**Session Date/Time:** 28 Jul 2022 20:00

# madinas

## Summary

The madinas session covered updates on working group activities, including the status of the MAC address randomization draft and the use cases and problem statement draft. Significant discussion revolved around coordination with IEEE 802.11 groups on identifier management in the context of MAC address randomization, and the potential for a roaming experiment using Open Roaming. A non-working group document on SAVI for Wireless LAN was also presented. The working group also announced the adoption of GitHub for document management.

## Key Discussion Points

*   **IETF Status and GitHub Adoption**:
    *   The madinas working group has adopted GitHub for managing working group documents. This will be used for tracking issues and editorial recommendations, as per RFC 8874.
    *   The primary channel for technical discussion will remain the mailing list, with GitHub serving as an additional tool for text suggestions and editorial management.

*   **IEEE 802.11 Activities Update (Juan Carlos)**:
    *   **11bh**: This group is discussing new identifiers for use cases where random MAC addresses are problematic (e.g., IT support, captive portals). Three main approaches are under consideration:
        1.  STA generates a Layer 2 ID and passes it to the AP post-association, signaling future changes.
        2.  AP (or network) generates an ID and passes it to the STA post-association, with the STA signaling new associations.
        3.  Keys are exchanged to allow common computation of an ID.
    *   **11bi**: This group is focusing on protecting privacy-impacting elements, such as obsoleting key identifiers in resolutions and reducing fingerprint exposure from probe messages.
    *   **Coordination**: A strong need for improved liaison and coordination between madinas and IEEE 802.11 groups was identified, as 802.11 groups are less aware of madinas' plans.
    *   **Discussion on IEEE Work**:
        *   **Scanning vs. Post-association**: IEEE 802.11 is mainly concentrating on post-association identification, assuming random MACs during scanning. However, "pre-association steering" (e.g., directing IoT devices to specific bands) is a point of heavy debate, as it might require pre-association device identification.
        *   **Captive Portals**: Michael Richardson expressed strong concern about IEEE 802.11 addressing captive portal identification at Layer 2. He argued that captive portals are typically Layer 3 or higher, involve infrastructure beyond a single AP, and that IEEE 802.11 groups lack expertise in these broader protocols. He emphasized the undeployable nature of Layer 2 solutions for this problem and called for clearer liaison.

*   **MAC Address Randomization Current State Draft (Carlos Bernardos)**:
    *   **Goal**: Document current efforts and activities in IETF, IEEE, mobile OS vendors, and WBA regarding MAC address randomization.
    *   **Dynamic Content**: Section 7, which documents mainstream OS practices, has been moved to a live GitHub repository. The RFC will contain a link to this dynamic content, allowing for continuous updates due to the evolving nature of OS implementations.
    *   **Taxonomy Proposal**: Michael Richardson proposed creating a standardized taxonomy of different MAC randomization mechanisms within the GitHub content, allowing for consistent labeling and discussion of various approaches (including those tried and discarded).

*   **Use Cases and Problem Statement Draft (Jerome Henry)**:
    *   **Goal**: Establish a framework, define concepts, actors, environments, and requirements related to randomized MAC addresses (RCM) and identification.
    *   **Industry Solutions**: The new version (v02) includes a section describing potential industry solutions, specifically highlighting Open Roaming.
    *   **Open Roaming as a Solution**: Open Roaming, based on Passpoint and 802.1X, allows anonymous connection to a network while authenticating to a third-party identity provider. In such a scenario, the user's identity is protected, making the MAC address irrelevant for traceability by the network operator, and thus facilitating MAC address rotation.
    *   **Requirements**: The document lists eight primary requirements, noting that some (e.g., session continuity with changing MAC addresses) may require further progress in groups like 802.11bi to be met.

*   **Open Roaming Experiment Discussion (Juan Carlos)**:
    *   **Proposal**: An experiment is being discussed with the Wireless Broadband Alliance (WBA) to run Open Roaming at an upcoming IETF meeting (e.g., London).
    *   **Mechanism**: Open Roaming federates identity providers (ISPs, mobile operators, IETF itself) with network providers (IETF network) using Passpoint/802.1x, allowing users to connect without reliance on MAC address persistence.
    *   **Concerns**: Michael Richardson emphasized the critical need for an ethics committee review and explicit user consent for any experiment involving Personally Identifiable Information (PII) on the IETF network.

*   **SAVI Solution for Wireless LAN (Ruiying Zhang)**:
    *   **Non-Working Group Document Presentation**: This draft proposes a Source Address Validation Improvements (SAVI) solution for WLAN.
    *   **Mechanism**: Uses the MAC address (secured by 802.11i) as a binding anchor. Access Points (APs) and Access Controllers (ACs) snoop DHCP/DAD procedures to create and maintain IP-MAC mapping tables. Packet filtering is performed based on these bindings to prevent IP address spoofing.
    *   **Binding Scenarios**: Bindings can be static, derived via DHCP snooping, or through SLAAC/DAD snooping.
    *   **Impact of MAC Randomization**: The presenter stated that SAVI for WLAN would function correctly as long as the MAC address remains stable during a single access session.
    *   **Working Group Fit**: Chairs and participants indicated that this draft does not align with the current madinas charter and would be better suited for discussion in the interim working group or dispatch process.

## Decisions and Action Items

*   The madinas working group has adopted GitHub for managing document issues and editorial suggestions for working group drafts. Discussions should continue on the mailing list.
*   **Chairs**: Discuss the possibility of holding a virtual interim meeting before IETF 115 (London) to review documents in depth.
*   **Chairs/WG**: Establish a clearer liaison with IEEE 802.11 groups to communicate IETF concerns and solutions regarding identifier management and MAC address randomization, especially concerning Layer 2 vs. Layer 3 approaches for captive portals.
*   **All WG Members**: Review the working group drafts ("MAC Address Randomization Current State" and "Use Cases and Problem Statement") and provide feedback on the mailing list.
*   **Authors of MAC Address Randomization Draft**: Consider Michael Richardson's suggestion to develop a standardized taxonomy for MAC randomization mechanisms within the GitHub content.
*   **Authors of Open Roaming Experiment Proposal**: Address the need for ethics committee approval and user consent for any experiment involving PII.
*   **SAVI for Wireless LAN**: The document does not fit the madinas charter.

## Next Steps

*   Individual and cross-reviews of the "MAC Address Randomization Current State" and "Use Cases and Problem Statement" drafts are encouraged on the mailing list.
*   Further discussions regarding a potential virtual interim meeting will take place on the mailing list.
*   The Open Roaming experiment proposal will be further refined, taking into account the feedback on consent and ethics.
*   Authors of existing drafts should continue to refine their documents based on community feedback.