyLjBwdDsNCglt c28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCglt c28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBs MTpsZXZlbDgNCgl7bXNvLWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10 ZXh0Ou+CtzsNCgltc28tbGV2ZWwtdGFiLXN0b3A6Mjg4LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVy LXBvc2l0aW9uOmxlZnQ7DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNp emU6MTAuMHB0Ow0KCWZvbnQtZmFtaWx5OlN5bWJvbDt9DQpAbGlzdCBsMTpsZXZlbDkNCgl7bXNv LWxldmVsLW51bWJlci1mb3JtYXQ6YnVsbGV0Ow0KCW1zby1sZXZlbC10ZXh0Ou+CtzsNCgltc28t bGV2ZWwtdGFiLXN0b3A6MzI0LjBwdDsNCgltc28tbGV2ZWwtbnVtYmVyLXBvc2l0aW9uOmxlZnQ7 DQoJdGV4dC1pbmRlbnQ6LTE4LjBwdDsNCgltc28tYW5zaS1mb250LXNpemU6MTAuMHB0Ow0KCWZv bnQtZmFtaWx5OlN5bWJvbDt9DQpvbA0KCXttYXJnaW4tYm90dG9tOjBjbTt9DQp1bA0KCXttYXJn aW4tYm90dG9tOjBjbTt9DQotLT48L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHkgbGFuZz0iZW4tQkUi IGxpbms9IiMwNTYzQzEiIHZsaW5rPSJwdXJwbGUiIHN0eWxlPSJ3b3JkLXdyYXA6YnJlYWstd29y ZCI+DQo8ZGl2IGNsYXNzPSJXb3JkU2VjdGlvbjEiPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNw YW4gbGFuZz0iRlIiPllpdSw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIj48c3BhbiBsYW5nPSJGUiI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xh c3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPlRoYW5rIHlvdSBmb3IgeW91ciByZXBs eS48bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5n PSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1h bCI+PHNwYW4gbGFuZz0iRU4tVVMiPk15IGZpcnN0IHR3byBwb2ludHMgYXJlIGFib3V0IHRoZSA8 L3NwYW4+DQp3aWtpIDxhIGhyZWY9Imh0dHBzOi8vdXJsZGVmZW5zZS5jb20vdjMvX19odHRwczov dHJhYy50b29scy5pZXRmLm9yZy9ib2YvdHJhYy93aWtpX187ISFDUWwzbWNIWDJBIVJTWG1heGtC SDZKQ0VydkVtR0dEN2x1cWFxQ0RjM2Y5d0lpTTZXUkh2a0JtUFpxYWVGTkhCZThQSEFic3ZHRSQi Pg0KaHR0cHM6Ly90cmFjLnRvb2xzLmlldGYub3JnL2JvZi90cmFjL3dpa2k8L2E+PHNwYW4gbGFu Zz0iRU4tVVMiPiB3aGVyZSB0aGUgQm9GIHByb3BvbmVudHMgc2hvdWxkIGluZGljYXRlIHRoZSBl eHBlY3RlZCBudW1iZXIgb2YgcGVvcGxlIGFuZCB0aGUgcG90ZW50aWFsIGNvbmZsaWN0IHdpdGgg b3RoZXIgV0cgbWVldGluZ3MuDQo8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNv Tm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPldoaWxlIHRoZSDigJhleHBl Y3RlZCBudW1iZXIgb2YgcGVvcGxl4oCZIGlzIG5vdCByZWFsbHkgcmVsZXZhbnQgZm9yIGFuIG9u LWxpbmUgbWVldGluZywgbXkgZXN0aW1hdGUgaXMgdGhhdCB0aGVyZSB3aWxsIGJlIG1vcmUgdGhh biA1MCBwYXJ0aWNpcGFudHMuPG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwvcD4NCjxw IGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj5GaW5hbGx5LCBpbiB0aGUgbGlz dCBvZiBvdGhlciBXRyBtZWV0aW5ncyB0aGF0IGNvdWxkIGNyZWF0ZSBhIGNvbmZsaWN0IGZvciB0 aGUgcGFydGljaXBhbnRzLCBJIHN1Z2dlc3QgdG8gYWRkIOKAmGNhcHBvcnTigJkgV0cNCjxhIGhy ZWY9Imh0dHBzOi8vZGF0YXRyYWNrZXIuaWV0Zi5vcmcvd2cvY2FwcG9ydC9jaGFydGVyLyI+aHR0 cHM6Ly9kYXRhdHJhY2tlci5pZXRmLm9yZy93Zy9jYXBwb3J0L2NoYXJ0ZXIvPC9hPiAodGhpcyBl bWFpbCBpcyBwb3N0ZWQgb24gdGhpcyBXRyBtZWV0aW5nKSBhcyBJTUhPIGNhcHBvcnQgcGFydGlj aXBhbnRzIGNvdWxkIGJlIGludGVyZXN0ZWQgaW4gTUFESU5BUy48bzpwPjwvbzpwPjwvc3Bhbj48 L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3BhbiBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8 L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMi PlJlZ2FyZHM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh biBsYW5nPSJFTi1VUyI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1z b05vcm1hbCI+PHNwYW4gbGFuZz0iRU4tVVMiPi3DqXJpYzxvOnA+PC9vOnA+PC9zcGFuPjwvcD4N CjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIGxhbmc9IkVOLVVTIj48bzpwPiZuYnNwOzwvbzpw Pjwvc3Bhbj48L3A+DQo8ZGl2IHN0eWxlPSJib3JkZXI6bm9uZTtib3JkZXItdG9wOnNvbGlkICNC NUM0REYgMS4wcHQ7cGFkZGluZzozLjBwdCAwY20gMGNtIDBjbSI+DQo8cCBjbGFzcz0iTXNvTm9y bWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48Yj48c3BhbiBzdHlsZT0iZm9udC1zaXpl OjEyLjBwdDtjb2xvcjpibGFjayI+RnJvbToNCjwvc3Bhbj48L2I+PHNwYW4gc3R5bGU9ImZvbnQt c2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPiZxdW90O0xlZSwgWWl1JnF1b3Q7ICZsdDtZaXVfTGVl QGNvbWNhc3QuY29tJmd0Ozxicj4NCjxiPkRhdGU6IDwvYj5XZWRuZXNkYXksIDMwIFNlcHRlbWJl ciAyMDIwIGF0IDA2OjE3PGJyPg0KPGI+VG86IDwvYj5FcmljIFZ5bmNrZSAmbHQ7ZXZ5bmNrZUBj aXNjby5jb20mZ3Q7LCAmcXVvdDtjYXB0aXZlLXBvcnRhbHNAaWV0Zi5vcmcmcXVvdDsgJmx0O2Nh cHRpdmUtcG9ydGFsc0BpZXRmLm9yZyZndDssICZxdW90O0xpdmluZ29vZCwgSmFzb24mcXVvdDsg Jmx0O0phc29uX0xpdmluZ29vZEBjb21jYXN0LmNvbSZndDssICZxdW90O0phc29uLldlaWxAY2hh cnRlci5jb20mcXVvdDsgJmx0O0phc29uLldlaWxAY2hhcnRlci5jb20mZ3Q7PGJyPg0KPGI+Q2M6 IDwvYj5NYWdudXMgV2VzdGVybHVuZCAmbHQ7bWFnbnVzLndlc3Rlcmx1bmRAZXJpY3Nzb24uY29t Jmd0OywgRXJpayBLbGluZSAmbHQ7ZWsuaWV0ZkBnbWFpbC5jb20mZ3Q7LCBSb21hbiBEYW55bGl3 ICZsdDtyZGRAY2VydC5vcmcmZ3Q7LCBCZW5qYW1pbiBLYWR1ayAmbHQ7a2FkdWtAbWl0LmVkdSZn dDssICZxdW90O21hcnRpbi5oLmR1a2VAZ21haWwuY29tJnF1b3Q7ICZsdDttYXJ0aW4uaC5kdWtl QGdtYWlsLmNvbSZndDs8YnI+DQo8Yj5TdWJqZWN0OiA8L2I+UmU6IFtFWFRFUk5BTF0gQm9GIHBy b3Bvc2FsOiBFdmFsdWF0ZSBpbXBhY3Qgb2YgTUFDIGFkZHJlc3MgcmFuZG9taXphdGlvbiB0byBJ UCBhcHBsaWNhdGlvbnM8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8L2Rpdj4NCjxkaXY+DQo8cCBj bGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij48bzpwPiZuYnNwOzwv bzpwPjwvcD4NCjwvZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0 OjM2LjBwdCI+SGkgRXJpYyw8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0 eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+U29ycnkgZm9yIHRoZSBkZWxh eS4mbmJzcDsgQ29tbWVudHMgaW5saW5lOjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb05v cm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8 cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5UaGFua3MsPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYu MHB0Ij5ZaXU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiIHN0eWxlPSJtYXJn aW4tbGVmdDozNi4wcHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPGRpdiBzdHlsZT0iYm9yZGVy Om5vbmU7Ym9yZGVyLXRvcDpzb2xpZCAjQjVDNERGIDEuMHB0O3BhZGRpbmc6My4wcHQgMGNtIDBj bSAwY20iPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+ PGI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMi4wcHQ7Y29sb3I6YmxhY2siPkZyb206DQo8L3Nw YW4+PC9iPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTIuMHB0O2NvbG9yOmJsYWNrIj4mcXVvdDtF cmljIFZ5bmNrZSAoZXZ5bmNrZSkmcXVvdDsgJmx0O2V2eW5ja2VAY2lzY28uY29tJmd0Ozxicj4N CjxiPkRhdGU6IDwvYj5UdWVzZGF5LCBTZXB0ZW1iZXIgMjksIDIwMjAgYXQgODozNSBBTTxicj4N CjxiPlRvOiA8L2I+JnF1b3Q7Y2FwdGl2ZS1wb3J0YWxzQGlldGYub3JnJnF1b3Q7ICZsdDtjYXB0 aXZlLXBvcnRhbHNAaWV0Zi5vcmcmZ3Q7LCBKYXNvbiBMaXZpbmdvb2QgJmx0O0phc29uX0xpdmlu Z29vZEBjYWJsZS5jb21jYXN0LmNvbSZndDssICZxdW90O0xlZSwgWWl1JnF1b3Q7ICZsdDtZaXVf TGVlQENhYmxlLkNvbWNhc3QuY29tJmd0OywgJnF1b3Q7SmFzb24uV2VpbEBjaGFydGVyLmNvbSZx dW90OyAmbHQ7SmFzb24uV2VpbEBjaGFydGVyLmNvbSZndDs8YnI+DQo8Yj5DYzogPC9iPk1hZ251 cyBXZXN0ZXJsdW5kICZsdDttYWdudXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20mZ3Q7LCBFcmlr