**Session Date/Time:** 05 Jun 2025 16:00 # [DULT](../wg/dult.html) ## Summary The DULT Working Group held its first virtual interim meeting to discuss the status of its core documents. Key discussions revolved around consolidating terminology across documents, the complex issue of remote disablement of tracking devices (balancing user safety from stalking against benign loss/theft scenarios), and challenges with unauthorized devices leveraging the finding protocol. The group decided to shift to a monthly virtual interim meeting cadence instead of holding a session at IETF123 in Madrid, to facilitate more frequent progress. ## Key Discussion Points * **Charter Milestones:** It was clarified that DULT WG charter milestones are aspirational and can be updated as needed. * **Threat Model Document (Maggie):** * Progress has been made on identifying attack vectors (e.g., disabling speaker, replay, impersonation) and refining the taxonomy of unwanted tracking scenarios. * A draft Pull Request (102) has been submitted for terminology, aiming to standardize definitions across all DULT documents. * Discussion centered on the ideal location for these consolidated definitions. The group expressed a preference for a single source of truth, likely within the accessory protocol document, to avoid inconsistencies and maintenance overhead. * **Remote Disablement (Sadika):** * A presentation outlined the problem of users being unable to physically locate a hidden tracker despite receiving alerts, and whether the accessory protocol should support remote disablement without physical access. * Three scenarios were presented: 1. **Stalking:** A victim cannot find a hidden tracker in their car/home, even with professional help. Remote disablement would be beneficial. 2. **Benign Loss:** A user forgets a tracker-enabled item (e.g., backpack) in a shared ride. The driver receives an unknown tracker alert, panics, and disables it, preventing the owner from recovering the item. 3. **Theft:** A stolen item (e.g., bicycle) with a tracker is disabled by the thief upon receiving an alert, defeating the anti-theft purpose. * Proposed conditions for remote disablement were discussed (e.g., only for tags in Bluetooth range, in "separated mode"). * Recommendations for platforms included implementing mitigations like requiring a user to spend time searching before the disablement option becomes available. * The principle of "people over property" was strongly reaffirmed, with participants emphasizing that preventing stalking should take precedence, even if it introduces inconveniences for lost/stolen items. Other recovery mechanisms often exist for lost items, but not for hidden stalking devices. * Concern was raised about "false alerts" (alerts for legitimate but unknown tags, not actual stalking) and the need to reduce user anxiety in such cases. * A key technical challenge was identified regarding the enforceability of disablement conditions at the tag level. It was noted that a tag, as a simple radio receiver, cannot verify complex platform-side logic (e.g., if a user has "searched for a tag"). Any disablement signal sent to a tag must be based on facts observable by the tag itself. A malicious actor could continuously send a "suppress transmission" signal if disablement is temporary. * **Findings Document (Christine):** * A case was reported where a non-compliant device was registered as an accessory in a "Find My" network, without triggering anti-tracking alerts, raising concerns about unauthorized devices leveraging the protocol. * The need for better endpoint authentication mechanisms to prevent such misuse was highlighted, potentially requiring engagement with cryptographic experts. * The document author was encouraged to propose concrete technical solutions to drive this discussion forward. * The document's current reliance on "multi-peer secret sharing" was discussed, with suggestions to explore alternative architectures or engage the original authors of the concept due to its complexity. ## Decisions and Action Items * Erica volunteered to serve as the scribe for this meeting. * **Decision:** The DULT Working Group will likely *not* schedule a session at IETF123 in Madrid. The focus will instead be on virtual interim meetings. * **Decision:** The DULT Working Group will adopt a monthly cadence for virtual interim meetings to maintain momentum. * **ACTION:** Maggie to create a draft Pull Request to update the *accessory protocol* document with consolidated terminology definitions, drawing from existing drafts. * **ACTION:** Sadika and EKR to follow up offline to discuss the technical enforceability of remote disablement criteria at the tag level, considering potential attacker behavior. * **ACTION:** Sean and EKR to assist Christine with the process of "keeping alive" her Internet-Draft (findings document) via GitHub and the DataTracker. * **ACTION:** Sadika and Maggie (and anyone else interested) to collaborate on developing a set of concrete proposals or design permutations for remote disablement, for discussion at the next meeting. ## Next Steps * Sean will schedule the first monthly virtual interim meeting for late July (before July 7th) or early August, aiming for the first week of the month if possible, avoiding IETF blackout periods. * Participants are encouraged to review the existing documents, particularly the threat model document's progress, and provide feedback on GitHub. * Christine is encouraged to consider proposing concrete technical solutions for endpoint authentication in her document. * The next meeting will include a detailed discussion and refinement of the remote disablement proposals developed by Sadika and Maggie.