Re: RFC: standardized network provisioning

From: Dan Williams <dcbw redhat com>
To: Tom Gundersen <teg jklm no>
Cc: networkmanager-list gnome org
Subject: Re: RFC: standardized network provisioning
Date: Fri, 13 Jun 2014 11:23:50 -0500

On Fri, 2014-06-13 at 12:17 +0200, Tom Gundersen wrote:

On Fri, Jun 13, 2014 at 12:43 AM, Dan Williams <dcbw redhat com> wrote:

On Thu, 2014-06-12 at 23:22 +0200, Mark Elkins wrote:

I hear that the latest Apple IOS uses a random MAC address when scanning
local wifi hotspots - so "people" can not track the device so easily...
seems like a good addition.

It would also be interesting if I could automatically change my MAC
address every so many configurable minutes - both on wifi and wired
interfaces... a bit like I can do with my IPv6 address...


We've been discussing this upstream with kernel developers too.  The
short answer is that yes, it can happen, but it'll take some work in the
kernel and wpa_supplicant to make that happen.  Once that's done,
NetworkManager can use it.

Note that this behavior is only for randomized MAC addresses when
*scanning*.  The device must still use a stable MAC address when it
connects to a network, and that address cannot change during the
connection without breaking the connection entirely and reconnecting.
And that wouldn't work well for hotspots, since they often cache your
"logged-in" status based on your MAC address.  For wired it would
probably greatly confuse switches and bridges, and would trigger
re-authentications for 802.1x-enabled switches.

So yeah, randomized MAC when scanning is coming.  But randomized MAC
every few minutes wouldn't work well in many normal WiFi and ethernet
cases, so that's probably not going to happen soon (if ever)...


One option would be to use a random mac address for scanning, and also
generate a random MAC address for each AP you connect to, but keep the
same MAC address as long as you are connected to the same AP (and
remember it for next time you connect).


This could work but does increase the chances of a MAC address collision
to a level that I think might be likely in the real world...  the
benefit of using them for scanning only is that scanning is mostly a
"read only" operation and thus using a randomized MAC, even if it
collided, wouldn't have side-effects.  But having a random collision in
normal associated operation would be much worse, especially in WiFi
networks where the MAC address is used more extensively in the network
infrastructure for state and authorization than it is in wired networks.
Just some stuff to think about...

Dan

References:
- RFC: standardized network provisioning
  - From: Chuck Anderson
- Re: RFC: standardized network provisioning
  - From: Dan Williams
- Re: RFC: standardized network provisioning
  - From: Mark Elkins
- Re: RFC: standardized network provisioning
  - From: Dan Williams
- Re: RFC: standardized network provisioning
  - From: Tom Gundersen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]