IEtsaW5lICZsdDtlay5pZXRmQGdtYWlsLmNvbSZndDssIFJvbWFuIERhbnlsaXcgJmx0O3JkZEBj ZXJ0Lm9yZyZndDssIEJlbmphbWluIEthZHVrICZsdDtrYWR1a0BtaXQuZWR1Jmd0OywgJnF1b3Q7 bWFydGluLmguZHVrZUBnbWFpbC5jb20mcXVvdDsgJmx0O21hcnRpbi5oLmR1a2VAZ21haWwuY29t Jmd0Ozxicj4NCjxiPlN1YmplY3Q6IDwvYj5bRVhURVJOQUxdIEJvRiBwcm9wb3NhbDogRXZhbHVh dGUgaW1wYWN0IG9mIE1BQyBhZGRyZXNzIHJhbmRvbWl6YXRpb24gdG8gSVAgYXBwbGljYXRpb25z PC9zcGFuPjxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8ZGl2Pg0KPHAgY2xhc3M9Ik1zb05vcm1h bCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8L2Rp dj4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPkph c29uLCBKYXNvbiwgWWl1LDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIg c3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5CYXNlZCBvbiB0aGUg cHJldmlvdXMgZW1haWwgdGhyZWFkLCBtYXkgSSBzdWdnZXN0IGEgY291cGxlIG9mIGl0ZW1zIHRv IGltcHJvdmUgdGhlIEJvRiBwcm9wb3NhbCAod2lraS9hZ2VuZGEpID88bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0gSSBn dWVzcyB0aGF0IHRoZXJlIHdpbGwgYmUgbW9yZSB0aGFuIDUwIHBlb3BsZSBiYXNlZCBvbiB0aGUg aW5pdGlhbCByZWFjdGlvbnM8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQi IHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0gYWRkaW5nIGNhcHBvcnQgYXMgY29uZmxpY3Qg dG8gYmUgYXZvaWRlZCBmb3IgdGhlIEJvRjxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+W1lMXSBDYW4geW91IGVsYWJvcmF0 ZT8gPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2lu LWxlZnQ6MzYuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRl eHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0gYWRkaW5nIGEgbGluayB0byBkcmFmdC1s ZWUtcmFuZG9taXplZC1tYWNhZGRyLXBzPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxh aW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5bWUxdIFdpbGwgZG88bzpwPjwvbzpw PjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQi PiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1h cmdpbi1sZWZ0OjM2LjBwdCI+LSBhc3N1bWluZyB0aGF0IGl0IGlzIHRvbyBlYXJseSB0byBmb3Jt IGEgV0csIHBsZWFzZSBzdGF0ZSB0aGUgc3RhdHVzIG9mIOKAmG5vbiBXRyBmb3JtaW5n4oCZPG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij5bWUxdIE5vdGVkPG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0 IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNs YXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi0gcHV0dGluZyAm bmJzcDt0aGUgZGVzY3JpcHRpb24gJmFtcDsgYWdlbmRhIG9uIHRoZSB3aWtpDQo8YSBocmVmPSJo dHRwczovL3VybGRlZmVuc2UuY29tL3YzL19faHR0cHM6L3RyYWMudG9vbHMuaWV0Zi5vcmcvYm9m L3RyYWMvd2lraV9fOyEhQ1FsM21jSFgyQSFSU1htYXhrQkg2SkNFcnZFbUdHRDdsdXFhcUNEYzNm OXdJaU02V1JIdmtCbVBacWFlRk5IQmU4UEhBYnN2R0UkIj4NCmh0dHBzOi8vdHJhYy50b29scy5p ZXRmLm9yZy9ib2YvdHJhYy93aWtpPC9hPiBiZWZvcmUgdGhpcyBGcmlkYXkgMm5kIG9mIE9jdG9i ZXIgZGVhZGxpbmU8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxl PSJtYXJnaW4tbGVmdDozNi4wcHQiPltZTF0gV2lsbCB3b3JrIG9uIGl0IHRvbW9ycm93LjxvOnA+ PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2 LjBwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHls ZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij4tIHN0YXJ0aW5nIHRvIGZpbmQgYSBwb3RlbnRpYWwgY2hh aXIgd2hvIGlzIG5vdCBhIHByb3BvbmVudDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+W1lMXSBPazxvOnA+PC9vOnA+PC9w Pg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5i c3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2lu LWxlZnQ6MzYuMHB0Ij4tIEFkZGluZyBkaXNjdXNzaW9uIGFib3V0IHByaXZhY3kgaW1wYWN0IG9u IHRoZSBhZ2VuZGEgaXMgaW1wb3J0YW50IG9yIGV2ZW4gY3JpdGljYWw8bzpwPjwvbzpwPjwvcD4N CjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPltZTF0g T0s8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4t bGVmdDozNi4wcHQiPiZuYnNwOzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4 dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+LSBhZGRpbmcgSUVFRSBjb29yZGluYXRpb24g aXMgYWxzbyBpbXBvcnRhbnQgKGNvdWxkIGJlIGhhbmRsZWQgYmVmb3JlIHRoZSBwb3RlbnRpYWwg Qm9GKTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdp bi1sZWZ0OjM2LjBwdCI+W1lMXSBKVyB3aWxsIGhlbHAgaGVyZS48bzpwPjwvbzpwPjwvcD4NCjxw IGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPiZuYnNwOzxv OnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0 OjM2LjBwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBz dHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij5Nb3JlIHNwZWNpZmljIHRvIGRyYWZ0LWxlZS1yYW5k b21pemVkLW1hY2FkZHItcHMtMDEsIGhlcmUgYXJlIGEgY291cGxlIG9mIGNvbW1lbnRzIChtb3N0 bHkgZGV0YWlscyk6PG86cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHls ZT0ibWFyZ2luLWxlZnQ6NzIuMHB0O3RleHQtaW5kZW50Oi0xOC4wcHQ7bXNvLWxpc3Q6bDAgbGV2 ZWwxIGxmbzMiPg0KPCFbaWYgIXN1cHBvcnRMaXN0c10+PHNwYW4gc3R5bGU9Im1zby1saXN0Okln bm9yZSI+LTxzcGFuIHN0eWxlPSJmb250OjcuMHB0ICZxdW90O1RpbWVzIE5ldyBSb21hbiZxdW90 OyI+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 DQo8L3NwYW4+PC9zcGFuPjwhW2VuZGlmXT5NQUMgYWRkcmVzc2VzIGFyZSBub3QgYWx3YXlzIDQ4 IGJpdHMgbG9uZzxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9 Im1hcmdpbi1sZWZ0OjcyLjBwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1saXN0OmwwIGxldmVs MSBsZm8zIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJtc28tbGlzdDpJZ25v cmUiPi08c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcgUm9tYW4mcXVvdDsi PiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOw0K PC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+TUFDIGFkZHJlc3NlcyBhcmUgbm90IGFsd2F5cyBhc3Np Z25lZCBieSBtYW51ZmFjdHVyZXJzICh0aGluayBWTSk8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNz PSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDo3Mi4wcHQ7dGV4dC1pbmRlbnQ6LTE4 LjBwdDttc28tbGlzdDpsMCBsZXZlbDEgbGZvMyI+DQo8IVtpZiAhc3VwcG9ydExpc3RzXT48c3Bh biBzdHlsZT0ibXNvLWxpc3Q6SWdub3JlIj4tPHNwYW4gc3R5bGU9ImZvbnQ6Ny4wcHQgJnF1b3Q7 VGltZXMgTmV3IFJvbWFuJnF1b3Q7Ij4mbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJzcDsmbmJz cDsmbmJzcDsmbmJzcDsmbmJzcDsNCjwvc3Bhbj48L3NwYW4+PCFbZW5kaWZdPlN1Z2dlc3QgdG8g ZGlzdGluZ3Vpc2ggYmV0d2VlbiDigJhzdGFibGXigJkgYW5kIOKAmHN0YXRpY+KAmSBhbmQg4oCY cGVyc2lzdGVudOKAmSBNQUMgYWRkcmVzczxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1Bs YWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjcyLjBwdDt0ZXh0LWluZGVudDotMTguMHB0O21z by1saXN0OmwwIGxldmVsMSBsZm8zIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxl PSJtc28tbGlzdDpJZ25vcmUiPi08c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBO ZXcgUm9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+T2YgY291cnNlIEJDUCAxNCBp cyBubyBtb3JlIFJGQyAyMTE5IDstKTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWlu VGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjcyLjBwdDt0ZXh0LWluZGVudDotMTguMHB0O21zby1s aXN0OmwwIGxldmVsMSBsZm8zIj4NCjwhW2lmICFzdXBwb3J0TGlzdHNdPjxzcGFuIHN0eWxlPSJt