<?xmlversion="1.0" encoding="UTF-8"?>version='1.0' encoding='UTF-8'?> <!DOCTYPE rfcSYSTEM "rfc2629.dtd"[ <!ENTITYrfc2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>nbsp " "> <!ENTITYrfc4862 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4862.xml'>zwsp "​"> <!ENTITYrfc6973 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6973.xml'>nbhy "‑"> <!ENTITYrfc7217 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7217.xml'> <!ENTITY rfc8947 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8947.xml'> <!ENTITY rfc8948 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8948.xml'> <!ENTITY rfc7844 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7844.xml'> <!ENTITY rfc8981 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8981.xml'> <!ENTITY rfc4291 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4291.xml'> <!ENTITY rfc8064 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.8064.xml'>wj "⁠"> ]><?rfc toc="yes"?> <?rfc tocompact="yes"?> <?rfc tocdepth="3"?> <?rfc tocindent="yes"?> <?rfc symrefs="yes"?> <?rfc sortrefs="yes"?> <?rfc comments="yes"?> <?rfc inline="yes"?> <?rfc compact="yes"?> <?rfc subcompact="no"?><rfc xmlns:xi="http://www.w3.org/2001/XInclude" category="info" docName="draft-ietf-madinas-mac-address-randomization-15"ipr="trust200902">ipr="trust200902" number="9724" consensus="true" obsoletes="" updates="" submissionType="IETF" xml:lang="en" tocInclude="true" tocDepth="3" symRefs="true" sortRefs="true" version="3"> <front> <titleabbrev="Randomized and Changing MAC Address">abbrev="State of Affairs for Randomized and Changing MACAddress StateAddresses">State of Affairs</title> <!-- AUTHORS -->for Randomized and Changing Media Access Control (MAC) Addresses</title> <seriesInfo name="RFC" value="9724"/> <author fullname="Juan Carlos Zúñiga" initials="JC." surname="Zúñiga"> <organizationabbrev="CISCO"> CISCO </organization>abbrev="Cisco">Cisco</organization> <address> <postal><street></street><city>Montreal</city><code> QC</code><region>QC</region> <country>Canada</country> </postal> <email>juzuniga@cisco.com</email> </address> </author> <author fullname="Carlos J. Bernardos" initials="CJ." surname="Bernardos" role="editor"> <organizationabbrev="UC3M"> Universidadabbrev="UC3M">Universidad Carlos III deMadrid </organization>Madrid</organization> <address> <postal> <street>Av. Universidad, 30</street> <city>Leganes, Madrid</city> <code>28911</code> <country>Spain</country> </postal> <phone>+34 91624 6236</phone> <email>cjbc@it.uc3m.es</email> <uri>http://www.it.uc3m.es/cjbc/</uri> </address> </author> <author fullname="Amelia Andersdotter" initials="A." surname="Andersdotter"> <organization abbrev="SafespringAB"> Safespring AB </organization>AB">Safespring AB</organization> <address> <email>amelia.ietf@andersdotter.cc</email> </address> </author> <dateyear="2024"/> <area>Internet</area> <workgroup>MADINAS</workgroup>year="2025" month="January"/> <area>INT</area> <workgroup>madinas</workgroup> <abstract> <t> Internet users are becoming more aware that their activity over the Internet leaves a vast digital footprint, that communications might not always be properly secured, and that their location and actions can be tracked. One of the main factors that eases tracking of Internet users is the wide use of long-lasting, and sometimes persistent, identifiers at various protocol layers. This document focuses onMACMedia Access Control (MAC) addresses. </t> <t> There have been several initiatives within the IETF and the IEEE 802 standards committees toovercomeaddress some ofthesethe privacyissues.issues involved. This document provides an overview of these activities to helpcoordinatingcoordinate standardization activities in these bodies. </t> </abstract> </front> <middle><!-- BEGIN Terminology --><sectionanchor="sec:introduction" title="Introduction">anchor="sec_introduction" numbered="true" toc="default"> <name>Introduction</name> <t> Privacy is becoming a huge concern, as more and more devices aregettingconnecting to the Internet either directly (e.g., via Wi-Fi) or indirectly (e.g., via a smartphone usingBluetooth) connected to the Internet.Bluetooth). This ubiquitous connectivity, together with the lack of proper education aboutprivacy makeprivacy, makes it very easy to track/monitor the location of users and/or eavesdrop on their physical and online activities. This is due to many factors, such as the vast digital footprint that users leave on the Internet with or without theirconsent, for instance sharingconsent and the weak (or even null) authentication and encryption mechanisms used to secure communications. A digital footprint may include information shared on social networks, cookies used by browsers and servers for various reasons, connectivity logs that allow tracking of a user'sLayer-2 (L2/MAC)Layer 2 (L2) address (i.e., MAC address) orLayer-3Layer 3 (L3) address, web trackers,etc.; and/or the weak (or even null in some cases) authentication and encryption mechanisms used to secure communications.etc. </t> <t>This privacy concern affectsPrivacy concerns affect all layers of the protocol stack, from the lower layers involved in the access to the network (e.g.,the MAC/Layer-2MAC/L2 andLayer-3L3 addresses can be used to obtain the location of a user) tohigher layerhigher-layer protocol identifiers and user applications <xref target="CSCN2015"/>.format="default"/>. In particular, IEEE 802 MAC addresses have historically been an easy target for tracking users <xref target="wifi_tracking"/>.format="default"/>. </t> <t> There have been several initiativesatwithin the IETF and the IEEE 802 standards committees toovercomeaddress some of these privacy issues. This document provides an overview of these activities to helpcoordinatingcoordinate standardization activities within these bodies. </t> </section><!