| Thread Links | Date Links | ||||
|---|---|---|---|---|---|
| Thread Prev | Thread Next | Thread Index | Date Prev | Date Next | Date Index |
|
My concern is not device A probing and then device B, with the same address, associating. My (mild) concern is device A probing while device B, with the same address, is already associated. Mark --
Mark RISON, Standards Architect, WLAN English/Esperanto/Français Samsung Cambridge Solution Centre Tel: +44 1223 434600 Innovation Park, Cambridge CB4 0DS Fax: +44 1223 434601 ROYAUME UNI WWW: http://www.samsung.com/uk From: Andrew Myles
(amyles) [mailto:amyles@xxxxxxxxx] G'day all Yes, that is possible, as is the issue noted by Adrian. Can we point at any important capabilities that are in Probes that are not repeated in the association phase ? If we all became management consultants for a moment, we would apply a 2 x 2 matrix to this issue of pre-Association probing
·
On likelihood axis: probability of an address duplicate is very low
·
On impact axis: impact of address duplication is very small (and never fatal) The conclusion would be don’t worry about address duplication in this mode Andrew -----Original Message----- > While a STA is Probing, does it really matter if a duplicate address is used? I would have a slight concern that the probe might update some record of the prober's capabilities (from the probe), which might in turn cause problems if there is another device with the same address (but different capabilities) associated with the probe. Mark -- Mark RISON, Standards Architect, WLAN English/Esperanto/Français Samsung Cambridge Solution Centre Tel: +44 1223 434600 Innovation Park, Cambridge CB4 0DS Fax: +44 1223 434601 ROYAUME UNI WWW:
http://www.samsung.com/uk > -----Original Message----- > From: Andrew Myles (amyles) [mailto:amyles@xxxxxxxxx] > Sent: 6 November 2014 23:13 > To:
STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx > Subject: Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol > > G'day all > > Just another thought ... > > While a STA is Probing, does it really matter if a duplicate address
> is used? I suspect that either the duplicate address will not cause
> any problems, or any issues can be mitigated. > > I suspect the same is true for a STA using GAS, but I have not
> considered this case in detail. > > Andrew > > > > > > -----Original Message----- > From: Christian Huitema [mailto:huitema@xxxxxxxxxxxxx] > Sent: Friday, 7 November 2014 6:04 AM > To:
STDS-802-PRIVACY@xxxxxxxxxxxxxxxxx > Subject: Re: [STDS-802-Privacy] Proposal on a MAC mediator protocol > > > Every participating device has a MAC entity Identity consisting of
> > the public key of a > ECDH keypair. A hash of this key into a 128 bit value is the MAC
> entity Identifier, much like the HIT in HIP. A hash with a nonce will
> be used to create the actual MACaddr used by the device. For privacy
> purposes, the ECDH keypair are ephemeral, a device can precompute a
> number of these and have them ready to use at will. For collision avoidance a device must be ready to use a different Identity or nonce to present a different MACaddr. > > Curious how that meshes with 802.1x/EAP, or with WPA2. Did you research that? > > > At linkup time, a device will listen for these broadcasts, use the
> > public key therein > along with its Identity key and a nonce to construct a shared secret.
> This secret will be used to MIC a packet to the mediator that will
> contain the devices: MACaddr, Nonce, Identifier, and Identity. If
> this is a new MACaddr for the mediator it would reply with an ACCEPT
> MICed message. If there is a collision, it will REJECT, causing the device to select a new MACaddr and try again. > > What if there is no link-up time, as in for example Wi-Fi probes? When
> scanning for available networks, Wi-Fi devices send probe packets to
> elicit responses from any access point that would be present. These
> packets are sent infrequently, maybe every few minutes, while the device is not connected to any network and is in fact moving between networks. > Uniqueness in one of these networks is not a guarantee of uniqueness in the next one. > > This scanning traffic is a well known target of tracking systems.
> Protecting it is a high priority. That's the first application of
> randomized MAC addresses. And for that application, the simplest
> solution is statistical uniqueness through large enough random numbers. > > -- Christian Huitema |