c28tbGlzdDpJZ25vcmUiPi08c3BhbiBzdHlsZT0iZm9udDo3LjBwdCAmcXVvdDtUaW1lcyBOZXcg Um9tYW4mcXVvdDsiPiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOw0KPC9zcGFuPjwvc3Bhbj48IVtlbmRpZl0+UFMtMDQgaXMgbW9yZSBhIHJlcXVp cmVtZW50IHRoYW4gYSBwcm9ibGVtIHN0YXRlbWVudDxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9 Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+W1ldIFdlIHdpbGwgYWRk IHRoZXNlIHRvIDAyLiA8bzpwPg0KPC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIg c3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5ic3A7PG86cD48L286cD48L3A+DQo8cCBjbGFz cz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6MzYuMHB0Ij4mbmJzcDs8bzpwPjwv bzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0eWxlPSJtYXJnaW4tbGVmdDozNi4w cHQiPkhvcGUgdGhpcyBoZWxwcyBhbmQgaGFwcHkgdG8gY29udGludWUgdGhlIGRpc2N1c3Npb24g b2YgY291cnNlIDstKTxvOnA+PC9vOnA+PC9wPg0KPHAgY2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5 bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+W1lMXSBUaGFua3MhIDxvOnA+PC9vOnA+PC9wPg0KPHAg Y2xhc3M9Ik1zb1BsYWluVGV4dCIgc3R5bGU9Im1hcmdpbi1sZWZ0OjM2LjBwdCI+Jm5ic3A7PG86 cD48L286cD48L3A+DQo8cCBjbGFzcz0iTXNvUGxhaW5UZXh0IiBzdHlsZT0ibWFyZ2luLWxlZnQ6 MzYuMHB0Ij4mbmJzcDs8bzpwPjwvbzpwPjwvcD4NCjxwIGNsYXNzPSJNc29QbGFpblRleHQiIHN0 eWxlPSJtYXJnaW4tbGVmdDozNi4wcHQiPi3DqXJpYzxvOnA+PC9vOnA+PC9wPg0KPC9kaXY+DQo8 L2JvZHk+DQo8L2h0bWw+DQo= --_000_D5EB1B293F764DE3A12D2B3A9F5D40E8ciscocom_-- From nobody Wed Sep 30 00:29:53 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 968B13A129C; Wed, 30 Sep 2020 00:29:51 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.112 X-Spam-Level: X-Spam-Status: No, score=-2.112 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6v5cpWvtu6Iy; Wed, 30 Sep 2020 00:29:49 -0700 (PDT) Received: from fly2.rz.hs-augsburg.de (fly2.RZ.HS-Augsburg.DE [141.82.11.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEE243A133A; Wed, 30 Sep 2020 00:29:29 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by fly2.rz.hs-augsburg.de (Postfix) with ESMTP id 305D81218DD; Wed, 30 Sep 2020 09:29:15 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at hs-augsburg.de Received: from fly2.rz.hs-augsburg.de ([127.0.0.1]) by localhost (fly2.rz.hs-augsburg.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id MqOD9RE1NONv; Wed, 30 Sep 2020 09:29:14 +0200 (CEST) Received: from wat.fritz.box (ppp-93-104-37-92.dynamic.mnet-online.de [93.104.37.92]) by fly2.rz.hs-augsburg.de (Postfix) with ESMTPSA id 177D0121343; Wed, 30 Sep 2020 09:29:13 +0200 (CEST) To: Juan Carlos Zuniga , Peter Yee Cc: int-area@ietf.org, homenet@ietf.org, captive-portals@ietf.org, Stephen Farrell References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <037001d69698$4b7a4cf0$e26ee6d0$@akayla.com> From: Rolf Winter Message-ID: <657595a5-167f-5c85-354a-cefd5310c000@hs-augsburg.de> Date: Wed, 30 Sep 2020 09:29:25 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms030104000303000904010707" Archived-At: Subject: Re: [Captive-portals] [Int-area] [homenet] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 07:29:52 -0000 This is a cryptographically signed message in MIME format. --------------ms030104000303000904010707 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi, these pointers are very useful. Thanks. I would add one more: https://tools.ietf.org/html/rfc8386 We know for a fact that there are protocols out there, even at the=20 application layer, that would thwart efforts to randomize MAC addresses. = Of course you'd have to be connected to the same L2 network, but the=20 IETF meeting network, internet cafes, campus networks... it is not=20 uncommon to be connected at L2 to devices that you probably do not=20 trust, manage, know about. I think a BoF about this general topic would be interesting, but I=20 believe it should be scoped tightly, so the discussion can be focussed. Best, Rolf Am 29.09.20 um 22:10 schrieb Juan Carlos Zuniga: > Indeed, this is a continuation of the work started at IEEE 802 back in = > 2014 after the STRINT Workshop pre-IETF 89 [1] [2]. >=20 > So far IEEE 802 has developed the (soon to be published) 802E Privacy=20 > Recommendations [3], the recommended use of MAC address randomization i= n=20 > 802c [4], and now the work in 802.11 that Peter points out. >=20 > We carried out the experiment on the IETF (x2) and IEEE 802 Wi-Fi=20 > meeting networks and we published some results at the time [5]. Even=20 > though we found some very minor impact on DHCP, the experiment showed=20 > that MAC address randomization=C2=A0worked fine. However, as we pointed= out=20 > the Privacy issues should not stop at L3. >=20 > If there is a good take away from that work, it is that Privacy cannot = > be solved at a single layer, and effective solutions should be system-w= ide. >=20 > Juan Carlos >=20 > [1]=20 > https://mentor.ieee.org/802-ec/dcn/14/ec-14-0043-01-00EC-internet-priva= cy-tutorial.pdf=20 >=20 >=20 > [2] http://www.ieee802.org/PrivRecsg/ >=20 > [3] https://1.ieee802.org/security/802e/ >=20 > [4] https://ieeexplore.ieee.org/document/8016709 >=20 > [5] https://ieeexplore.ieee.org/abstract/document/7390443/ =C2=A0pre-pr= int:=20 > https://www.it.uc3m.es/cjbc/papers/pdf/2015_bernardos_cscn_privacy.pdf >=20 >=20 > On Tue, Sep 29, 2020 at 3:40 PM Peter Yee > wrote: >=20 > On 29/09/2020 12:03, Stephen Farrell wrote: >=20 > > More on-topic, I do think MAC address randomisation has a role t= o > play for WiFi as it does for BLE, but yes there is a lack of > guidance as to how to implement and deploy such techniques well. > It's a bit tricky though as it's fairly OS dependent so maybe not > really in scope for the IETF? > > (For the last 3 years I've set a possible student project in thi= s > space, but each time a student has considered it, it turned out "to= o > hard";-) >=20 > As I mentioned previously, IEEE 802.11 is looking into this area, > both from an operational perspective and from a privacy perspective= =2E > New IEEE 802.11 amendments (IEEE 802.11bh and IEEE 802.11bi, if > approved) are being discussed. The (very) high-level documents > describing each can be found at [1] and [2]. I would be happy to > convey input to IEEE 802.11 regarding either document, particularly= > in regards to layers 3 and above. Without wishing to open up a can > of worms about meeting fees, I will note that IEEE 802.11 is > currently not charging for its online meetings, so if anyone wishes= > to take part in the random MAC address discussions directly, the > next meeting will be held in early November. The RCM Study Group