-- BEGIN Problem statement --><sectionanchor="sec:background" title="Background">anchor="sec_background" numbered="true" toc="default"> <name>Background</name> <sectionanchor="sec:mac_usage" title="MAC address usage">anchor="sec_mac_usage" numbered="true" toc="default"> <name>MAC Address Usage</name> <t> Most mobile devices used today are WLAN enabled (i.e., they are equipped with an IEEE 802.11 wireless local area network interface).Wi-Fi interfaces, asLike any other kind ofIEEE 802-basednetworkinterface, likeinterface based on IEEE 802 such as Ethernet (i.e., IEEE802.3)802.3), Wi-Fi interfaces havea Layer-2an L2 addressalso(also referred to as a MACaddress, whichaddress) that can be seen by anybody who can receive the radio signal transmitted by the network interface. The format of these addresses (for 48-bit MAC addresses) is shown in <xreftarget="fig:ieee802_mac_address_format" />.target="fig_ieee802_mac_address_format" format="default"/>. </t> <figureanchor="fig:ieee802_mac_address_format" title="IEEEanchor="fig_ieee802_mac_address_format"> <name>IEEE 802 MAC Address Format (for48-bit addresses)" > <artwork><![CDATA[48-Bit Addresses)</name> <artwork name="" type="" align="left" alt=""><![CDATA[ +--------+--------+---------+--------+--------+---------+ | Organizationally Unique | Network Interface | | Identifier (OUI) | Controller (NIC) Specific | +--------+--------+---------+--------+--------+---------+ / \ / \ / \ b0 (I/G bit): / \ 0: unicast / \ 1: multicast / \ / \ b1 (U/L bit): +--+--+--+--+--+--+--+--+ 0: globally unique (OUI enforced) |b7|b6|b5|b4|b3|b2|b1|b0| 1: locally administered +--+--+--+--+--+--+--+--+ ]]></artwork> </figure> <t> MAC addresses caneitherbe either universallyadministeredor locally administered. Universallyadministeredand locally administered addresses are distinguished by setting thesecond-least-significantsecond least significant bit of the most significant byte of the address (the U/L bit). </t> <t> A universally administered address is uniquely assigned to a device by its manufacturer. Most physical devices are provided with a universally administered address, which is composed of twoparts: (i) the Organizationallyparts:</t> <dl newline="false" spacing="normal"> <dt>Organizationally Unique Identifier(OUI), which are the(OUI):</dt><dd>The first three octets in transmissionorder andorder, which identify the organization that issued theidentifier, and (ii) Networkidentifier.</dd> <dt>Network Interface Controller (NIC)Specific, which are theSpecific:</dt><dd>The following three octets, which are assigned by the organization that manufactured the NIC, in such a way that the resulting MAC address is globallyunique. </t>unique.</dd> </dl> <t> Locally administered addresses override the burned-in address, and they caneitherbeset-upset up by either the networkadministrator,administrator orbythe Operating System (OS) of the device to which the address pertains. However, as explained infurtherlater sections of this document, there are new initiativesatin the IEEE 802 and other organizations to specify ways in which these locally administered addresses should be assigned, depending on the use case. </t> </section><!-- END Problem statement --> <!-- BEGIN MAC address randomization --><sectionanchor="sec:mac_addr_random" title="MAC address randomization">anchor="sec_mac_addr_random" numbered="true" toc="default"> <name>MAC Address Randomization</name> <t> Since universally administered MAC addresses are by definition globally unique, when a device uses this MAC address over a shared medium to transmit data-especially-- especially over theair-air -- it is relatively easy to track this device by simple medium observation. Since a device is usually directly associated to an individual, this poses a privacy concern <xreftarget="link_layer_privacy"/>.target="link_layer_privacy" format="default"/>. </t> <t> MAC addresses can be easily observed by a third party, such as a passive device listening to communications in the samelayer-2L2 network. In an 802.11 network, a station (STA) exposes its MAC address in two different situations: </t><t><list style="symbols"><ul spacing="normal"> <li> <t> While actively scanning for available networks, the MAC address is used in the Probe Request frames sent by thedevice (a.k.a. IEEE 802.11 STA).device. </t> </li> <li> <t> Once associated to a given Access Point (AP), the MAC address is used in frame transmission and reception, as one of the addresses used in the unicast address fields of an IEEE 802.11 frame. </t></list></t></li> </ul> <t> One way toovercomeaddress this privacy concern is by using randomly generated MAC addresses.TheIEEE 802 addressing includes one bit to specify if the hardware address is locally or globally administered. This allowsgeneratinglocal addresses to be generated without the needoffor any global coordination mechanism to ensure that the generated address is still unique within the local network. This feature can be used to generate random addresses, which decouple the globally unique identifier from the device and therefore make it more difficult to track a user device from its MAC/L2 address <xref target="enhancing_location_privacy"/>.format="default"/>. </t> <t> Note that there are reports <xref target="contact_tracing_paper"/>format="default"/> of some mobileOperating Systems (OSes)OSes reporting persistently (every 20 minutes or so) on MAC addresses(among(as well as other information), which would defeat MAC address randomization. While these practices might have changed by now, it is important to highlight thatprivacy preservingprivacy-preserving techniques should be conducted while considering all layers of the protocol stack. </t> </section> <sectionanchor="sec:mac_addr_experiments" title="Privacyanchor="sec_mac_addr_experiments" numbered="true" toc="default"> <name>Privacy Workshop,TutorialTutorial, and Experiments at IETF and IEEE 802meetings">Meetings</name> <t> As an outcome to the STRINT W3C/IAB Workshop <xref target="strint"/>,format="default"/>, a tutorialontitled "Pervasive Surveillance of the Internet - Designing Privacy into Internet Protocols" <xref target="privacy_tutorial" format="default"/> was given at the IEEE 802 Plenary meeting in San Diego<xref target="privacy_tutorial" />in July of 2014. The tutorial provided an update on the recent developments regarding Internet privacy, the actions undertaken by otherSDOs such asStandards Development Organizations (SDOs) like the IETF, and guidelines that were being followed when developing new Internet protocol specifications (e.g., the considerations described in <xref target="RFC6973"/>).format="default"/>). The tutorial highlighted some privacy concernsapplicablethat apply specifically to link-layer technologies and provided suggestions on how IEEE 802 could helpaddressingaddress them. </t> <t> Following the discussions and interest within the IEEE 802 community, on 18 July20142014, the IEEE 802 Executive Committee (EC) createdanthe IEEE 802 EC Privacy Recommendation Study Group (SG) <xref target="ieee_privacy_ecsg"/>.format="default"/>. The work and discussions from the group have generated multiple outcomes, such as: 802E PAR (Project Authorization Request, this is the means by which standards projects are started within the IEEE. PARs define the scope, purpose, and contact points for a new project): Recommended Practice for Privacy Considerations for IEEE 802 Technologies <xref target="IEEE_802E"/>,format="default"/>, and the 802c PAR: Standard for Local and Metropolitan Area Networks - Overview and ArchitectureAmendment- Amendment 2: Local Medium Access Control (MAC) Address Usage <xref