**Session Date/Time:** 26 Feb 2026 17:00

# [DULT](../wg/dult.html)

## Summary

The DULT Working Group held an interim virtual meeting to discuss the status and future direction of its documents, primarily focusing on the Threat Model document. Maggie presented a newly updated version of the Threat Model document, which included identified limitations of existing approaches to detecting and preventing unwanted tracking and proposed priorities for the working group. A significant discussion ensued regarding the working group's velocity, the scope of its technical work, and whether to focus on documenting the current state of play versus developing new protocols to address all identified threats. Decisions were made on specific edits to the Threat Model document and initial action items for other technical documents.

## Key Discussion Points

*   **Administrative Overhead**: The chairs (Sean Turner) covered the Note Well, meeting tips, and requested a scribe. Sean volunteered to take notes, asking for group review. The meeting was set to focus primarily on the threat model.
*   **Threat Model Document Update (Maggie)**:
    *   Maggie published a new version of the Threat Model document, co-authored with Jesse Lowell, Eva Galperin, and Erica Olson.
    *   Key additions include a section on "Limitations of existing approaches to detecting and preventing unwanted tracking" (placed in design considerations) and "Priorities for the DULT working group."
    *   Six limitations of existing deployed implementations were identified: spotty implementation, lack of customizability, difficulty finding/disabling tags, remote disablement (consensus not to support an anti-theft mode), non-conformant tags, and activity logs.
    *   Maggie proposed five priorities for technical documents to evaluate: active scanning, passive scanning, non-conformant accessories, remote disablement, and crowdsourced network activity logs.
*   **Discussion on WG Velocity and Scope**:
    *   Ecker expressed concern about the working group's velocity, suggesting that it might be more realistic to "write down what people are currently doing and mostly stop," rather than undertaking ambitious new technical work, especially regarding non-conformant accessories, which he found "colossally challenging."
    *   Brent agreed with Ecker, noting the challenge of non-conformant accessories and suggesting "taking the win" by publishing existing work. He inquired about standard IETF practice for managing ambitious charters with limited group energy.
    *   Deb Hekel suggested documenting the current state of play as a "win" to maintain a baseline for future work, acknowledging a lack of energy for new development at present.
    *   Maggie expressed concern that documenting only existing work wouldn't be a "win" if it didn't address the fundamental problems the WG was chartered to solve.
*   **Purpose and Content of the Threat Model Document**:
    *   The discussion refined the purpose of the Threat Model document: to define threats and limitations, rather than prescribing specific implementations or calling out individual manufacturers.
    *   Corbin and Sean emphasized the value of explicitly documenting threats and *unaddressed* issues, which could serve as a basis for future work or broader communication.
    *   Maggie highlighted the difficulty of detailing current implementations due to rapid changes and avoiding singling out specific manufacturers. She questioned if the document's audience was implementers of new technical changes or a broader public understanding of problems.
*   **Terminology and Specifics in Threat Model**:
    *   Brent noted a nitpick in the "Spotty Implementation" section, stating that "adult protocol" has no official implementation yet, as documents are not ratified. He characterized the existing industry specification for accessory protocol as a non-consensus-based effort, with IETF standards offering a higher level of documentation.
    *   Siddica corrected a statement in the document about Android's passive scanning, confirming it works for compatible tags and Airtags.
    *   Brent and Siddica further clarified that "active scanning" and "passive scanning" can be confusing as they also have Bluetooth-specific meanings. They suggested terms related to user interaction (e.g., "manual scanning") might be clearer.
    *   Tommy (Apple) supported trimming specific implementation details from the Threat Model, advocating for it to primarily lay out threats, with mitigation discussions belonging elsewhere (e.g., technical documents, last call comments).
*   **Addressing Gaps in Technical Documents**:
    *   Corbin suggested using "manual scanning" to describe user-initiated scans.
    *   Maggie raised the point that if "manual scanning" is important but not in the Accessory Protocol document, it should either be added, put in a separate document, or the Accessory Protocol document should acknowledge this as a known limitation. She stressed that the Threat Model document is agnostic to the technical specs' ability to meet requirements.
    *   Brent acknowledged this and suggested adding a recommendation for manual scanning to the Accessory Protocol document, considering its audience (accessory makers). He noted the nuance for accessory makers depending on Bluetooth active vs. passive scans.
    *   Siddica agreed that the Accessory Protocol document should focus on tag manufacturers, but the Threat Model should still mention limitations.
    *   The group considered the possibility of an "addendum" document for concepts like manual scanning, if it aligns with the charter. Sean confirmed this is possible with working group consensus and AD support.
*   **Need for Consistency**: Maggie reiterated that the core issue with "spotty implementation" is the lack of consistency across devices, platforms, and accessory types, which creates security vulnerabilities (e.g., an attacker exploiting platform differences).

## Decisions and Action Items

*   **Threat Model Document (draft-ietf-dult-threat-model)**:
    *   Maggie will remove specific references to manufacturers and platforms from the document.
    *   Maggie will change the phrase "active scanning" to "manual scanning" for clarity regarding user interaction.
    *   Siddica and Brent will provide specific corrections/PRs for details related to Android's passive scanning and other clarifications on scanning terminology within the Threat Model document.
    *   Deb Hekel volunteered to review the updated Threat Model document.
*   **Accessory Protocol Document (draft-ietf-dult-accessory-protocol)**:
    *   Ecker volunteered to transcribe the existing public literature regarding Apple's system for the Accessory Protocol document. He aims to have something ready by mid-April, requesting review/confirmation of accuracy from Apple.
    *   Sean will follow up with Apple regarding Ecker's request for review.
    *   Sean will send Ecker formal confirmation to proceed with this transcription work, noting Christina's changed focus.
    *   Brent and Siddica will discuss and decide how the Accessory Protocol document will engage with the Threat Model document's findings, specifically on manual scanning and other gaps (e.g., by adding advice, noting limitations, or suggesting new documents).

## Next Steps

*   **Re-establish Meeting Cadence**: Sean will send out a Doodle poll to schedule monthly meetings, aiming for the week of March 30th for the next meeting.
*   **Document Progress**: The group will review progress on the Threat Model and Accessory Protocol documents at subsequent meetings.
*   **Charter Review (Potential)**: If further new technical documents are deemed necessary (e.g., for manual scanning), the working group will consider proposing charter changes.