me= t > yesterday morning (Americas) and will meet again in two weeks. See = [3]. >=20 > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -Peter >=20 > [1] > https://mentor.ieee.org/802.11/dcn/20/11-20-0742-04-0rcm-proposed-p= ar-draft.docx > [2] > https://mentor.ieee.org/802.11/dcn/20/11-20-0854-06-0rcm-par-propos= al-for-privacy.pdf > [3] > https://mentor.ieee.org/802.11/dcn/20/11-20-0995-10-0rcm-rcm-sg-age= nda.pptx >=20 >=20 >=20 > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area >=20 >=20 > _______________________________________________ > Int-area mailing list > Int-area@ietf.org > https://www.ietf.org/mailman/listinfo/int-area >=20 --------------ms030104000303000904010707 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC EJMwggUSMIID+qADAgECAgkA4wvV+K8l2YEwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYT AkRFMSswKQYDVQQKDCJULVN5c3RlbXMgRW50ZXJwcmlzZSBTZXJ2aWNlcyBHbWJIMR8wHQYD VQQLDBZULVN5c3RlbXMgVHJ1c3QgQ2VudGVyMSUwIwYDVQQDDBxULVRlbGVTZWMgR2xvYmFs Um9vdCBDbGFzcyAyMB4XDTE2MDIyMjEzMzgyMloXDTMxMDIyMjIzNTk1OVowgZUxCzAJBgNV BAYTAkRFMUUwQwYDVQQKEzxWZXJlaW4genVyIEZvZXJkZXJ1bmcgZWluZXMgRGV1dHNjaGVu IEZvcnNjaHVuZ3NuZXR6ZXMgZS4gVi4xEDAOBgNVBAsTB0RGTi1QS0kxLTArBgNVBAMTJERG Ti1WZXJlaW4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgMjCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAMtg1/9moUHN0vqHl4pzq5lN6mc5WqFggEcVToyVsuXPztNXS43O+FZs FVV2B+pG/cgDRWM+cNSrVICxI5y+NyipCf8FXRgPxJiZN7Mg9mZ4F4fCnQ7MSjLnFp2uDo0p eQcAIFTcFV9Kltd4tjTTwXS1nem/wHdN6r1ZB+BaL2w8pQDcNb1lDY9/Mm3yWmpLYgHurDg0 WUU2SQXaeMpqbVvAgWsRzNI8qIv4cRrKO+KA3Ra0Z3qLNupOkSk9s1FcragMvp0049ENF4N1 xDkesJQLEvHVaY4l9Lg9K7/AjsMeO6W/VRCrKq4Xl14zzsjz9AkH4wKGMUZrAcUQDBHHWekC AwEAAaOCAXQwggFwMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUk+PYMiba1fFKpZFK4OpL 4qIMz+EwHwYDVR0jBBgwFoAUv1kgNgB5oKAia4zV8mHSuCzLgkowEgYDVR0TAQH/BAgwBgEB /wIBAjAzBgNVHSAELDAqMA8GDSsGAQQBga0hgiwBAQQwDQYLKwYBBAGBrSGCLB4wCAYGZ4EM AQICMEwGA1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kwMzM2LnRlbGVzZWMuZGUvcmwvVGVs ZVNlY19HbG9iYWxSb290X0NsYXNzXzIuY3JsMIGGBggrBgEFBQcBAQR6MHgwLAYIKwYBBQUH MAGGIGh0dHA6Ly9vY3NwMDMzNi50ZWxlc2VjLmRlL29jc3ByMEgGCCsGAQUFBzAChjxodHRw Oi8vcGtpMDMzNi50ZWxlc2VjLmRlL2NydC9UZWxlU2VjX0dsb2JhbFJvb3RfQ2xhc3NfMi5j ZXIwDQYJKoZIhvcNAQELBQADggEBAIcL/z4Cm2XIVi3WO5qYi3FP2ropqiH5Ri71sqQPrhE4 eTizDnS6dl2e6BiClmLbTDPo3flq3zK9LExHYFV/53RrtCyD2HlrtrdNUAtmB7Xts5et6u5/ MOaZ/SLick0+hFvu+c+Z6n/XUjkurJgARH5pO7917tALOxrN5fcPImxHhPalR6D90Bo0fa3S PXez7vTXTf/D6OWST1k+kEcQSrCFWMBvf/iu7QhCnh7U3xQuTY+8npTD5+32GPg8SecmqKc2 2CzeIs2LgtjZeOJVEqM7h0S2EQvVDFKvaYwPBt/QolOLV5h7z/0HJPT8vcP9SpIClxvyt7bP ZYoaorVyGTkwggWsMIIElKADAgECAgcbY7rQHiw9MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYD VQQGEwJERTFFMEMGA1UEChM8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hl biBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLEwdERk4tUEtJMS0wKwYDVQQDEyRE Rk4tVmVyZWluIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IDIwHhcNMTYwNTI0MTEzODQwWhcN MzEwMjIyMjM1OTU5WjCBjTELMAkGA1UEBhMCREUxRTBDBgNVBAoMPFZlcmVpbiB6dXIgRm9l cmRlcnVuZyBlaW5lcyBEZXV0c2NoZW4gRm9yc2NodW5nc25ldHplcyBlLiBWLjEQMA4GA1UE CwwHREZOLVBLSTElMCMGA1UEAwwcREZOLVZlcmVpbiBHbG9iYWwgSXNzdWluZyBDQTCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ07eRxH3h+Gy8Zp1xCeOdfZojDbchwFfylf S2jxrRnWTOFrG7ELf6Gr4HuLi9gtzm6IOhDuV+UefwRRNuu6cG1joL6WLkDh0YNMZj0cZGnl m6Stcq5oOVGHecwX064vXWNxSzl660Knl5BpBb+Q/6RAcL0D57+eGIgfn5mITQ5HjUhfZZkQ 0tkqSe3BuS0dnxLLFdM/fx5ULzquk1enfnjK1UriGuXtQX1TX8izKvWKMKztFwUkP7agCwf9 TRqaA1KgNpzeJIdl5Of6x5ZzJBTN0OgbaJ4YWa52fvfRCng8h0uwN89Tyjo4EPPLR22MZD08 WkVKusqAfLjz56dMTM0CAwEAAaOCAgUwggIBMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0P AQH/BAQDAgEGMCkGA1UdIAQiMCAwDQYLKwYBBAGBrSGCLB4wDwYNKwYBBAGBrSGCLAEBBDAd BgNVHQ4EFgQUazqYi/nyU4na4K2yMh4JH+iqO3QwHwYDVR0jBBgwFoAUk+PYMiba1fFKpZFK 4OpL4qIMz+EwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NkcDEucGNhLmRmbi5kZS9n bG9iYWwtcm9vdC1nMi1jYS9wdWIvY3JsL2NhY3JsLmNybDBAoD6gPIY6aHR0cDovL2NkcDIu cGNhLmRmbi5kZS9nbG9iYWwtcm9vdC1nMi1jYS9wdWIvY3JsL2NhY3JsLmNybDCB3QYIKwYB BQUHAQEEgdAwgc0wMwYIKwYBBQUHMAGGJ2h0dHA6Ly9vY3NwLnBjYS5kZm4uZGUvT0NTUC1T ZXJ2ZXIvT0NTUDBKBggrBgEFBQcwAoY+aHR0cDovL2NkcDEucGNhLmRmbi5kZS9nbG9iYWwt cm9vdC1nMi1jYS9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwSgYIKwYBBQUHMAKGPmh0dHA6Ly9j ZHAyLnBjYS5kZm4uZGUvZ2xvYmFsLXJvb3QtZzItY2EvcHViL2NhY2VydC9jYWNlcnQuY3J0 MA0GCSqGSIb3DQEBCwUAA4IBAQCBeEWkTqR/DlXwCbFqPnjMaDWpHPOVnj/z+N9rOHeJLI21 rT7H8pTNoAauusyosa0zCLYkhmI2THhuUPDVbmCNT1IxQ5dGdfBi5G5mUcFCMWdQ5UnnOR7L n8qGSN4IFP8VSytmm6A4nwDO/afr0X9XLchMX9wQEZc+lgQCXISoKTlslPwQkgZ7nu7YRrQb tQMMONncsKk/cQYLsgMHM8KNSGMlJTx6e1du94oFOO+4oK4v9NsH1VuEGMGpuEvObJAaguS5 Pfp38dIfMwK/U+d2+dwmJUFvL6Yb+qQTkPp8ftkLYF3sv8pBoGH7EUkp2KgtdRXYShjqFu9V NCIaE40GMIIFyTCCBLGgAwIBAgIMIhGOo8tlhHjTqtXzMA0GCSqGSIb3DQEBCwUAMIGNMQsw CQYDVQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRz Y2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4tUEtJMSUwIwYDVQQD DBxERk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBMB4XDTE5MTIxMjEwMDYxNVoXDTIyMTIx MTEwMDYxNVowYDELMAkGA1UEBhMCREUxOzA5BgNVBAoMMkhvY2hzY2h1bGUgZnVlciBhbmdl d2FuZHRlIFdpc3NlbnNjaGFmdGVuIEF1Z3NidXJnMRQwEgYDVQQDDAtSb2xmIFdpbnRlcjCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALKi1b7K47u1UEhZwBHwi6mZ+Hogujd8 O5euecdG0GTOGxyaXQHo79LTjC5Vcytfo+FP4/0q3mA+LJ7lz7cpJfH2TrKBseTohl+zvrJE GQfQonuHNUX+1SfcJyENvsQVw1SH+bBIGbocDJY0dnBBUYZGZINxytPGrWbP7v74YhO1N5HK eKeVGc/5U/ePdJRq2ohTtcb6XbbEQkkh7XUcBPauL2vLqHcuhQ+dZZGnnZnBMavCD+E35oBP t6d2iFfG53bu6cQwz0slxVlACSBMlwJw7PgVsyjtXJ+H9Xcj+fbBltHOnR5Ph+6yS08m4t6T orsxpS9s8qCEMOgq79xrGDECAwEAAaOCAlMwggJPMD4GA1UdIAQ3MDUwDwYNKwYBBAGBrSGC LAEBBDAQBg4rBgEEAYGtIYIsAQEEBDAQBg4rBgEEAYGtIYIsAgEEBDAJBgNVHRMEAjAAMA4G A1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHQYDVR0OBBYE FKK+lPMMh+n0mOMxIUxObVp4pZl5MB8GA1UdIwQYMBaAFGs6mIv58lOJ2uCtsjIeCR/oqjt0 MCUGA1UdEQQeMByBGnJvbGYud2ludGVyQGhzLWF1Z3NidXJnLmRlMIGNBgNVHR8EgYUwgYIw P6A9oDuGOWh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9wdWIvY3Js L2NhY3JsLmNybDA/oD2gO4Y5aHR0cDovL2NkcDIucGNhLmRmbi5kZS9kZm4tY2EtZ2xvYmFs LWcyL3B1Yi9jcmwvY2FjcmwuY3JsMIHbBggrBgEFBQcBAQSBzjCByzAzBggrBgEFBQcwAYYn aHR0cDovL29jc3AucGNhLmRmbi5kZS9PQ1NQLVNlcnZlci9PQ1NQMEkGCCsGAQUFBzAChj1o dHRwOi8vY2RwMS5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9iYWwtZzIvcHViL2NhY2VydC9jYWNl cnQuY3J0MEkGCCsGAQUFBzAChj1odHRwOi8vY2RwMi5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9i YWwtZzIvcHViL2NhY2VydC9jYWNlcnQuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQCBv70cEkP0 B/sF/+xmbKmxe7i/mgOFJ3preqvCeq+n24YcX8oIZ+7/1NoHfzePQIZhiLQz+o5WvK4IxX4Q