target="IEEE_802c"/>.format="default"/>. </t> <t> In order to test the effects of MAC address randomization,trialsexperiments were conducted at the IETF and IEEE 802 meetings between November 2014 and March 2015- IETF91, IETF92-- IETF 91, IETF 92, and the IEEE 802 Plenary in Berlin. The purpose of thetrialsexperiments was to evaluate the use of MAC address randomization from two different perspectives:(i)(1) the effect on the connectivity experience of theend-user, also checking ifend user, as well as any effect on applications andOSes were affected;OSes, and(ii)(2) the potential impact on the network infrastructure itself. Some of the findings were published in <xref target="CSCN2015"/>.format="default"/>. </t> <t> During thetrialsexperiments, it was observed that the probability of address duplication in a network is negligible. Thetrialsexperiments also revealed that other protocol identifiers (e.g., the DHCP client identifier) can be correlated and can therefore still be used tostilltrack an individual. Hence, effective privacy tools should not work in isolation at a singlelayer, butlayer; instead; they should be coordinated with other privacy features at higher layers. </t> <t> Since then, MAC address randomization hasfurtherbeen further implemented by mobile OSes to provide better privacy for mobile phone users when connecting to public wireless networks <xref target="privacy_ios"/>,format="default"/> <xref target="privacy_windows"/>,format="default"/> <xref target="privacy_android"/>.format="default"/>. </t> </section><!-- END L2 address randomization --></section><!-- BEGIN Tools --><sectionanchor="sec:mac_rnd_at_ieee802" title="Randomizedanchor="sec_mac_rnd_at_ieee802" numbered="true" toc="default"> <name>Activities Relating to Randomized and Changing MACaddresses activities atAddresses in the IEEE802">802</name> <t> Practical experiencesofwith Randomized and Changing MACaddresses(RCM) addresses in devices (some ofthemwhich are explained inSection<xref target="rcm-types"/>)format="default"/>) helped researchers fine-tune their understanding of attacks against randomization mechanisms <xref target="when_mac_randomization_fails"/>. Atformat="default"/>. Within the IEEE 802.11groupgroup, these research experiences eventually formed the basis for a specified mechanism that randomizes MAC addresses, which was introduced intheIEEE Std 802.11aqin 2018 which randomize MAC addresses<xreftarget="IEEE_802_11_aq" />.target="IEEE_802.11aq" format="default"/> in 2018. </t> <t> More recent developments include turning on MAC address randomization in mobile OSes by default, which has an impact on the ability of network operators to customize services <xref target="rcm_user_experience_csd"/>.format="default"/>. Therefore, follow-on work in the IEEE 802.11 mapped effects of a potentially large uptake of randomized MAC identifiers on a number of commonly offered operator services in2019<xref2019 <xref target="rcm_tig_final_report"/>.format="default"/>. In the summer of20202020, this work emanated in two new standards projects with the purpose of developing mechanisms that do not decrease user privacy but enable an optimal user experience when the MAC address of a device in an Extended Service Set (a group of interconnected IEEE 802.11 wireless access points and stations that form a single logical network) is randomized or changes <xref target="rcm_user_experience_par"/>format="default"/> and user privacy solutions applicable to IEEE Std 802.11 <xref target="rcm_privacy_par"/>.format="default"/>. </t> <t> IEEE Std 802 <xref target="IEEE_802"/>,format="default"/>, as of the amendment IEEE 802c-2017 <xref target="IEEE_802c"/>,format="default"/>, specifies a local MAC address space structure known as the Structured Local Address Plan (SLAP) <xref target="RFC8948"/>.format="default"/>. The SLAP designates a range of Extended Local Identifiers for subassignment within a block of addresses assigned by the IEEE Registration Authority via a Company ID. A range of local MAC addresses is designated for Standard Assigned Identifiers to be specified by IEEE 802 standards. Another range of local MAC addresses is designated for Administratively AssignedIdentifiersIdentifiers, which are subject to assignment by a network administrator. </t> <t>"IEEEIEEE Std802E-2020:802E-2020 ("IEEE Recommended Practice for Privacy Considerations for IEEE802 Technologies"802(R) Technologies") <xref target="IEEE_802E"/>format="default"/> recommends the use of temporary and transient identifiers if there are no compelling reasons for a newly introduced identifier to be permanent. This recommendation is part of the basis for the review of user privacy solutions for IEEE Std 802.11(a.k.a. Wi-Fi)devices (also known as Wi-Fi devices) as part of the RCM efforts <xref target="rcm_privacy_csd"/> efforts.format="default"/>. Annex T of IEEE Std802.1AEdk-2023: MAC802.1AEdk-2023 ("MAC PrivacyProtectionProtection") <xreftarget="IEEE802.1AEdk-2023" />target="IEEE_802.1AEdk" format="default"/> discusses privacy considerations in bridged networks. </t> <t> Asperof 2024, two task groups in IEEE 802.11 are dealing with issues related toRCM: <list style="symbols">RCM addresses: </t> <ul spacing="normal"> <li> <t> The IEEE 802.11bh task group, which is looking at mitigating the repercussions that RCMcreatesaddresses create on 802.11 networks and relatedservices, andservices. </t> </li> <li> <t> The IEEE 802.11bi task group, which is chartered to define modifications to the IEEE Std 802.11medium access control (MAC)MAC specification to specify new mechanisms that address and improve user privacy. </t></list> </t></li> </ul> </section><!-- END Tools --><sectionanchor="sec:wba" title="Recentanchor="sec_wba" numbered="true" toc="default"> <name>Recent Activities Related to MACrandomization-related activities atAddress Randomization in theWBA">WBA</name> <t>AtIn the Wireless Broadband Alliance (WBA), the Testing and Interoperability Work Group has been looking attheissues related to MAC address randomization and has identified a list of potential impacts of these changes to existing systems and solutions, mainly related to Wi-Fi identification. </t> <t> As part of this work, the WBA has documented a set of use cases that a Wi-Fi Identification Standard should address in order to scale and achievelonger termlonger-term sustainability of deployed services. A first version ofthis document has been liaised with the IETF as part of the MAC Address Device Identification for Network and Application Services (MADINAS) activities through thethat document, a paper titled "Wi-Fi Identification In a post MAC Randomization Era v1.0"paper<xref target="wba_paper"/>.format="default"/>, was created while liaising with the IETF MADINAS Working Group. </t> </section><!