Session Date/Time: 04 Dec 2025 17:00

DULT

Summary

The DULT Working Group held a virtual interim meeting to discuss the status and future direction of its work, particularly focusing on the "unwanted location tracking threat model" document. Key points included a recap of the previous IETF meeting's course correction, a review of open issues and pull requests for the threat model document, and identification of high-risk attacks and critical features requiring standardization. The working group aims to finalize the threat model and initiate concrete technical work, emphasizing the need to move from threat identification to specifying solutions.

Key Discussion Points

Working Group Direction & Document Focus:
- At the previous IETF meeting, there was a "course correction" to first finalize the threat model, then document what is currently implemented in existing "find my" networks (e.g., Apple's Find My Network). The threat model would then serve as a basis for evaluating future protocol development.
- Eckert is expected to write the "finding document" to detail current implementations, shifting from a forward-thinking to a descriptive approach.
- The "accessory protocol" document authors (Brett and Sadiqa) are also expected to revise their document to accurately reflect current practices.
Threat Model Document Updates (Presented by Maggie):
- Pull Request (PR) 165: Addresses feedback from Watson Ladd regarding the distinction between technically sophisticated attacks (which can be packaged and widely deployed) and those requiring skillful physical manipulation.
  - This PR updates the likelihood and risk levels for certain attacks. For example, "accessory firmware modifications" risk was elevated from medium to high, considering the potential for widely deployed attacks and patching effectiveness.
  - "Impersonation attacks between a device and a network" were also considered, but numerous mitigations suggest the overall risk level might not be significantly affected.
- Issue 162 (Swarm Attack): A proposed new threat. Maggie suggested incorporating this as a "scenario" within the document rather than a standalone attack, as it combines elements of existing attacks.
- Issues 160 & 163 (Document Structure): Watson Ladd suggested reordering Section 3 of the threat model to prioritize attacks on the protocol, followed by example scenarios, and then a separate mitigation section, before the design section.
  - Maggie noted she is open to these structural changes if they prove useful to authors of new documents, but questioned the utility of a large refactor at this stage.
Identification of High-Risk Attacks and Features for Standardization:
- Based on the updated threat matrix, five attacks were identified as highest risk:
  1. Deploying multiple tags
  2. Accessory firmware modifications
  3. Tracking a target using their own tag
  4. Impersonation attacks (deploying a tag impersonating a known tag, or a device sending a command to an unauthorized tag)
  5. Deploying a GPS tracker
- Several features were identified as needing standardized, uniform implementation across protocols:
  1. Active Scanning: User-initiated scanning for nearby tags.
  2. Passive Scanning & Unwanted Tracking Alerts: The "finding algorithm" for detecting unwanted tracking alerts, including potential customization (e.g., sensitivity settings).
  3. Remote Disablement: While device-to-tag disablement was deemed technically challenging, exploring crowdsourced network-level disablement was suggested.
  4. Network Activity Logs: To audit access and detect unwanted location tracking.
Operationalizing the Threat Model and Future Work:
- There was a discussion on how to transition from the threat model to concrete technical documents. The chairs expressed a need to define clear focus areas, identify relevant documents, assign work, and record these areas within the threat model document.
- Sadika inquired about the status of the "algorithm document" and its relation to the accessory protocol and finding documents, emphasizing the need for clarity on where active/passive scanning and finding algorithms would reside. Maggie suggested these belong in a "finding algorithm document" that has not yet been started.
- Deb expressed the view that the working group should avoid "perfect being the enemy of the good" and aim to publish an RFC to drive action from implementers, rather than waiting for an exhaustive document.
- Eva emphasized the need for a normative document that highlights how existing networks fail and specifies desired changes to influence manufacturers, aligning with the WG's purpose of protecting people rather than just enterprises.
- Jessie supported the idea of incorporating input from gender-based violence experts and noted the challenge of translating technical details for broader expert review.

Decisions and Action Items

Decision: The working group will focus on finalizing the threat model document by addressing the identified high-risk attacks and features.
Decision: To accelerate progress, the working group will proceed with the current direction for the threat model document and initiate technical work on the identified focus areas, rather than pursuing extensive structural refactoring at this time (e.g., deferring Watson's proposed refactor in Issue 160).
Action Item (Maggie): Create a GitHub issue to track the development of a "short and sweet" explanation (two to three paragraphs) within the threat model document describing how existing networks are currently failing and the importance of the DULT work. Maggie will collaborate with Eva and Erica on this.
Action Item (Sean Turner): Contact Eckert to encourage progress on the "finding document" and its next revision. Sean will also explore finding a co-author if Christine is unavailable.
Action Item (Michael Richardson): Review the threat model document before January.

Next Steps

The chairs will push for progress on the "finding document" and other technical drafts by pinging authors.
Maggie will work on incorporating the "how networks are failing" summary and getting feedback on existing PRs for the threat model document.
The working group will move forward with the identified high-risk attacks and features as priorities for subsequent technical standardization efforts.