pFrR8337qVMthLVd6WW34XZgyASflT9om+qHoG7DcCNbwU10JazJ1co+NYPdeJ6m583sN723 pUyUXXYqerByAjLgOZsgOWAlRxyc2uSsdHtKzgqmA/nbMtDsMkbY5wBsVy0EO1Q1L8ccdEpA 2How5b2zm4Md0mqz/uvX3wTxLo64/rWJhiJm5wgh7MVCIzMXD960dQ63uB3hM2PY05xC0eYK OF0LW3LXGvuQvR2QshE+SUEeFzN2h4rWKhrjwLY9pcj5MYIECzCCBAcCAQEwgZ4wgY0xCzAJ BgNVBAYTAkRFMUUwQwYDVQQKDDxWZXJlaW4genVyIEZvZXJkZXJ1bmcgZWluZXMgRGV1dHNj aGVuIEZvcnNjaHVuZ3NuZXR6ZXMgZS4gVi4xEDAOBgNVBAsMB0RGTi1QS0kxJTAjBgNVBAMM HERGTi1WZXJlaW4gR2xvYmFsIElzc3VpbmcgQ0ECDCIRjqPLZYR406rV8zANBglghkgBZQME AgEFAKCCAj0wGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAw OTMwMDcyOTI1WjAvBgkqhkiG9w0BCQQxIgQgYCvxpCnt8VZHd0tOfFU6JrYY0tkvAyTtJdE+ gCaWetcwbAYJKoZIhvcNAQkPMV8wXTALBglghkgBZQMEASowCwYJYIZIAWUDBAECMAoGCCqG SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG 9w0DAgIBKDCBrwYJKwYBBAGCNxAEMYGhMIGeMIGNMQswCQYDVQQGEwJERTFFMEMGA1UECgw8 VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVz IGUuIFYuMRAwDgYDVQQLDAdERk4tUEtJMSUwIwYDVQQDDBxERk4tVmVyZWluIEdsb2JhbCBJ c3N1aW5nIENBAgwiEY6jy2WEeNOq1fMwgbEGCyqGSIb3DQEJEAILMYGhoIGeMIGNMQswCQYD VQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVzIERldXRzY2hl biBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4tUEtJMSUwIwYDVQQDDBxE Rk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBAgwiEY6jy2WEeNOq1fMwDQYJKoZIhvcNAQEB BQAEggEARyf2AKvThDzvvu4ib0f/DGn4qUYq/+2LoY7Jlmctpq+oQ8a9Sks9+35cesC39Ads xN6t0X4alSYOfG36+O/KwoJ5yH8/u18Mf3uos4XGbXoHn8CdmOarHTE7P5NSd5ZLqye63MoU qPFYhXulWp21aMNjvw56+HQGrAU/QI45HlGN3lNvGIgXgfMpDkZqEzijnvk45Q445DDoHlhW TZ/jIGt33BeGiyGsY1RqEJaVFLMu2Zh7/SAwLIJSyoYbeGli12LnFXTyYCxX5L0m6h073Ccm akCM1/4V60pprf9arx7Sp7eCfVBQTrdpmIylErg9Kk/6tTPPQx5OWySHbzxDUwAAAAAAAA== --------------ms030104000303000904010707-- From nobody Wed Sep 30 10:16:54 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59C0B3A0CBB; Wed, 30 Sep 2020 10:16:43 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VMOCUJ2hlKIv; Wed, 30 Sep 2020 10:16:40 -0700 (PDT) Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 603003A0C1D; Wed, 30 Sep 2020 10:16:39 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id F27A9389EA; Wed, 30 Sep 2020 13:21:35 -0400 (EDT) Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id n4Bn8OgiqppP; Wed, 30 Sep 2020 13:21:31 -0400 (EDT) Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 4E166389E9; Wed, 30 Sep 2020 13:21:31 -0400 (EDT) Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 133161D5; Wed, 30 Sep 2020 13:16:34 -0400 (EDT) From: Michael Richardson To: Stephen Farrell , "int-area\@ietf.org" , "homenet\@ietf.org" , "captive-portals\@ietf.org" In-Reply-To: References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <23594.1601409377@localhost> X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1 X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 17:16:49 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Stephen Farrell wrote: >> Stephen Farrell wrote: >> >> > On 29/09/2020 19:41, Michael Richardson wrote: >> It will be good = if >> we can get a document from the MAC randomization >> proponents (if >> there is such a group), to explain the thread profile. >> I don't >> think it includes active compromised hosts. >> >> > That is a problem yes. I no longer think "compromised host" is the= > >> correct term there though. In the case of android, we found google >> play > services regularly calls home linking all these identifiers a= nd >> more > (phone#, sim serial, imei...) [1] for Google's own uses. I'd = be >> very >> >> I feel that you have confounded two things, and I don't think it's >> helpful. I won't dispute your observatrions about surveillance >> capitalism, but I feel that you've sensationalized what I thought was >> a pretty specific technical point. Namely: You can't see into the L3 >> layer of WIFI, even when there are ARP broadcasts, unless your are >> also part of that L2 network. > I disagree about sensationalising, obviously;-) > The point is that we tended to think of a compromised host as one that > had been subject to a successful attack often run by an unknown > party. For mobile phones, the privacy adversary seems more often to be > an entity that the phone user has accepted one way or another, whether > that be the OS or handset vendor or whoever wrote that cute spirit- > level app. My take home from your work is that MAC address randomization is a useless waste of time. It causes significant costs to the network operator(s) with= out actually providing any benefit to the mobile phone owner, because the adversary is inside the device, invited in by the owner. In such a situation, MAC randomization feels like security theatre to me. [I'm reminded of various systems of magic in fiction, where you are safe as= long as you don't unwittingly invite the bad guys in] You have defined the security perimeter as being from "top" of the phone. (Between the screen and the human) I have defined the security perimeter as being the "bottom" of the phone (between the phone and the Internet). I think that we can do more here, and I think that the cost to the operator (moving from unencrypted, MAC-address excepted networks, to encrypted 802.1X authenticated networks with provisioned identities) with some correspondant benefits to the operator as well as the end user. > PS: to be clear - the above's not really anti-google - we've seen > similar looking traffic from handset vendors' pre-installed s/w too. Agreed. =2D- ] Never tell me the odds! | ipv6 mesh network= s [ ] Michael Richardson, Sandelman Software Works | IoT architect = [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails = [ =2D- Michael Richardson . o O ( IPv6 I=C3=B8T consulti= ng ) Sandelman Software Works Inc, Ottawa and Worldwide --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEbsyLEzg/qUTA43uogItw+93Q3WUFAl90vXEACgkQgItw+93Q 3WVSnQf/YgKjxRwfctQXHFQskYYDc1WLuNgwlbWM8ZuWVMY+xoRBHgST2g6gWmye akbTekNk7DMVcBDVku1Ns/yWyyvhu7legj/I61HUjTBMm079qb1atyvjbkGtZHsL kx59DgjWU6KrB08WyoXZoz5tJmoZmXUeYP2LKm0ljxJF3VBVtm3yAqjcTSZn6LKt 3GEvw1OinMErAwJjo3BL+mOwAxdVW3HH7A9a+v9h663GNjCuv5rWEDhRN8JxbNXu cP2X6DfZR2UEbXXBOqdbn9zCbmo4yWNSPpyVVgF3WuUfia8pPSReHjK8xFsbF0Ec xYdRedJcQkfPKIjacOfa4NyQM2VmGw== =1Gqj -----END PGP SIGNATURE----- --=-=-=-- From nobody Wed Sep 30 13:03:33 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 263673A0B65; Wed, 30 Sep 2020 13:03:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.212 X-Spam-Level: X-Spam-Status: No, score=-2.212 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.213, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1pRBYBfVbWZe; Wed, 