Re: [STDS-802-Privacy] February 4 - Teleconference details
On Mon, Feb 2, 2015 at 5:15 PM, Carlos Jesús Bernardos Cano
<cjbc@xxxxxxxxxx> wrote:
> Hi Juan Carlos, all,
>
> We continue working on the update of the scripts & tools to perform MAC
> address randomization automatically in the upcoming experiments.
> Unfortunately, this time I will not be able to join the teleconference
> this time.
Neither will I, but while Chris Elliot and I were helping build the
NANOG network we took some time out to build and test configs for ISC
DHCPd for MAC randomization.
We tested 2 configs, the first matches a first octet of '0x06'
(leaving 40 bits to be randomized) and the second attempts to match
just the local bit. The first is much simpler, got more testing, and
(IMO) gives more than enough space
(http://mac-collision-probability.appspot.com/calculate ), the second
is a bit sexier, but we didn't get as much testing time and is a bit
back magic.
First examplet:
class "Random_MAC" {
# Locally assigned, restricting the MAC space to 06 (2^40bits)
match if (substring(hardware, 1, 1)) = 06;
}
# test
subnet 192.168.1.128 netmask 255.255.255.128 {
pool {
authoritative;
range 192.168.1.160 192.168.1.200;
allow members of "Random_MAC";
option routers 192.168.1.129;
option domain-name "meeting.example.com";
option domain-name-servers 192.168.1.12, 192.168.1.13;
# 30 minutes.
default-lease-time 1800;
}
pool {
authoritative;
range 192.168.1.130 192.168.1.159;
option routers 192.168.1.129;
default-lease-time 14400;
option domain-name "meetings.example.com";
option domain-name-servers 192.168.1.12, 192.168.1.13;
}
}
Second example:
# Locally assigned bit matching...
set bytemac = substring(hardware,1,1);
set byteprt = binary-to-ascii(16,8,":", bytemac);
set binmac = binary-to-ascii(2, 8, ":", bytemac);
set localbit = substring(reverse(1,binmac), 1, 1);
if localbit = "1" {
log (error, concat("dhcpd local bit, bytemac: .",byteprt,".
binmac: .", binmac, "., localbit: .", localbit, "."));
}
class "Random_MAC" {
# Locally assigned, restricting the MAC space to 06 (2^40bits)
match if localbit = "1";
}
# test
subnet 192.168.1.128 netmask 255.255.255.128 {
pool {
authoritative;
range 192.168.1.160 192.168.1.200;
allow members of "Random_MAC";
option routers 192.168.1.129;
option domain-name "meeting.example.com";
option domain-name-servers 192.168.1.12, 192.168.1.13;
# 30 minutes.
default-lease-time 1800;
}
pool {
authoritative;
range 192.168.1.130 192.168.1.159;
option routers 192.168.1.129;
default-lease-time 14400;
option domain-name "meetings.example.com";
option domain-name-servers 192.168.1.12, 192.168.1.13;
}
}
> I'll check the minutes after and keep the list posted on our
> progress.
>
> Thanks,
>
> Carlos
>
> On Mon, 2015-02-02 at 19:40 +0000, Zuniga, Juan Carlos wrote:
>> Dear all,
>>
>>
>>
>> Below are the details of our next teleconference on Wednesday.
>>
>>
>>
>> This time the main topic will be the discussion and pre-circulation of
>> the group’s PAR/CSD (i.e. Charter) for consideration at the March 2015
>> meeting.
>>
>>
>>
>> We will also discuss the plans to do the MAC address randomization
>> experiment at the upcoming IEEE 802 Berlin plenary and IETF 92 Dallas
>> meetings.
>>
>>
>>
>> As a friendly reminder, you should plan to spend 2-3 minutes
>> connecting to WebEx, just in case.
>>
>>
>>
>> Best regards,
>>
>>
>>
>> Juan Carlos
>>
>>
>>
>> ---------------
>>
>> Agenda
>>
>> ---------------
>>
>> • Welcome
>>
>> • Chair's slides
>>
>> – IEEE Slides
>>
>> – Call meeting to order
>>
>> • Group’s updates
>>
>> – Privacy EC SG PAR/CSD
>>
>> – IETF MAC address randomization trial – next steps
>>
>> • Technical Topics
>>
>> – Threat Model for Privacy at Link Layer
>>
>> – Privacy Issues at Link Layer
>>
>> – Proposals regarding functionalities in IEEE 802 protocols to
>> improve Privacy
>>
>> – Proposals regarding measuring levels of Privacy on Internet
>> protocols
>>
>> – Implications of MAC address changes
>>
>> – Other
>>
>> • Next Steps
>>
>>
>>
>> ---------------
>>
>> Chair’s slides
>>
>> ---------------
>>
>> https://mentor.ieee.org/privecsg/dcn/15/privecsg-15-0005-00-ecsg-feb-4-conf-call-slides.pptx
>>
>>
>>
>> ---------------
>>
>> Meeting information
>>
>> ---------------
>>
>> Topic: EC Priv Recomm SG #5
>>
>> Date: Wednesday, February 4, 2015
>>
>> Time: 10:00 am, Eastern Standard Time (New York, GMT-05:00)
>>
>> Meeting Number: 746 673 385
>>
>> Meeting Password: privecsg
>>
>>
>>
>>
>>
>> -------------------------------------------------------
>>
>> To join the online meeting (also from mobile devices)
>>
>> -------------------------------------------------------
>>
>> 1. Go to
>> https://premconf.webex.com/premconf/j.php?MTID=m8a4786c5b454adf48f45b879102e172e
>>
>> 2. If requested, enter your name and email address.
>>
>> 3. If a password is required, enter the meeting password: privecsg
>>
>> 4. Click "Join".
>>
>>
>>
>> To view in other time zones or languages, please click the link:
>>
>> https://premconf.webex.com/premconf/j.php?MTID=meac83add1b23800f65b22f624b011066
>>
>>
>>
>> -------------------------------------------------------
>> To join the teleconference only
>> -------------------------------------------------------
>> Provide your phone number when you join the meeting to receive a call
>> back. Alternatively, you can call:
>> Call-in number (Premiere): 1-719-867-1571 (US/Canada)
>> Show global numbers:
>> https://www.myrcplus.com/cnums.asp?bwebid=8369444&ppc=542167&num=1&num2=1719-867-1571
>> Attendee access code: 542167
>>
>>
>>
>>
>>
>>
--
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
---maf