I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at . Document: draft-ietf-madinas-use-cases-13 Reviewer: Thomas Fossati Review Date: 2024-11-22 IETF LC End Date: 2024-11-28 IESG Telechat date: Not scheduled for a telechat Summary: The document discusses use cases and the impact on network operations of RCM (Randomized and Changing MAC addresses). It's an informational document that contains good information, so it's doing the right thing. Thanks, editors and MADINAS WG. It's this one reviewer's personal opinion that a little more conciseness would improve its effectiveness. But that's subjective. From a Gen-ART perspective, there are no major or minor issues. Some editorial nits (in --word-diff format): * client [-Operation-]{+Operating+} System vendors * and a [-set-]{+range+} of network services * [-Internet-of- Thing-]{+Internet-of-Thing+} (IoT) devices * an over-the-air [-technology, on which-]{+technology that allows+} attackers with surveillance equipment [-can "monitor"-]{+to monitor+} WLAN packets * for attackers to "monitor" the WLAN [-packers-]{+packets+} behind the Wi-Fi Access Point (AP) * without the [-user-]{+user's+} consent. * and its [-owner's,-]{+owner,+} multiple [-clients,-]{+clients+} and client OS vendors have started [-to implement-]{+implementing+} * to construct {+a+} persistent association * using one [-particular-]{+specific+} device * but others where[-the-] user privacy * It is useful for [-implemementations-]{+implementions+} of [-clients-]{+client+} and network devices to enumerate services that may be affected by [-RCM,-]{+RCM+} and evaluate possible solutions to maintain both the quality of user experience and network efficiency while RCM [-happens-]{+is in effect+} and user privacy is [-reinforced.-]{+strengthened.+} This document presents [-such assessment-]{+these assessments+} and recommendations. * Section 4 examines the [-Trust degrees.-]{+degrees of trust between personal devices and the entities at play in a network domain.+}. * needs to be [-identified,-]{+identified+} either as the target destination of a [-message,-]{+message+} * identify the destination address[-either-] as an individual * is considered[-as-] locally administered * smart [-thermostat)-]{+thermostats) * when the [-U/ L-]{+U/L+} bit is set to 1. * this scenario [-became-]{+has become+} very common. * Section 6.2 of [-[IEEE_802].-]{+[IEEE_802]:+} * Shared Service Device, [-which-]{+whose+} functions are used by[-a number of people large-] enough {+people+} * a [-machine, a node,-]{+machine or node+} primarily used by a single person or small group of people,[-and-] so that any identification of the device or its traffic can also be associated [-to-]{+with+} the identification of the primary user or their [-traffic.-]{+online activity.+} * [-The identification of-]{+Identifying+} the device is trivial if [-the device expresses-]{+it has+} a uni que MAC address. [-Then, the detection of-]{+Once this unique MAC address is established, detecting any+} elements {+that+} directly or indirectly [-identifying-]{+identify+} the user of the device (Personally Identifiable Information, or PII) is [-sufficient-]{+enough+} to [-tie-]{+link+} the MAC address to [-a-]{+that specific+} user. Then, any detection of traffic that can be associated [-to-]{+with+} the device [-becomes-]{+will+} also [-associated with-]{+be linked to+} the known user of that device (Personally Correlated Information, or PCI). * identify the transmitter,[-so as-] to use the right decryption key * address [-instead,-]{+instead+} and change the address * Additionally, upper [-protocal-]{+protocol+} layers (e.g., application layer) have been designed with the assumption that each node on the [-LAN,-]{+LAN+} using these [-services, would-]{+services will+} have a MAC address that [-would stay the same-]{+remains consistent+} over [-time, and that this document calls-]{+time. This type of MAC address is referred to as+} a [-'persistent'-]{+"persistent"+} MAC [-address.-]{+address in this document.+} * they actively participate [-to-]{+in+} these exchanges * some others are [-humans-]{+human+} (or related) entities. * source or destination[-so as-] to successfully continue exchanging frames. * Part of the identification includes [-recording,-]{+recording+} and adapting [-to, devices-]{+to devices’+} communication capabilities * keying [-material)-]{+material),+} allowing the device session to continue seamlessly * about the [-roam,-]{+roam+} to ensure that * layer-2 [-devices, and-]{+devices and,+} as [-such-]{+such,+} they bridge * another [-(e.g.,IEEE-]{+(e.g., IEEE+} 802.3 * IEEE 802.3 [-technologies, and-]{+technologies and,+} as [-such-]{+such,+} operate on the expectation that each device is associated [-to-]{+with+} a MAC address that persists for the duration of continuous exchanges. * associate MAC addresses [-to-]{+with+} individual ports[-(so as-] to know which port to send a frame intended for a particular MAC [-address).-]{+address.+} * use the [-device-]{+device's+} MAC address * [-802.1X- enabled-]{+802.1X-enabled+} [IEEE_802.1X] devices * in {+a+} blocking state * also implements [-mechanism-]{+mechanisms+} * IP forwarding [-services,-]{+services+} but rely on the device MAC address * operate at upper [-layers,-]{+layers+} but also rely upon the 802 principle of unique [-MAC-to- device-]{+MAC-to-device+} mapping. * actively participate [-to-]{+in+} the network structure and operations * any point of {+the+} network lifecycle. * users or people operating[-the-] wireless networks. * able to read [-individual transmissions-]{+the+} MAC [-addresses.