30 Sep 2020 13:03:29 -0700 (PDT) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88A63A0B60; Wed, 30 Sep 2020 13:03:28 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id BAA66BE20; Wed, 30 Sep 2020 21:03:26 +0100 (IST) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2XrbpUksnOK; Wed, 30 Sep 2020 21:03:25 +0100 (IST) Received: from [10.244.2.119] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id D66DEBE1C; Wed, 30 Sep 2020 21:03:24 +0100 (IST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1601496205; bh=W2RPm+96aPf/LdfM4C4GFqR1DH/mOltkgQ08a5Me6B4=; h=Subject:To:References:From:Date:In-Reply-To:From; b=oKMXdkqKfP4SIwiz/2ngF3DZ+8BgDvlew2nw3Texf7u86qCaRpJuWrRiOrU+VHIjB Unkgf0Zq6OhsOJockJvsfqnZ3QrCFR+2duFHyBJMxNNykWw9e6RK33TzMHJ9sIEnKT p8h2ExdYFUcg9uXXsz7lF/zrEewKY5jbqTjkMx+A= To: Michael Richardson , "int-area@ietf.org" , "homenet@ietf.org" , "captive-portals@ietf.org" References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <23594.1601409377@localhost> <7974.1601486194@localhost> From: Stephen Farrell Autocrypt: addr=stephen.farrell@cs.tcd.ie; prefer-encrypt=mutual; keydata= mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nemCP5PMvmh 5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kTq0IqYzsEv5HI58S+ QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtEgvw4fVhVWJuyy3w//0F2tzKr EMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy+pAh4EKzS1FE7BOZp9daMu9MUQmDqtZU bUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqO Vz+7L+WiVfxLbeVqBwV+4uL9to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJg b097ZaNyuY1ETghVB5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k 4LyM2lp5FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9tlyWxn5Xi HzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQABtDJTdGVwaGVuIEZh cnJlbGwgKDIwMTcpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPokCQAQTAQgAKgIbAwUJ CZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAUCWj6jdwIZAQAKCRBasvrxexcr6o7QD/9m x9DPJetmW794RXmNTrbTJ44zc/tJbcLdRBh0KBn9OW/EaAqjDmgNJeCMyJTKr1ywaps8HGUN hLEVkc14NUpgi4/Zkrbi3DmTp25OHj6wXBS5qVMyVynTMEIjOfeFFyxG+48od+Xn7qg6LT7G rHeNf+z/r0v9+8eZ1Ip63kshQDGhhpmRMKu4Ws9ZvTW2ACXkkTFaSGYJj3yIP4R6IgwBYGMz DXFX6nS4LA1s3pcPNxOgrvCyb60AiJZTLcOk/rRrpZtXB1XQc23ZZmrlTkl2HaThL6w3YKdi Ti1NbuMeOxZqtXcUshII45sANm4HuWNTiRh93Bn5bN6ddjgsaXEZBKUBuUaPBl7gQiQJcAlS 3MmGgVS4ZoX8+VaPGpXdQVFyBMRFlOKOC5XJESt7wY0RE2C8PFm+5eywSO/P1fkl9whkMgml 3OEuIQiP2ehRt/HVLMHkoM9CPQ7t6UwdrXrvX+vBZykav8x9U9M6KTgfsXytxUl6Vx5lPMLi 2/Jrsz6Mzh/IVZa3xjhq1OLFSI/tT2ji4FkJDQbO+yYUDhcuqfakDmtWLMxecZsY6O58A/95 8Qni6Xeq+Nh7zJ7wNcQOMoDGj+24di2TX1cKLzdDMWFaWzlNP5dB5VMwS9Wqj1Z6TzKjGjru q8soqohwb2CK9B3wzFg0Bs1iBI+2RuFnxLkCDQRaPVAyARAA+g3R0HzGr/Dl34Y07XqGqzq5 SU0nXIu9u8Ynsxj7gR5qb3HgUWYEWrHW2jHOByXnvkffucf5yzwrsvw8Q8iI8CFHiTYHPpey 4yPVn6R0w/FOMcY70eTIu/k6EEFDlDbs09DtKcrsT9bmN0XoRxITlXwWTufYqUnmS+YkAuk+ TLCtUin7OdaS2uU6Ata3PLQSeM2ZsUQMmYmHPwB9rmf+q2I005AJ9Q1SPQ2KNg/8xOGxo13S VuaSqYRQdpV93RuCOzg4vuXtR+gP0KQrus/P2ZCEPvU9cXF/2MIhXgOz207lv3iE2zGyNXld /n8spvWk+0bH5Zqd9Wcba/rGcBhmX9NKKDARZqjkv/zVEP1X97w1HsNYeUFNcg2lk9zQKb4v l1jx/Uz8ukzH2QNhU4R39dbF/4AwWuSVkGW6bTxHJqGs6YimbfdQqxTzmqFwz3JP0OtXX5q/ 6D4pHwcmJwEiDNzsBLl6skPSQ0Xyq3pua/qAP8MVm+YxCxJQITqZ8qjDLzoe7s9X6FLLC/DA L9kxl5saVSfDbuI3usH/emdtn0NA9/M7nfgih92zD92sl1yQXHT6BDa8xW1j+RU4P+E0wyd7 zgB2UeYgrp2IIcfG+xX2uFG5MJQ/nYfBoiALb0+dQHNHDtFnNGY3Oe8z1M9c5aDG3/s29QbJ +w7hEKKo9YMAEQEAAYkCJQQYAQgADwUCWj1QMgIbDAUJCZQmAAAKCRBasvrxexcr6qwvD/9b Rek3kfN8Q+jGrKl8qwY8HC5s4mhdDJZI/JP2FImf5J2+d5/e8UJ4fcsT79E0/FqX3Z9wZr6h sofPqLh1/YzDsYkZDHTYSGrlWGP/I5kXwUmFnBZHzM3WGrL3S7ZmCYMdudhykxXXjq7M6Do1 oxM8JofrXGtwBTLv5wfvvygJouVCVe87Ge7mCeY5vey1eUi4zSSF1zPpR6gg64w2g4TXM5qt SwkZVOv1g475LsGlYWRuJV8TA67yp1zJI7HkNqCo8KyHX0DPOh9c+Sd9ZX4aqKfqH9HIpnCL AYEgj7vofeix7gM3kQQmwynqq32bQGQBrKJEYp2vfeO30VsVx4dzuuiC5lyjUccVmw5D72J0 FlGrfEm0kw6D1qwyBg0SAMqamKN6XDdjhNAtXIaoA2UMZK/vZGGUKbqTgDdk0fnzOyb2zvXK CiPFKqIPAqKaDHg0JHdGI3KpQdRNLLzgx083EqEc6IAwWA6jSz+6lZDV6XDgF0lYqAYIkg3+ 6OUXUv6plMlwSHquiOc/MQXHfgUP5//Ra5JuiuyCj954FD+MBKIj8eWROfnzyEnBplVHGSDI ZLzL3pvV14dcsoajdeIH45i8DxnVm64BvEFHtLNlnliMrLOrk4shfmWyUqNlzilXN2BTFVFH 4MrnagFdcFnWYp1JPh96ZKjiqBwMv/H0kw== Message-ID: <29958882-d1e0-1b26-c1b2-58c24d820f65@cs.tcd.ie> Date: Wed, 30 Sep 2020 21:03:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <7974.1601486194@localhost> Content-Type: multipart/mixed; boundary="------------637F6EAA38ECF6FF48677D8B" Content-Language: en-US Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 20:03:31 -0000 This is a multi-part message in MIME format. --------------637F6EAA38ECF6FF48677D8B Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Hiya, I don't agree with that conclusion... On 30/09/2020 18:16, Michael Richardson wrote: > My take home from your work is that MAC address randomization is a useless > waste of time. It causes significant costs to the network operator(s) without > actually providing any benefit to the mobile phone owner, because the > adversary is inside the device, invited in by the owner. > In such a situation, MAC randomization feels like security theatre to me. I think MAC address randomisation *alone* isn't very useful but even so still has some utility as it makes some forms of tracking (based purely on a static MAC) harder. IIRC exactly that form of tracking was reported as being done by the security services in Canada linking MACs seen in Pearson with those later seen downtown or something. (I didn't go find the reference so that may be inaccurate.) MAC address randomisation, when well-coupled to changes at other layers can be more beneficial. That is how the GAEN system is designed - the beacon payload (the RPI) is intended to change with the BLE MAC address about every 10 minutes. Getting similar benefits for randomised WiFi MAC addresses with IP and more layers above is hard, but it's still worth having the basic mechanism so that people can try address those harder problems over time. So, no, not "theatre" but far from complete. I'd probably also disagree with you on the practicality of depending on 802.1X outside enterprise environments, but that's a different topic too. Cheers, S. --------------637F6EAA38ECF6FF48677D8B Content-Type: application/pgp-keys; name="0x5AB2FAF17B172BEA.asc" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0x5AB2FAF17B172BEA.asc" -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFo9UDIBEADUH4ZPcUnX5WWRWO4kEkHea5Y5eEvZjSwe/YA+G0nrTuOU9nem CP5PMvmh5Cg8gBTyWyN4Z2+O25p9Tja5zUb+vPMWYvOtokRrp46yhFZOmiS5b6kT