-- BEGIN Evaluation --><sectionanchor="sec:mac_rnd_at_ietf" title="IPv6 address randomization atanchor="sec_mac_rnd_at_ietf" numbered="true" toc="default"> <name>IPv6 Address Randomization in theIETF">IETF</name> <t> <xref target="RFC4862"/>format="default"/> specifies Stateless Address Autoconfiguration (SLAAC) for IPv6, which typically results in hosts configuring one or more "stable" addresses composed of a network prefix advertised by a localrouter,router and an Interface Identifier (IID). <xref target="RFC8064"/>format="default"/> formally updated the original IPv6 IID selection mechanism to avoid generating the IID from the MAC address of the interface (via EUI64), as this potentially allowed for tracking of a device at L3. Additionally, the prefix part of an IP address provides meaningful insights of the physical location of the device in general, which together with the IID based on the MACaddress-based IID,address, made it easier to perform global device tracking. </t> <t> <xref target="RFC8981"/>format="default"/> identifies and describes the privacy issues associated with embedding MAC stable addressing information intotheIPv6 addresses (as part of the IID). It describes an extension to IPv6 SLAAC that causes hosts to generate temporary addresses with randomizedinterface identifiersIIDs for each prefix advertised with autoconfiguration enabled. Changing addresses over time limits the window of time during which eavesdroppers and other information collectors may trivially perform address-based network-activity correlation when the same address is employed for multiple transactions by the same host. Additionally, it reduces the window of exposure of a host as being accessible via an address that becomes revealed as a result of active communication. These temporary addresses are meant to be used for a short period of time (hours to days) andwouldthenbedeprecated. Deprecated addresses can continue to be used foralready established connections,already-established connections but are not used to initiate new connections. New temporary addresses are generated periodically to replace temporary addresses that expire.In order to do so,To generate temporary addresses, a node produces a sequence of temporary global scope addresses from a sequence ofinterface identifiersIIDs that appear to be random in the sense that (1) it is difficult for an outside observer to predict a future address (or identifier) based on a currentone,one and (2) it is difficult to determine previous addresses (or identifiers) knowing only the present one. Temporary addresses should not be used by applications that listen for incoming connections (as these are supposed to be waiting on permanent/well-known identifiers). If a node changes network and comes back to a previously visited one, the temporary addresses that the node would use will be different,and thiswhich might be an issue in certain networks where addresses are used for operational purposes (e.g., filtering or authentication). <xref target="RFC7217"/>,format="default"/>, summarized next, partially addresses the problems aforementioned. </t> <t> <xref target="RFC7217"/>format="default"/> describes a method to generateInterface IdentifiersIIDs that are stable for each network interface within eachsubnet,subnet butthatchange as a host moves from one network to another. This method enableskeepingthe "stability" properties of theInterface IdentifiersIIDs specified in <xref target="RFC4291"/>,format="default"/> to be kept, while still mitigating address-scanning attacks and preventing correlation of the activities of a host as it moves from one network to another. The method defined to generate the IPv6 IID is based on computing a hash functionwhichthat takes the following asinputinput: information that is stable and associated to the interface (e.g., a localinterface identifier),IID), stable information associated to the visited network (e.g., the IEEE 802.11SSID),Service Set Identifier (SSID)), the IPv6 prefix,anda secret key,plusand some other additional information. This basically ensures that a different IID is generated whenanyone of the input fields changes (such as the network or theprefix),prefix) but that the IID is the same within each subnet. </t> <t>Currently,To mitigate the privacy threats posed by the use of MAC-derived IIDs, <xref target="RFC8064"/>format="default"/> recommends that nodestoimplement <xref target="RFC7217"/>format="default"/> as the default scheme for generating stable IPv6 addresses withSLAAC, to mitigate the privacy threats posed by the use of MAC-derived IIDs.SLAAC. </t> <t> In addition to theformer documents,documents above, <xref target="RFC8947"/>format="default"/> proposes"an extension toa DHCPv6thatextension that:</t> <blockquote> allows a scalable approach to link-layer address assignments where preassigned link-layer address assignments (such as by a manufacturer) are not possible orunnecessary".are unnecessary. </blockquote> <t>And <xref target="RFC8948"/>format="default"/> proposes"extensions toDHCPv6protocols toextensions that:</t> <blockquote> enable a DHCPv6 client or a DHCPv6 relay to indicate a preferred SLAP quadrant to theserver,server so that the server may allocate MAC addresses in the quadrant requested by the relay orclient". </t>client. </blockquote> <t>Not onlyIn addition to MAC and IPaddressesaddresses, some DHCP options that carry unique identifiers can also be used for tracking purposes.Some DHCP options carry unique identifiers.These identifiers can enable device tracking even if the device administrator takes care of randomizing other potential identifications like link-layer addresses or IPv6 addresses. <xref target="RFC7844"/>format="default"/> introduces anonymityprofiles, "designedprofiles that are:</t> <blockquote> designed for clients that wish to remain anonymous to the visitednetwork. The profilesnetwork </blockquote> <t>and that:</t> <blockquote> provide guidelines on the composition of DHCP or DHCPv6 messages, designed to minimize disclosure of identifyinginformation". <xrefinformation. </blockquote> <t><xref target="RFC7844"/>format="default"/> also indicates that the link-layer address, IP address, and DHCP identifier shall evolve in synchrony. </t><!-- <t> Lately, the MAC Address Device Identification for Network and Application Services (MADINAS) IETF BoF has discussed the need to examine the effect of RCM schemes on network and application services in several scenarios identified as relevant. </t> --></section><!