-]{+addresses of individual transmissions.+} * a physical device and [-it-]{+its+} associated location. * [-It can happen that an-]{+An+} OTA observer [-has-]{+may have+} a legitimate reason to monitor a particular device, for [-example-]{+example,+} for IT support operations. However,[-it is difficult to control if-] another actor {+might+} also [-monitors-]{+monitor+} the same [-station with the goal of obtaining-]{+device to obtain+} PII or PCI. * wireless access networks [-are only provided-]{+host+} devices [-matching-]{+that meet+} specific requirements * liability associated [-to-]{+with+} the activity * [-Over the air-]{+Over-the-air+} (OTA) observers: * A [-Broadcast Domain-]{+broadcast domain+} is a logical [-division-]{+segment+} of a network[-where a device-] in [-the division-]{+which devices+} can send, [-receive-]{+receive,+} and monitor data frames from all {+other+} devices [-in-]{+within+} the same [-division.-]{+segment.+} * [-frames-]{+frame+} headers are removed * not visible [-anymore,-]{+anymore+} unless * (e.g., [-pre- [RFC4941]-]{+pre-[RFC4941]+} * not able to see the [-device-]{+device's+} MAC address. * 4.[-Trust-] Degrees {+of Trust+} * the MAC address of {+the+} internal device if it is not copied * under the control of the [-user,-]{+user+} and is therefore * an eavesdropper [-would-]{+will+} not [-be observing-]{+observe+} the communications. * analyze logs[-so as-] to understand * identification associated [-to-]{+with+} the session * Public guest networks: public [-hotspots, such as-]{+hotspots+} in shopping malls, hotels, stores, [-train-stations,-]{+train stations,+} and airports are typical {+examples+} of this environment. * network can provide[-to-] a wireless connecting device basic IP communication service * incorporate[-a multiplicity of-] more advanced services, from [-AAA,-]{+AAA+} to * often accompanied [-with-]{+by+} network performance management services. * The same type of network may[-have a-] need to limit * profiles, {+and+} encryption key material * include [-upper layer-]{+upper-layer+} functions [-which-]{+whose+} purpose is * fail [-decrypting-]{+to decrypt+} the device [-traffic,-]{+traffic+} and fail [-selecting-]{+to select+} the right key * network [-equipments-]{+equipment+} such as Multi-Layer [-router-]{+routers+} and Wi-Fi Access [-Point-]{+Points+} * short [-time-interval-]{+time interval+} * a device [-which-]{+whose+} port location can no longer be found * cause [-resources-]{+resource+} exhaustion * provided by [-a-]{+an+} AAA server to change the interface from {+a+} blocking state to {+a+} forwarding state. * [-Therefore,-]{+Consequently,+} MAC address randomization can [-interrupt the-]{+disrupt+} device [-traffic,-]{+traffic+} and[-cause a-] strain[-on-] the AAA server. * the leaving MAC [-would return.-]{+returns.+} * [-(environments-]{+(environment+} type A in[-section-] Section 5), * the [-device-]{+device's+} MAC address. * [-(environments-]{+(environment+} type A) and in enterprises [-(environments-]{+(environment+} types D and E), * the [-device-]{+device's+} wireless MAC address. * [-(environments types-]{+(environment type+} B) and in enterprises [-(environments-]{+(environment+} types D and E) * [-real time-]{+real-time+} support is only possible if the user [-is able to-]{+can+} provide the current MAC address. * policies are associated [-to-]{+with+} each group of objects, including [-IoT.-]{+IoT devices.+} * network [-operators.Table-]{+operators. Table+} 1 summarizes * For [-example:-]{+example,+} a Home network * [-The home user commonly expects-]{+Home users typically expect+} the network operator to protect the home network from external threats (i.e., attacks from the Internet). [-The home user-]{+Home users+} also [-commonly expects simple-]{+typically expect certain+} policy features (e.g., Parental Control). Most home users do not expect to need networking skills to manage their home network. Such environments may lead to full-trust conditions. [-However, if the-]{+Although+} trust [-commonly exists-]{+may typically exist+} between allowed actors, there is no guarantee that an eavesdropper [-would not be observing the-]{+isn't monitoring+} Wi-Fi traffic from outside [-or,-]{+or that+} a rogue IoT device {+isn't+} monitoring local traffic from [-inside, thus practically limiting-]{+within. This reality often limits+} the [-applicability-]{+effectiveness+} of[-the-] trust in most home scenarios. * Public Wi-Fi is often [-considered to be-]{+viewed as+} completely untru sted, [-where a user has no expectation of being able-]{+with users not expecting+} to trust other users o r any actor inside or outside[-of-] the layer-2 domain. * require simple Internet connectivity [-service,-]{+service+} and expect[-only-] limited to no technical support. * [-There are existing-]{+Existing+} technical solutions that address some of the requirements[-from several -] of the use cases {+mentioned above are+} listed [-above.-]{+in+} Appendix [-A provides a list of some of these existing solutions.-]{+A.+} * client device or[-of-] the user of the device * identity can be [-obfuscated-]{+concealed+} from unauthorized observers. * Such {+a+} server is uncommon * the procedure to install a profile {+is+} cumbersome * establishment of trust between local [-network-]{+networks+} and an identity provider. Such {+a+} procedure increases * hotspot networks and[-in-] home environments. * Such {+a+} randomization scheme Also, multiple instances of: * associated [-to-]{+with+}