q0IqYzsEv5HI58S+QtaFq978CRa4xH9Gi9u4yzUmT03QNIGDXE37honcAM4MOEtE gvw4fVhVWJuyy3w//0F2tzKrEMjmL5VGuD/Q9+G/7abuXiYNNd9ZFjv4625AUWwy +pAh4EKzS1FE7BOZp9daMu9MUQmDqtZUbUv0Q+DnQAB/4tNncejJPz0p2z3MWCp5 iSwHiQvytYgatMp34a50l6CWqa13n6vY8VcPlIqOVz+7L+WiVfxLbeVqBwV+4uL9 to9zLF9IyUvl94lCxpscR2kgRgpM6A5LylRDkR6E0oudFnJgb097ZaNyuY1ETghV B5Uir1GCYChs8NUNumTHXiOkuzk+Gs4DAHx/a78YxBolKHi+esLH8r2k4LyM2lp5 FmBKjG7cGcpBGmWavACYEa7rwAadg4uBx9SHMV5i33vDXQUZcmW0vslQ2Is02NMK 7uB7E7HlVE1IM1zNkVTYYGkKreU8DVQu8qNOtPVE/CdaCJ/pbXoYeHz2B1Nvbl9t lyWxn5XiHzFPJleXc0ksb9SkJokAfwTSZzTxeQPER8la5lsEEPbU/cDTcwARAQAB tCFTdGVwaGVuIEZhcnJlbGwgPHN0ZXBoZW5AamVsbC5pZT6JAj0EEwEIACcFAlo9 UYwCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQWrL68XsXK+qG CxAApYHWYgGOIL3G6/OpkejdAkQoCVQAK8LJUSf6vzwost4iVfxIKcKW/3RqKNKk rRl8beJ7j1CWXAz9+VXAOsE9+zNxXIDgGA7HlvJnhffl+qwibVgiHgUcJFhCSbBr sjC+1uULaTU8zYEyET//GOGPLF+X+degkE/sesh4zcEAjF7fGPnlncdCCH3tvPZZ sdTcjwOCRVonKsDgQzBTCMz/RPBfEFX44HZx4g1UQAcCA4xlucY8QkJEyCrSNGpG nvGK8DcGSmnstl1/a9fnlhpdFxieX3oY2phJ1WKkYTn6Advrek3UP71CKxpgtPmk d3iUUz/VZa0Cv6YxQXskspRDVEvdCMYSQBtJPQ4y2+5UxVR9GIQXenwYp9AP2niv Voh+ITsDWWeWnnvYMq07rSDjq0nGdj41MJkNX+Yb2PXVyXItcj5ybE3T2+y3pSBG FEZYJGuaL4NwtBJFMOdOtBmUOPbetS2971EL3Izxb7ibOZWDwexv+8R6SWYfP1wV N3p46RyBQuXqJV8ccE11m6vtZTGSYgnLUUFZMRQYH+0hwuYe0T3AA18xDdSYsa8v ovCCd3l5S4UNzIM2PMChqGrEzKapUpZg7+8ACcxRU3b9Ihd7WYjJ+pQPCoWYKozv tEvenbNpE/govO/ED3B14e+R2yevRPjRrsN7PJzSf15fQLuJARwEEAEIAAYFAlo9 UqAACgkQLzyHNoBfjaLrSwf+MIHbFRQ4O5cmLYR5sIByWelN3SuRN/gW8rpKo9Ok Cz6An8uV/iCXy5tNMLzzi0BFl8f22DwBcC5qy9qnlIAdogWam1qWoTAoAD8veEqm uKhYrqJsCcAyNrKYmK0hP3rpHxx1LySDmKYXmw/8qtBXKHTouMm+5tSsznhykRMT AAr2p7PSaHgo+hIVaW/rKSspHjDhhZS+G9mtOZad1IH29M6G1Q1NCO0Ywe8krKLQ IAQlFxtgvOqpPOZNzeKBa/+KbE8TGgMWrkOhC8OeEM5PVzdDhlhD9kPzB/pCKDF5 DofJ/ZRqnDpbKPQ0bsW38AOig3kOc0A27awiBEw3urqR1YkCMwQQAQgAHRYhBH4X CgRchM9GDit5oBDvedn9g1MSBQJbtyScAAoJEBDvedn9g1MSI/oP/0A9J9nrnBMq Zpm857lfYWw+rshLK+tyeP4OQeOqnDFvs9jePpcyJLG3DF2r6VbVKPQq+AE6Uf5h cJBDEN6BjEhRPSbLcqG3A1cz/nNwm8rPmNp+oKhmaBBQGxwciMLmzgynsDydnjPp MyEs04zvsbsl4vrp2095o105l8KcrrxQrioFjbwveGwHQK9bxJKhx9D+gIk+MouB ur45UDKTZkMZrr9FGrtkyXCGAxvKdcNC5Oa8z9sj1rcUJfG/OpVAMWhArdlZbFUQ yoX6pU2Zb1CR2qpWAVerGSfBhmfCyStjARqaKxlftjO+Bj3Jj73Cr5eqej3qB5+V 4BCsPjr4RLvVbYUCPsRdxWc+nBLlfVYkRURu21g1hFm5KFPjgUkyo1s4vjUOY8Dy I+xLGF7f/IhUBG6l+Vswhpwu7ydalZkeFiPx5xna5NfbEYxvsIf71DvipGvIOaHv X4egWoFgm8n/9c3rcMxJtpwHPSsUt5dgLsyu6VE0IbvOAc3dN7CWJ355DVFJq9Zg 2YVf0izSpyyzJeGsgkfjW6xpmdvZxuT2UcN4BTcm6vYqueASGrb3lfhzC5gpeVsc /MoSjTS65vNWbpzONZWMZuLEFraxWJzC0JrDK3NCd0VN3kstqGkVbUIiYOnUm8Vu 4zoVMLlGWzHLIGoPRG2nRezn1YyNfyb5iQGcBBABCgAGBQJbxcflAAoJEGo7ETk8 pK1gE7QL/ApC5P68W5DrI1787WJVZv1u4t/g39vTr7Xer3UMTVQg10vpa7pmqOGh jIDzDMg3Pe3K3M7fVzfAlUA1qw6ne4RCueVoRKpubeF4AlYbMr0K6hNCPjt5uAxm bBVuejKTc6pru5rv5gKL0nDbr+Snft5xt7juBLSSimw0/41sZnkjCxo9rF/RA/v6 +uWyK171RKmsEYu8fFtw1eqUNt/Xj792TUixE3pxXheNtQtZGk/9P3W83ChhG4Fh 5EQsn0pIh9wZIAbMRLpgRKyW87fWHZC8/YH8h7afarvn9Thl5pFUldCe22mNJj6K LChn2aEHQd+PdY1GBpZEcmNEUPuovwzatM0h64hCzTm41eDqRfihZVBT7TbfXQnv 8rywa42Mk756RGzzEZcQEhwQXZcMQUfxIQQ2VyJo0zG36VdZTQF7TF/4Lz7/3cJ5 6jOIm+dwPXtu+C2wAQuD4USOLt4JWPYpqzDfHYJIND/497P9Z9SuQeahr2ez3DRB g3qsHEjBV7QyU3RlcGhlbiBGYXJyZWxsICgyMDE3KSA8c3RlcGhlbi5mYXJyZWxs QGNzLnRjZC5pZT6JAkAEEwEIACoCGwMFCQmUJgAFCwkIBwIGFQgJCgsCBBYCAwEC HgECF4AFAlo+o3cCGQEACgkQWrL68XsXK+qO0A//ZsfQzyXrZlu/eEV5jU620yeO M3P7SW3C3UQYdCgZ/TlvxGgKow5oDSXgjMiUyq9csGqbPBxlDYSxFZHNeDVKYIuP 2ZK24tw5k6duTh4+sFwUualTMlcp0zBCIzn3hRcsRvuPKHfl5+6oOi0+xqx3jX/s /69L/fvHmdSKet5LIUAxoYaZkTCruFrPWb01tgAl5JExWkhmCY98iD+EeiIMAWBj Mw1xV+p0uCwNbN6XDzcToK7wsm+tAIiWUy3DpP60a6WbVwdV0HNt2WZq5U5Jdh2k 4S+sN2CnYk4tTW7jHjsWarV3FLISCOObADZuB7ljU4kYfdwZ+WzenXY4LGlxGQSl AblGjwZe4EIkCXAJUtzJhoFUuGaF/PlWjxqV3UFRcgTERZTijguVyREre8GNERNg vDxZvuXssEjvz9X5JfcIZDIJpdzhLiEIj9noUbfx1SzB5KDPQj0O7elMHa1671/r wWcpGr/MfVPTOik4H7F8rcVJelceZTzC4tvya7M+jM4fyFWWt8Y4atTixUiP7U9o 4uBZCQ0GzvsmFA4XLqn2pA5rVizMXnGbGOjufAP/efEJ4ul3qvjYe8ye8DXEDjKA xo/tuHYtk19XCi83QzFhWls5TT+XQeVTMEvVqo9Wek8yoxo67qvLKKqIcG9givQd 8MxYNAbNYgSPtkbhZ8SJARwEEAEIAAYFAlo9UqAACgkQLzyHNoBfjaLzHAgAlWT6 NXEGtw/r1miKNGcopzvzILQ9oB8rKI9U9EL6tOf/y2V5oYee/GyQDb3ZdoPxxYYc Jf+RyiH1nMoqUIZiZJaf3bJXinDZ5+AdfE++UR2NBvqaNyC6u3r24jo1B/sagKbY tWgsYtRqHLD4IWi37MZrVyjBuF7u14Q07+uhjq6mX2O/tHpCYw/Q82tbeTRPyUf1 WQOAfD1kfBpW9PvAva5Iw9FWeXpCXRzwxnCZhYfGfqtuSw6CPBYLdbikqML6FZ7E DuTBb/8um1wK7Y9bgeIQC+CYjhYB5RXa1tDJRab2Js4luCvSR0w/CgHw26293tlv e2Q6UTrmHxP5U22DlokCPQQTAQgAJwUCWj1QMgIbAwUJCZQmAAULCQgHAgYVCAkK CwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6tJpD/4rrILH+meP07vrx8wW5eYuqCiP GYnh/CXxIF8eLrfbe5d4QRgtq+w6UeQPMyzKRIRiCoBXB2oJLBZHyxBPxZlg33dT MrEGn8QWKx2iNuz9rZMXyOSWFetuO01d/aUPd5BnbLbIyK5of8xCQlXM6KH8bc+9 gQ7edR9mfLTdvBf2FR522hg8BRBM1imKc3vO8v39+qIHHRjuiwxBBCAOhHtHRsZX ripS0uFA07dM46Oi/E8osjx6fQt/lH5z/PN+2adxYSrLSAXfr1oD3RxYNhuWgyGF L64/VCQb1YGjf0Z5MBPnWm9jgUoOY5K9eNSS0L83WeJjlF5+Q/WOgB+rb49Prm2D Feo9+S9f2V53Llz1WIspXJg6f+n9lmHE94MfQj1GAHCzI0FeL19lvM+LhD8jJSCb hrC3+yobyy/AUOs5Z3E+njjX1FF/VCVAs6iOa6i+XG+Y1hh3ir2y1kckJ5auT10M SU8GEZu9ayU4M3o3N9yxOjaoP0NuQ4MMLL/n/u4u94AeZaHPNBXn/hVfVRRmpRXt GKvJtFAEppGEYezB+bLKIm6XlpPkhnwYzleLZ7AMEco2C6QM8QPB3g3JpS3sqRhA 5rEP4lL16BmijmF+CHoPE/zwgKZbKpyVDqvIW5IDgvfIC2X4pbZDRvGIUKaGSB4+ ksZgUUnNyvfQr2p7jokCMwQQAQgAHRYhBH4XCgRchM9GDit5oBDvedn9g1MSBQJb tySbAAoJEBDvedn9g1MSeKkQAJm44jt1kwHgQgeDBKdjdvl0AjE0xVEQxriZ6lP/ l//34YT0auFfzsYIrChSpQXAEtobBAr4Ohw1Us+BZe+H5P8vm6LRuPwozC3SjwfX 4Iec8+9ot6tIVg4sbedDSgb/CCFVjsmIGcQ1P73JLJTBJ6mxYCV/gn3QC6bwDOFo 7kD9FDHCjRN8XfhHQ4Q9cYyt06uF31qG/aumgWYC9geCGgAwiHgwxNYb9GoJ0iZj CROwbYvLTcQgsVUW2bTmsVR13UVKDsdl02sRV7qcVYW6R0a3Ra8KudX+nt25H5DR Gd382KZ5W8pydsy/viTvD9z6v0ulChBYxAedIvGIClrhbxlLEPmIg4ImVOLGqsUg Vm32J95WOjEkk4PEZ12xSDBtwhSJqmJNboWlfmw43KdIbY8zNhffIO3N6O7FsdGx mqyHeLoTpqY+ySVUPpbuyW8ujnI/J//+6hdTZ9dQsEJQlWngKuWOQ5ma58MPSN88 zllsqhZAFQjNxqnkSzL6ZQ+v/jvuRRe16B80AeO55DsmbWsMv/YLLD1mSi7+Khy2 EtMBhgojWwrGMvdLN6X3mnzNJEscYyLxM9tSk+iySP2sLthK0BVgpAzBSdaf/ezI z60P+neHDzteNFf8Mn7lmgYk1amvZoJ29s5+n2HwxyRL5dVMyMdyQmntubbctfqr Z0tIiQGcBBABCgAGBQJbxcflAAoJEGo7ETk8pK1gnCYMAJY4FeIYjlIXGghFWzsB 4fYwK1+iaFpU3fSto5qcrqVtVPjXpwqczqBWeXGyQxiB0kan4OVAXydIeaP8EAuF CA7paP3s9STLJBO3KurkwyRkPW5zo0X7xVqaVToRsX2Ul98KVJoHYQD1KdezEtwl vpNwiiBr42AYR751Vm6JBVAbQXuFpB3c8bUV0OkkRxNFtL8/2PieHar58n5dntGk bPlPkztahsFqktgacIgXHX5vaT+7YeeZ1DWLOYjGO0wNhkOSeroCmxwJUikU7joB p823L7r5KfpqWTPpSCzVstQKZUGmmoE1qCswY/Ud5wvp9SccpIILkRXj0rZRtfnE 5MpL3hjmtNzfDd9qIsJtBJlSB2hZwAsVm1l+EWN9hG3tqyA43niUMy2n6q690of3 berSiQ+kvY/aC9Hx8I+bKzOV9/J2VUTqfaPZa4Uy2rVX5Q2p69n/PMj7mEer0rCL 3j9V16J9c+s0BSkXoKdtYdB0TWVhBgUybd9qtYcwHWvhP7QuU3RlcGhlbiBGYXJy