-- END Evaluation --><section anchor="rcm-types"title="A taxonomynumbered="true" toc="default"> <name>Taxonomy of MACaddress selection policies">Address Selection Policies</name> <t> This section documents different policies for MAC address selection. Some OSes might use a combination of multipleof thesepolicies. </t><t><aside><t> Note about theusednamingconvention: theconvention used: The "M" inMAC"MAC" is included in theacronym,acronym but not the "A" fromaddress."Address". This allows one to talk about aPVOM Address,"PVOM address" orPNGM Address. </t>"PNGM address". </t></aside> <t><!-- The names are all in the form for per-period-of-time-selection. --></t> <section anchor="policy-pvom"title="Per-Vendornumbered="true" toc="default"> <name>Per-Vendor OUI MACaddress (PVOM)">(PVOM) Address</name> <t> This form of MAC address selection is the historical default. </t> <t> The vendor obtains anOrganizationally Unique Identifier (OUI)OUI from the IEEE. Thishas beenis a 24-bit prefix (including two upper bitswhichthat are set specifically) that is assigned to the vendor. The vendor generates a unique 24-bit value for the lower24-bits,24 bits, forming the 48-bit MAC address. Ithasis notbeenunusual for the 24-bit value to betakenused as an incrementingcounter,counter that was assigned at thefactory,factory and burnt into non-volatile storage. </t> <t> Note that IEEE Std 802.15.4use<xref target="IEEE_802.15.4"/> uses 64-bit MAC addresses, and the IEEE assigns 32-bit prefixes. The IEEE has indicated that there may be a future Ethernet specificationusingthat uses 64-bit MAC addresses. </t> </section> <section anchor="policy-pdgm"title="Per-Devicenumbered="true" toc="default"> <name>Per-Device Generated MACaddress (PDGM)">(PDGM) Address</name> <t> This form of MAC address is randomly generated by the device, usually upon first boot. The resulting MAC address is stored in non-volatile storage and is used for the rest of the device lifetime. </t> </section> <section anchor="policy-pbgm"title="Per-Bootnumbered="true" toc="default"> <name>Per-Boot Generated MACaddress (PBGM)">(PBGM) Address</name> <t> This form of MAC address is randomly generated by thedevice,device each time the device is booted. The resulting MAC address is*not*<strong>not</strong> stored in non-volatile storage. It does not persist across power cycles. This case may sometimes be a PDGM address where the non-volatile storage is no longer functional (or has failed). </t> </section> <section anchor="policy-pngm"title="Per-Networknumbered="true" toc="default"> <name>Per-Network Generated MACaddress (PNGM)">(PNGM) Address</name> <t> This form of MAC address is generated each time a new network attachment is created. </t> <t> This is typically used with Wi-Fi(802.11)networks (i.e., 802.11 networks) where the network is identified by an SSID Name. The generated address is storedonin non-volatile storage, indexed by the SSID. Each time the device returns to a network with the same SSID, the device uses the saved MAC address. </t> <t> It is possible to use a PNGM address for wired Ethernet connections through some passive observation of networktraffic, suchtraffic (such asSTPthe Spanning Tree Protocol (SPT) <xreftarget="IEEE802.1D-2004" />, LLDPtarget="IEEE_802.1D" format="default"/>, the Link Layer Discovery Protocol (LLDP) <xreftarget="IEEE802.1AB-2016" />, DHCPtarget="IEEE_802.1AB" format="default"/>, DHCP, or RouterAdvertisementsAdvertisements) to determine which network has been attached. </t> </section> <section anchor="policy-ppgm"title="Per-Periodnumbered="true" toc="default"> <name>Per-Period Generated MACaddress (PPGM)">(PPGM) Address</name> <t> This form of MAC address is generatedperiodically. Typical numbers areperiodically, typically around every twelve hours. LikePNGM,PNGM addresses, it is used primarily with Wi-Fi. </t> <t> When the MAC address changes, the station disconnects from the current session and reconnects using the new MAC address. This will involve a new WPA/802.1xsession: new EAP, TLS, etc. negotiations. Asession, as well as obtaining (or refreshing) a newDHCP, SLAAC will be done.IP address (e.g., using DHCP or SLAAC). </t> <t> If DHCP is used, then a newDUIDDHCP Unique Identifier (DUID) is generated so as to not link to the previousconnection, and the result isconnection; this usually results in the allocation of new IPaddresses allocated.addresses. </t> </section> <section anchor="policy-psgm"title="Per-Sessionnumbered="true" toc="default"> <name>Per-Session Generated MACaddress (PSGM)">(PSGM) Address</name> <t> This form of MAC address is generated on aper sessionper-session basis. How a session is defined isimplementation-dependant,implementation-dependent, for example, a session might be defined by logging in to a portal, VPN, etc. LikePNGM,PNGM and PPGM addresses, it is used primarily with Wi-Fi. </t> <t> Since the addresschangesonly changes when a new session is established, there is no disconnection/reconnection involved. </t> </section> </section><!-- BEGIN OSes current practices --><sectionanchor="sec:os_current_practices" title="OS current practices"> <!--anchor="sec_os_current_practices" numbered="true" toc="default"> <name>OS Current Practices</name> <t>Since this content can evolve with time, it is now hosted at <eref target="https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac-address-randomization/blob/main/OS-current-practices.md" /> </t> --> <t> MostBy default, most modern OSes (especially mobile ones) do implementby defaultsome MAC address randomizationpolicy.policies. Since the mechanism and policies that OSes implement can evolve with time, the content is now hosted at<eref target="https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac-address-randomization/blob/main/OS-current-practices.md" />.<xref target="OS_current_practices"/>. For completeness, a snapshot of the content at the time of publication of this document is included below. Note that the extensive testing reported in this document was conducted in 2021, but no significant changes have been detected at the time of publication of this document. </t> <t> <xreftarget="tab:current_practices" />target="tab_current_practices" format="default"/> summarizes current practices for Android andiOS, asiOS at the time of writing this document(original(the original sourceposted at: https://www.fing.com/news/private-mac-address-on-ios-14, latest wayback machine's snapshotis availablehere: https://web.archive.org/web/20230905111429/https://www.fing.com/news/private-mac-address-on-ios-14, updatedat <xref target="private_mac"/>) and also includes updates based on findings from theauthors).authors. </t><texttable anchor="tab:current_practices" title="Android<table anchor="tab_current_practices" align="center"> <name>Android and iOS MACaddress randomization practices"> <ttcol width="50%"Address Randomization Practices</name> <thead> <tr> <th align="left">Android10+</ttcol> <ttcol width="50%"10+</th> <th align="left">iOS14+</ttcol> <c>The14+</th> </tr> </thead> <tbody> <tr> <td align="left">The randomized MAC address is bound to theSSID</c> <c>TheSSID.