Markdown Version | Session Recording

Session Date/Time: 02 Oct 2025 16:00

DULT

Summary

The DULT Working Group met to discuss the progress of its documents, particularly the Threat Model. The chairs highlighted the need to finalize the Threat Model to inform the development of other protocol documents. Key discussions revolved around terminology consistency, the scope of a "loss mode" function, and the complex challenges of designing a "remote disablement" feature that can be enforced by the tracking tag itself while preventing abuse. A new version of the Threat Model document is planned for release to solicit broader feedback, and the remote disablement topic will be a central focus for discussion at IETF 124.

Key Discussion Points

• Threat Model Document (draft-ietf-dult-threat-model):

  • The document is considered lengthy and thorough; a question was raised regarding the necessity of all citations for IETF publication.
  • The working group was encouraged to provide feedback, particularly on whether the document is ready for Working Group Last Call. Silence makes it difficult for chairs to judge consensus.
  • GitHub Issues Review:
    • Issues such as "adding an acknowledgement section" and "align terminology" were noted as straightforward.
    • The issue "consider designing a loss mode function" was clarified to explore the intersection of anti-theft or loss mode features with unwanted tracking protections. The Threat Model document is considered an appropriate place to initiate this discussion, ensuring such features do not erode tracking protections.
  • Terminology Consistency: Discussions highlighted the importance of consistent terminology across all DULT documents. It was recalled that an earlier agreement aimed to establish the accessory protocol document (draft-ietf-dult-accessory-protocol) as the source of truth for a master terminology list. A recent PR on the Threat Model document temporarily adds terms to facilitate broader review, with future alignment in mind.
  • "Victim" Language: The use of "victim" in the threat taxonomy was discussed. While potentially uncommon in general IETF drafts, it was chosen in a specific security context for the taxonomy, alongside "attacker." Suggestions included defining these terms clearly early in the document or linking to the taxonomy.

• Remote Disablement Feature:

  • This feature, relevant to accessory protocols, presents challenges in defining criteria that can be enforced by the tag itself.
  • Enforceable criteria identified include: detecting a "play sound" command and detecting the duration of proximity between the tag and the disabling device.
  • A significant challenge is the inability for tags to easily enforce motion detection, as accelerometers are not a mandatory component.
  • An open question remains whether the tag-enforceable criteria are sufficient to prevent abuse (e.g., mass disabling of tags) versus supporting benign use cases (e.g., finding a lost accessory for safety/security).
  • One perspective suggested that if the required proximity duration for disablement is sufficiently high, the advantage for an attacker attempting to disrupt the network might be minimal.
  • An alternative proposal involving changing location upload behavior (rather than tag behavior) was mentioned, noting it has less privacy-protecting impact.
  • The group acknowledged that a tag's knowledge of "duration in range" might often rely on the platform rather than the tag directly, unless a ranging session (e.g., UWB) is involved. Exploration of technical methods (e.g., pinging, timeouts) for tags to determine range duration was suggested.

• Document Progression and IETF Process:

  • A IETF 124 session (1 hour) in Montreal has been requested, with in-person and remote participation options, including fee waivers.
  • An interim meeting is scheduled for December, favoring North American time zones, also with remote fee waivers.
  • The frequency of future interim meetings will be decided after IETF 124.
  • The AD discussed the IETF document progression path: Working Group Last Call, AD review, and IETF Last Call (involving cross-area directorate reviews). Targeted directorate reviews can be requested even without a full IETF Last Call.
  • It was noted that while related documents (like the Threat Model and protocol documents) are often advanced in conjunction to prevent rework, holding up too many documents creates difficulty. The four documents in DULT are considered manageable.

Decisions and Action Items

• Erica Turner served as the scribe for the meeting.
• ACTION: Maggie will coordinate with Shailesh and Jesse to push a new version of the Threat Model document within the next week. This version will incorporate terminology updates (including "attacker" and "victim" definitions) and remove outstanding to-do items.
• ACTION: Maggie will send an email to the working group mailing list announcing the new Threat Model document version and explicitly requesting feedback.
• ACTION: Maggie will also include in the email that the "remote disablement" feature will be a key discussion topic at the IETF 124 session.
• ACTION: Maggie, Brent, and Siddika will prepare a presentation on the "remote disablement" feature for IETF 124. This presentation should be finalized at least one week prior to the start of IETF 124 to allow for community review.
• ACTION: Maggie, Brent, and Siddika will explore technical mechanisms for a tag to enforce "duration in range" for remote disablement (e.g., inter-device pinging, timeouts).

Next Steps

• The working group is encouraged to actively review and provide feedback on the upcoming version of the Threat Model document.
• Prepare for a focused discussion on the "remote disablement" feature at IETF 124 to gather broader input, particularly from "tourists" or other area participants.
• Continue efforts to ensure terminology consistency across all DULT working group documents.