ZWxsIDxzdGVwaGVuQHRvbGVyYW50bmV0d29ya3MuY29tPokCPQQTAQgAJwUCWj1R WgIbAwUJCZQmAAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBasvrxexcr6jsc EADEcB0WQEZn2AkrzDs1RhL0Lp6cZi0BigofkbcGfdhJyMSs19C0dhvncrAFClVI 6/Udw3yFtDyYtOCf2W3M3A1K6/RfEizCLzTsdFIhni9gOJLlUpXViQtgrlstjk7h qVV3Ooz4BlCqS4cG7rfqf4LQQPpTAuFUEV9I28FBUB2irqC+v4gTysIgpMw0bA1y BU9sX5jE/tRkzqnuzZrkwiobDtRFJ9qp+7O2JtcY4EsVtLAsaodJKc5cF8R4OvB1 n66vxxcgg9Eh4JNWZ47xsaCmAGo1Bcb2jIY35OtgAL7gCGLRSMKTtAaPy1/fEgIq hCljJ9x40Fkn/3r2BX21WC9HFSPFTBz2RluLRzxdgxOrkYK8EiHUPoE5b1AEzZKw 2AbeXfr57f5zYsN3IqfbQLUjMYtUN1wK3Pjb+idD972wyXMWt8uOzlI7b9Ocu+nY m2whBfJv9Pmp3QYTmPz+LB9lH65VNVUSxSXVr5iWXO3qx1HtEiGEqkporMQCTh3T 5Ud3PvMSRBFFKNs9WhJ/Lxz+SV30WLwG6dr5mQqlzAhb4Phc/zekZyXRdS/oDKrB LUucS36O//49JeyRi1QvOfxnfmIqRIAf/k3PoYJmTo5E82//r5Qj3YGlRu78ba0H Arxs+ACD6AnEHHcbswpbtVEKYzlSu0Ar0Dc7vRWM/IyQdIkBHAQQAQgABgUCWj1S oAAKCRAvPIc2gF+NosIsB/9f/29FNla3BJfGIEIDnhrqGD0i9bSa89SqBd++uG06 TQgW5wsqtNcrwn81yZTq6XE6i9VtD4GKfqC0d4KZJr9bnbeD81cI64VOdL8zJWJs 0vj5EIXCobKyX74Kb4uePUyZqwT2Q74I116u/HwA9/FXsPo5isbh4ZqD4t0VHpWk mfq1FPT9a/JPyX46qKqB2Fce/7Qy+SQP1NfkuUlbhUH/JG9aSSYvk3lznNiH41x9 M+FDlL106itXOubrl3oi2fT3fsSedq7uzt+IV0DQEeNaoQAUuwEhdB8IWOMqN2wo DjGVKJftfsSWY9ilZrnDBNDrp0vRqcx33LUMkIw4d7iBiQIzBBABCAAdFiEEfhcK BFyEz0YOK3mgEO952f2DUxIFAlu3JJwACgkQEO952f2DUxJjuw/6ApHSsVTWD4a0 H6FJ23A9Ftpy+aXZ4vYlzkSrfsn2ECrEfK3lXQh/uzwjJUDYZeB1/BQsFZtcYNQO JSSHbQ49BFRLwb1J/wBZG4bbmrkLxnNbKDKQvzxEpclkMW0Dj0J6o7kGrmzIGGrh B+JJN99AcineHRug8ZSFIERRCmigxdhAKU0BFD7P+5HNHltSL3DF1c2fFOf2JrgB KVoE+9RhMZjWNbYetFFLCkjXb5Rpay9zeMm1DxfSTGAnuOwUXW6qq4hnl5+VC/48 ceDZElLLfu7RQUZv44pkSTOWZs+iQoJiHMFHk9wPqyB2Vok1yJ2a2j27WhXrJlPw nZbgJO5RyWDG3p/eVmpl5Uuc2dsfIpR17KnAuWpghK6V+cyFncDoGCl/YG2Mvool sW08FiZh3Ej4dnJjj25TZkeFG74JJDXLvMYpJfSBGnmETv4Dhcm2xPqVMuFuL1qJ lMbVLrMo2GXeo03OzNyvbs+u8WLIaGm5hC7N1CXY8wZs4jo6OJ/expvnc07dEuws 4zT3AiWv3nIouWReRStZy9QkavDocqbyPmilcdPCYk4BsOlzpwwO74hNG7iyl0Kd AlwTxGQ7y0rJou6HYa1TmRhIEr3vKvlW+JfUUrqtjXgsuacTXo4+Ira2JUErL2cY zQMq1j4r1ZyhFnuz93s7Rsx/Nw0+0YuJAZwEEAEKAAYFAlvFx+UACgkQajsROTyk rWCJqwv+NLVPE4sD4sDA2/6Ek7UsRIUkg+S39fhqWsLc4rtw/mDunv8Un61I3K04 fZ2Ry4nF9hZM0a710UvXFbStvrzRJO3EAAcdJR9LTCd19e8UeruQbIee3YT91U4N kC9JMpecfq62/teOAU2e5P3fWYaLs5ZX7zCLwWuBcW2l3SyoljQczM85HhJ3XHm+ FnwQ6D9xRle+lvWTcuC9d1yAyUb8IOospcL2lJTmy8e3r79R24hPlSB4LDe0wEN8 AXbagrcAQZjwyaHyWxjJbTwZ0b43WGdfIqZ1ElOeoffbketPGRmWvx5xUvb2ALFB BdETzV270gs5XDJgJ1SIIKOyDADxwvroTe2jD8C/841eEql5QSow3s/U3zRqk3mt tto8Qw/DN71aeh6dmYSsvd2UjsHw/vofOPRBGxZLEkKTEvMnhmMW9hiKPkPia+Qg evYE020qpKSxLEdWA8nprHwxmGiDNesCfXSC6vm1qfyj5g8HzxSckq9ZaMhKMCo7 vxflUEDuuQINBFo9UDIBEAD6DdHQfMav8OXfhjTteoarOrlJTSdci727xiezGPuB HmpvceBRZgRasdbaMc4HJee+R9+5x/nLPCuy/DxDyIjwIUeJNgc+l7LjI9WfpHTD 8U4xxjvR5Mi7+ToQQUOUNuzT0O0pyuxP1uY3RehHEhOVfBZO59ipSeZL5iQC6T5M sK1SKfs51pLa5ToC1rc8tBJ4zZmxRAyZiYc/AH2uZ/6rYjTTkAn1DVI9DYo2D/zE 4bGjXdJW5pKphFB2lX3dG4I7ODi+5e1H6A/QpCu6z8/ZkIQ+9T1xcX/YwiFeA7Pb TuW/eITbMbI1eV3+fyym9aT7Rsflmp31Zxtr+sZwGGZf00ooMBFmqOS//NUQ/Vf3 vDUew1h5QU1yDaWT3NApvi+XWPH9TPy6TMfZA2FThHf11sX/gDBa5JWQZbptPEcm oazpiKZt91CrFPOaoXDPck/Q61dfmr/oPikfByYnASIM3OwEuXqyQ9JDRfKrem5r +oA/wxWb5jELElAhOpnyqMMvOh7uz1foUssL8MAv2TGXmxpVJ8Nu4je6wf96Z22f Q0D38zud+CKH3bMP3ayXXJBcdPoENrzFbWP5FTg/4TTDJ3vOAHZR5iCunYghx8b7 Ffa4UbkwlD+dh8GiIAtvT51Ac0cO0Wc0Zjc57zPUz1zloMbf+zb1Bsn7DuEQoqj1 gwARAQABiQIlBBgBCAAPBQJaPVAyAhsMBQkJlCYAAAoJEFqy+vF7FyvqrC8P/1tF 6TeR83xD6MasqXyrBjwcLmziaF0Mlkj8k/YUiZ/knb53n97xQnh9yxPv0TT8Wpfd n3BmvqGyh8+ouHX9jMOxiRkMdNhIauVYY/8jmRfBSYWcFkfMzdYasvdLtmYJgx25 2HKTFdeOrszoOjWjEzwmh+tca3AFMu/nB++/KAmi5UJV7zsZ7uYJ5jm97LV5SLjN JIXXM+lHqCDrjDaDhNczmq1LCRlU6/WDjvkuwaVhZG4lXxMDrvKnXMkjseQ2oKjw rIdfQM86H1z5J31lfhqop+of0cimcIsBgSCPu+h96LHuAzeRBCbDKeqrfZtAZAGs okRina9947fRWxXHh3O66ILmXKNRxxWbDkPvYnQWUat8SbSTDoPWrDIGDRIAypqY o3pcN2OE0C1chqgDZQxkr+9kYZQpupOAN2TR+fM7JvbO9coKI8Uqog8CopoMeDQk d0YjcqlB1E0svODHTzcSoRzogDBYDqNLP7qVkNXpcOAXSVioBgiSDf7o5RdS/qmU yXBIeq6I5z8xBcd+BQ/n/9Frkm6K7IKP3ngUP4wEoiPx5ZE5+fPIScGmVUcZIMhk vMvem9XXh1yyhqN14gfjmLwPGdWbrgG8QUe0s2WeWIyss6uTiyF+ZbJSo2XOKVc3 YFMVUUfgyudqAV1wWdZinUk+H3pkqOKoHAy/8fST =YzQY -----END PGP PUBLIC KEY BLOCK----- --------------637F6EAA38ECF6FF48677D8B-- From nobody Wed Sep 30 14:58:13 2020 Return-Path: X-Original-To: captive-portals@ietfa.amsl.com Delivered-To: captive-portals@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E29123A0CA7; Wed, 30 Sep 2020 14:58:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.897 X-Spam-Level: X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ITici8MXSRIh; Wed, 30 Sep 2020 14:58:05 -0700 (PDT) Received: from gabriel-vm-2.zfn.uni-bremen.de (gabriel-vm-2.zfn.uni-bremen.de [134.102.50.17]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35DD63A0C99; Wed, 30 Sep 2020 14:58:04 -0700 (PDT) Received: from [192.168.217.118] (p548dcc60.dip0.t-ipconnect.de [84.141.204.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by gabriel-vm-2.zfn.uni-bremen.de (Postfix) with ESMTPSA id 4C1qrC1VdtzyTK; Wed, 30 Sep 2020 23:58:03 +0200 (CEST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) From: Carsten Bormann In-Reply-To: <7974.1601486194@localhost> Date: Wed, 30 Sep 2020 23:58:02 +0200 Cc: Stephen Farrell , "int-area@ietf.org" , "homenet@ietf.org" , "captive-portals@ietf.org" X-Mao-Original-Outgoing-Id: 623195882.77151-60bd5cd254de570e0725c598e578c291 Content-Transfer-Encoding: quoted-printable Message-Id: <18D60CF9-7A39-4A75-B30E-80E801B54DB2@tzi.org> References: <20200922201317.097C3389D4@tuna.sandelman.ca> <15660.1600807202@localhost> <902400f2-9172-9581-25ab-59ad08e67bee@cs.tcd.ie> <0A436777-D9CE-4A4C-BE45-C8C2CAB9FBF6@comcast.com> <29901277-6da1-46fc-b244-ca289005841d@www.fastmail.com> <19117.1601400596@localhost> <4215.1601404884@localhost> <3a4b39c8-6b71-5d84-1422-3470c3b01591@cs.tcd.ie> <23594.1601409377@localhost> <7974.1601486194@localhost> To: Michael Richardson X-Mailer: Apple Mail (2.3608.120.23.2.4) Archived-At: Subject: Re: [Captive-portals] [homenet] [Int-area] [EXTERNAL] Re: Evaluate impact of MAC address randomization to IP applications X-BeenThere: captive-portals@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion of issues related to captive portals List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2020 21:58:08 -0000 On 2020-09-30, at 19:16, Michael Richardson = wrote: >=20 > the > adversary There may be more than one. Of course, if you want to attack privacy, being Google or Facebook gives = you unique opportunities. That doesn=E2=80=99t mean you don=E2=80=99t want to have a seat belt any = more if you have lane-keeping assistance. Gr=C3=BC=C3=9Fe, Carsten