</td> <td align="left">The randomized MAC address is bound to the BasicSSID</c> <c></c> <c></c> <c>TheSSID.</td> </tr> <tr> <td align="left">The randomized MAC address is stable across reconnections for the samenetwork</c> <c>Thenetwork.</td> <td align="left">The randomized MAC address is stable across reconnections for the samenetwork</c> <c></c> <c></c> <c>Thenetwork.</td> </tr> <tr> <td align="left">The randomized MAC address does not get re-randomized when the device forgets aWiFI network</c> <c>TheWi-Fi network.</td> <td align="left">The randomized MAC address is reset when the device forgets aWiFI network</c> <c></c> <c></c> <c>MACWi-Fi network.</td> </tr> <tr> <td align="left">MAC address randomization is enabled by default for all the new Wi-Fi networks. But if the device previously connected to a Wi-Fi network identifying itself with the real MAC address, no randomized MAC address will be used (unless manuallyenabled)</c> <c>MACenabled).</td> <td align="left">MAC address randomization is enabled by default for all the new Wi-Finetworks</c> </texttable>networks.</td> </tr> </tbody> </table> <t> In September 2021, wehaveperformed some additional tests to evaluate howmostOSes that are widely usedOSesbehave regarding MAC address randomization. <xreftarget="tab:experiments-2021" />target="tab_experiments-2021" format="default"/> summarizes ourfindings, where show on differentfindings; the rows in the table show whether the OS performs address randomization per network (PNGM according to the taxonomy introduced in <xref target="rcm-types"/>),format="default"/>), performs address randomization per new connection (PSGM), performs address randomization daily (PPGM with a period of24h),24 hours), supports configuration per SSID, supports address randomization for scanning, andwhether it does thatsupports address randomization for scanning by default. </t><texttable anchor="tab:experiments-2021" title="Observed behavior from different OS<table anchor="tab_experiments-2021" align="center"> <name>Observed Behavior in Different OSes (as of September2021)"> <ttcol width="35%" align="left">OS</ttcol> <ttcol width="15%"2021)</name> <thead> <tr> <th align="left">OS</th> <th align="center">Linux (Debian"bookworm")</ttcol> <ttcol width="20%""bookworm")</th> <th align="center">Android10</ttcol> <ttcol width="20%"10</th> <th align="center">Windows10</ttcol> <ttcol width="10%"10</th> <th align="center">iOS14+</ttcol> <c>Random14+</th> </tr> </thead> <tbody> <tr> <td align="left">Random. per net.(PNGM)</c><c>Y</c><c>Y</c><c>Y</c><c>Y</c> <c></c><c></c><c></c><c></c><c></c> <c>Random(PNGM)</td> <td align="center">Y</td> <td align="center">Y</td> <td align="center">Y</td> <td align="center">Y</td> </tr> <tr> <td align="left">Random. per connec.(PSGM)</c><c>Y</c><c>N</c><c>N</c><c>N</c> <c></c><c></c><c></c><c></c><c></c> <c>Random(PSGM)</td> <td align="center">Y</td> <td align="center">N</td> <td align="center">N</td> <td align="center">N</td> </tr> <tr> <td align="left">Random. daily(PPGM)</c><c>N</c><c>N</c><c>Y</c><c>N</c> <c></c><c></c><c></c><c></c><c></c> <c>SSID config.</c><c>Y</c><c>N</c><c>N</c><c>N</c> <c></c><c></c><c></c><c></c><c></c> <c>Random. for scan</c><c>Y</c><c>Y</c><c>Y</c><c>Y</c> <c></c><c></c><c></c><c></c><c></c> <c>Random.(PPGM)</td> <td align="center">N</td> <td align="center">N</td> <td align="center">Y</td> <td align="center">N</td> </tr> <tr> <td align="left">SSID config.</td> <td align="center">Y</td> <td align="center">N</td> <td align="center">N</td> <td align="center">N</td> </tr> <tr> <td align="left">Random. for scan</td> <td align="center">Y</td> <td align="center">Y</td> <td align="center">Y</td> <td align="center">Y</td> </tr> <tr> <td align="left">Random. for scan bydefault</c><c>N</c><c>Y</c><c>N</c><c>Y</c> </texttable>default</td> <td align="center">N</td> <td align="center">Y</td> <td align="center">N</td> <td align="center">Y</td> </tr> </tbody> </table> <t> According to <xreftarget="privacy_android"/>,target="privacy_android" format="default"/>, startinginwith Android 12, Android uses non-persistent randomization in the following situations:(i) a</t> <ul spacing="normal"> <li>A network suggestionappapplication specifies thatnon-persistantnon-persistent randomization be used for the network (through anAPI); or (ii) theAPI).</li> <li>The network is an open network that hasn't encountered a captiveportalportal, and an internal config option is set to do so (bydefaultdefault, it isnot). </t>not).</li> </ul> </section><!-- END OSes current practices --><section anchor="IANA"title="IANA Considerations">numbered="true" toc="default"> <name>IANA Considerations</name> <t> This document has no IANA actions. </t> </section> <section anchor="Security"title="Security Considerations">numbered="true" toc="default"> <name>Security Considerations</name> <t> Privacy considerations regarding tracking the location of a user through the MAC address ofthisa device are discussed throughout this document. Given the informational nature of this document, no protocols/solutions are specified, but the current state of affairs is documented. </t> <t> Any future specification in this area wouldhaveneed to look into security and privacy aspects, suchas, butas (but not limitedto: i) mitigatingto) the following:</t> <ul spacing="normal"> <li>Mitigating the problem of location privacy while minimizing the impact on upper layers of the protocolstack; ii) providingstack</li> <li>Providing the meanstofor network operators to authenticate devices and authorize networkaccessaccess, despite the MAC addresses changingfollowingaccording somepattern; and, iii) providepattern</li> <li>Providing the means for the device not to use MAC addresses that it is not authorized to use or that are currently inuse. </t>use</li> </ul> <t> A major conclusion of the work in IEEE Std 802E <xref target="IEEE_802E" format="default"/> concerned the difficulty of defending privacy against adversaries of any sophistication. Individuals can be successfully tracked byfingerprintingfingerprinting, using aspects of their communication other than MACAddressesaddresses or other permanent identifiers. </t> </section><section anchor="Acknowledgments" title="Acknowledgments"> <t> Authors would like to thank Guillermo Sanchez Illan for the extensive tests performed on different OSes to analyze their behavior regarding address randomization. </t> <t> Authors would like to thank Jerome Henry, Hai Shalom, Stephen Farrel, Alan DeKok, Mathieu Cunche, Johanna Ansohn McDougall, Peter Yee, Bob Hinden, Behcet Sarikaya, David Farmer, Mohamed Boucadair, Éric Vyncke, Christian Amsüss, Roma Danyliw, Murray Kucherawy and Paul Wouters for their reviews and comments on previous versions of this document. Authors would also like to thank Michael Richardson for his contributions on the taxonomy section. Finally, authors would also like to thank the IEEE 802.1 Working Group for its review and comments, performed as part of the Liaison statement on Randomized and Changing MAC Address (https://datatracker.ietf.org/liaison/1884/). </t> </section></middle> <back><!