Hiya, On 29/09/2020 19:41, Michael Richardson wrote: > It will be good if we can get a document from the MAC randomization > proponents (if there is such a group), to explain the thread profile. > I don't think it includes active compromised hosts.
That is a problem yes. I no longer think "compromised host" is the correct term there though. In the case of android, we found google play services regularly calls home linking all these identifiers and more (phone#, sim serial, imei...) [1] for Google's own uses. I'd be very surprised if other entities (e.g. other OS and handset makers) weren't doing the same kind of thing (in fact I've seen some of that but we've not yet written it up). And supposedly innocuous "apps" can and do embed SDKs that also do that kind of thing. [2] I don't think "compromised" is an apt term for such a host. Perhaps it is apt for almost the entire mobile ecosystem? More on-topic, I do think MAC address randomisation has a role to play for WiFi as it does for BLE, but yes there is a lack of guidance as to how to implement and deploy such techniques well. It's a bit tricky though as it's fairly OS dependent so maybe not really in scope for the IETF? (For the last 3 years I've set a possible student project in this space, but each time a student has considered it, it turned out "too hard";-) Cheers, S. [1] https://www.scss.tcd.ie/Doug.Leith/pubs/contact_tracing_app_traffic.pdf [2] https://arxiv.org/abs/2009.06077
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