-- <references title="Normative References"> &rfc2119; </references> --> <references title="Informative References"> &rfc4862; &rfc6973; &rfc7217; &rfc8947; &rfc8948; &rfc7844; &rfc8981; &rfc4291; &rfc8064;<references> <name>Informative References</name> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4862.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6973.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7217.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8947.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8948.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7844.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8981.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.4291.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8064.xml"/> <referenceanchor="CSCN2015" >anchor="private_mac" target="https://web.archive.org/web/20230905111429/https://www.fing.com/news/private-mac-address-on-ios-14"> <front> <title>Private MAC address on iOS 14</title> <author fullname="Daniele Pantaleone"/> <date month="September" year="2020"/> </front> <refcontent>Wayback Machine archive</refcontent> </reference> <reference anchor="OS_current_practices" target="https://github.com/ietf-wg-madinas/draft-ietf-madinas-mac-address-randomization/blob/main/OS-current-practices.md"> <front> <title>OS current practices</title> <author/> <date month="July" year="2024"/> </front> <refcontent>commit 795739b</refcontent> </reference> <reference anchor="CSCN2015"> <front> <title>Wi-Fi Internet Connectivity and Privacy: Hiding your tracks on the wireless Internet</title> <author initials="CJ." surname="Bernardos" fullname="Carlos J. Bernardos"> </author> <author initials="JC." surname="Zúñiga" fullname="Juan C. Zúñiga"> </author> <author initials="P." surname="O'Hanlon" fullname="Piers O'Hanlon"> </author> <date month="October" year="2015"/> </front><seriesInfo name="Standards<refcontent>2015 IEEE Conference on Standards for Communications and Networking(CSCN), 2015 IEEE Conference on" value="" />(CSCN)</refcontent> <seriesInfo name="DOI" value="10.1109/CSCN.2015.7390443"/> </reference> <referenceanchor="link_layer_privacy" >anchor="link_layer_privacy"> <front> <title>Privacy at the link-layer</title> <author initials="P." surname="O'Hanlon" fullname="Piers O'Hanlon"> </author> <author initials="J." surname="Wright" fullname="J. Wright"> </author> <author initials="I." surname="Brown" fullname="Ian Brown"> </author> <date month="February" year="2014"/> </front><seriesInfo name="Contribution at W3C/IAB<refcontent>W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring(STRINT)" value="" />(STRINT)</refcontent> </reference> <referenceanchor="enhancing_location_privacy" >anchor="enhancing_location_privacy"> <front> <title>Enhancinglocation privacyLocation Privacy inwirelessWireless LANthrough disposable interface identifiers: a quantitative analysis</title>Through Disposable Interface Identifiers: A Quantitative Analysis</title> <author initials="M." surname="Gruteser" fullname="M. Gruteser"> </author> <author initials="D." surname="Grunwald" fullname="D. Grunwald"> </author> <datemonth=""month="June" year="2005"/> </front><seriesInfo name="Mobile<refcontent>Mobile Networks and Applications, vol. 10, no. 3, pp.315-325" value="" />315-325</refcontent> <seriesInfo name="DOI" value="10.1007/s11036-005-6425-1"/> </reference> <reference anchor="privacy_ios"target="https://support.apple.com/en-us/HT211227">target="https://support.apple.com/en-us/102509"> <front> <title>Use private Wi-Fi addressesin iOS 14, iPadOS 14, and watchOS 7</title> <author initials="" surname="Apple" fullname="Apple"> <organization></organization>on Apple Devices</title> <author> <organization>Apple Inc.</organization> </author><date /><date/> </front> <refcontent>Apple Support</refcontent> </reference> <reference anchor="strint" target="https://www.w3.org/2014/strint/"> <front><title>A<title>STRINT Workshop: A W3C/IAB workshop on Strengthening the Internet Against Pervasive Monitoring (STRINT)</title><author initials="" surname="W3C/IAB" fullname="W3C/IAB"> <organization></organization><author> <organization>W3C/IAB</organization> </author><date /><date/> </front> </reference> <reference anchor="ieee_privacy_ecsg" target="http://www.ieee802.org/PrivRecsg/"> <front> <title>IEEE 802 EC Privacy Recommendation Study Group</title><author initials="" surname="IEEE 802 Privacy EC SG" fullname="IEEE<author> <organization>IEEE 802Privacy EC SG"> <organization></organization>LAN/MAN Standards Committee</organization> </author><date /><date/> </front> </reference> <reference anchor="privacy_tutorial" target="https://mentor.ieee.org/802-ec/dcn/14/ec-14-0043-01-00EC-internet-privacy-tutorial.pdf"> <front><title>Tutorial on Pervasive<title>Pervasive Surveillance of the Internet - Designing Privacy into InternetProtocols </title>Protocols</title> <author initials="A." surname="Cooper" fullname="Alissa Cooper"> </author> <author initials="T." surname="Hardie" fullname="Ted Hardie"> </author> <author initials="JC." surname="Zuniga" fullname="Juan-Carlos Zuniga"> </author> <author initials="L." surname="Chen" fullname="Lily Chen"> </author> <author initials="P." surname="O'Hanlon" fullname="Piers O'Hanlon"> </author> <date/>day="14" month="July" year="2014"/> </front> <refcontent>IEEE 802 Tutorial</refcontent> </reference> <reference anchor="wifi_tracking" target="https://www.independent.co.uk/life-style/gadgets-and-tech/news/updated-london-s-bins-are-tracking-your-smartphone-8754924.html"> <front> <title>London's bins are tracking your smartphone</title> <authorinitials="" surname="The Independent" fullname="The Independent"> <organization></organization> </author>fullname="James Vincent"/> <date/>day="9" month="August" year="2013"/> </front> <refcontent>The Independent</refcontent> </reference> <reference anchor="privacy_android" target="https://source.android.com/devices/tech/connect/wifi-mac-randomization-behavior"> <front> <title>MACRandomization Behavior</title> <author initials="" surname="Android Open Source Project" fullname="Androidrandomization behavior</title> <author> <organization>Android Open SourceProject"> <organization></organization>Project</organization> </author><date /><date/> </front> <refcontent>Android OS Documentation</refcontent> </reference> <reference anchor="privacy_windows" target="https://support.microsoft.com/en-us/windows/how-to-use-random-hardware-addresses-ac58de34-35fc-31ff-c650-823fc48eb1bc"> <front><title>Windows: How<title>How to use random hardwareaddresses</title> <author initials="" surname="Microsoft" fullname="Microsoft"> <organization></organization>addresses in Windows</title> <author> <organization>Microsoft Corporation</organization> </author><date /><date/> </front> <refcontent>Microsoft Support</refcontent> </reference> <referenceanchor="when_mac_randomization_fails" >anchor="when_mac_randomization_fails"> <front> <title>A Study of MAC Address Randomization in Mobile Devices and When it Fails</title> <author initials="J." surname="Martin" fullname="J. Martin"> </author> <author initials="T." surname="Mayberry" fullname="T. Mayberry"> </author> <author initials="C." surname="Donahue" fullname="C. Donahue"> </author> <author initials="L." surname="Foppe" fullname="L. Foppe"> </author> <author initials="L." surname="Brown" fullname="L. Brown"> </author> <author initials="C." surname="Riggins" fullname="C. Riggins"> </author> <authorinitials="E.C."initials="E." surname="Rye"fullname="E.C.fullname="E. C. Rye"> </author> <author initials="D." surname="Brown" fullname="D. Brown"> </author> <datemonth=""month="March" year="2017"/> </front> <refcontent>arXiv:1703.02874v2</refcontent> <seriesInfoname="arXiv:1703.02874v2 [cs.CR]" value="" />name="DOI" value="10.48550/arXiv.1703.02874"/> </reference> <referenceanchor="IEEE_802E" >anchor="IEEE_802E"> <front> <title>IEEE802E-2020 - IEEERecommended Practice for Privacy Considerations for IEEE802802(R) Technologies</title><author initials="" surname="IEEE 802.1 WG - 802 LAN/MAN architecture" fullname="IEEE 802.1 WG - 802 LAN/MAN architecture"><author> <organization>IEEE</organization> </author> <datemonth=""month="November" year="2020"/> </front> <seriesInfo name="IEEE802E" value="" />Std" value="802E-2020"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2020.9257130"/> </reference> <referenceanchor="IEEE_802" >anchor="IEEE_802.15.4"> <front> <title>IEEE Standard for Low‐Rate Wireless Networks</title> <author> <organization>IEEE</organization> </author> <date month="December" year="2024"/> </front> <seriesInfo name="IEEE Std" value="802.15.4-2024"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2024.10794632"/> </reference> <reference anchor="IEEE_802"> <front> <title>IEEEStd 802 - IEEEStandard for Local and Metropolitan Area Networks: Overview and Architecture</title><author initials="" surname="IEEE 802" fullname="IEEE 802"><author> <organization>IEEE</organization> </author> <datemonth=""month="June" year="2014"/> </front> <seriesInfo name="IEEE802" value="" />Std" value="802-2014"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2014.6847097"/> </reference> <referenceanchor="IEEE_802c" >anchor="IEEE_802c"> <front> <title>IEEE802c-2017 - IEEEStandard for Local and Metropolitan Area Networks:Overview and Architecture--Amendment 2: Local Medium Access Control (MAC) Address Usage</title><author initials="" surname="IEEE 802.1 WG - 802 LAN/MAN architecture" fullname="IEEE 802.1 WG - 802 LAN/MAN architecture"><author> <organization>IEEE</organization> </author> <datemonth=""month="August" year="2017"/> </front> <seriesInfo name="IEEE802c" value="" />Std" value="802c-2017"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2017.8016709"/> </reference> <referenceanchor="IEEE_802_11_aq" >anchor="IEEE_802.11aq"> <front> <title>IEEE802.11aq-2018 - IEEEStandard for Information technology--Telecommunications and information exchange between systems Local and metropolitan areanetworks--Specificnetwork--Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 5: Preassociation Discovery</title><author initials="" surname="IEEE 802.11 WG - Wireless LAN Working Group" fullname="IEEE 802.11 WG - Wireless LAN Working Group"><author> <organization>IEEE</organization> </author> <datemonth=""month="August" year="2018"/> </front> <seriesInfo name="IEEE802.11" value="" />Std" value="802.11aq-2018"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2018.8457463"/> </reference> <referenceanchor="rcm_user_experience_csd" >anchor="rcm_user_experience_csd"> <front> <title>IEEE 802.11 Randomized And Changing MAC Addresses Study Group CSD on user experience mechanisms</title><author initials="" surname="IEEE 802.11 WG RCM SG" fullname="IEEE<author> <organization>IEEE 802.11 WG RCMSG">SG</organization> </author> <date month="" year="2020"/> </front><seriesInfo name="doc.:IEEE 802.11-20/1117r3" value="" /><refcontent>doc.:IEEE 802.11-20/1117r3</refcontent> </reference> <referenceanchor="rcm_tig_final_report" >anchor="rcm_tig_final_report"> <front> <title>IEEE 802.11 Randomized And Changing MAC Addresses Topic Interest Group Report</title><author initials="" surname="IEEE<author> <organization>IEEE 802.11 WG RCMTIG" fullname="IEEE 802.11 WG RCM TIG">TIG</organization> </author> <date month="" year="2019"/> </front><seriesInfo name="doc.:IEEE 802.11-19/1442r9" value="" /><refcontent>doc.:IEEE 802.11-19/1442r9</refcontent> </reference> <referenceanchor="rcm_user_experience_par" >anchor="rcm_user_experience_par"> <front> <title>IEEE 802.11 Randomized And Changing MAC Addresses Study Group PAR on user experience mechanisms</title><author initials="" surname="IEEE<author> <organization>IEEE 802.11 WG RCMSG" fullname="IEEE 802.11 WG RCM SG">SG</organization> </author> <date month="" year="2020"/> </front><seriesInfo name="doc.:IEEE 802.11-20/742r5" value="" /><refcontent>doc.:IEEE 802.11-20/742r5</refcontent> </reference> <referenceanchor="rcm_privacy_par" >anchor="rcm_privacy_par"> <front> <title>IEEE 802.11 Randomized And Changing MAC Addresses Study Group PAR on privacy mechanisms</title><author initials="" surname="IEEE 802.11 WG RCM SG" fullname="IEEE<author> <organization>IEEE 802.11 WG RCMSG">SG</organization> </author> <date month="" year="2020"/> </front><seriesInfo name="doc.:IEEE 802.11-19/854r7" value="" /><refcontent>doc.:IEEE 802.11-19/854r7</refcontent> </reference> <referenceanchor="rcm_privacy_csd" >anchor="rcm_privacy_csd"> <front> <title>IEEE 802.11 Randomized And Changing MAC Addresses Study Group CSD on user experience mechanisms</title><author initials="" surname="IEEE 802.11 WG RCM SG" fullname="IEEE<author> <organization>IEEE 802.11 WG RCMSG">SG</organization> </author> <date month="" year="2020"/> </front><seriesInfo name="doc.:IEEE 802.11-20/1346r1" value="" /><refcontent>doc.:IEEE 802.11-20/1346r1</refcontent> </reference> <referenceanchor="IEEE802.1AEdk-2023" >anchor="IEEE_802.1AEdk"> <front> <title>IEEEStd 802.1AEdk-2023: IEEEStandard for Local and metropolitan area networks-Media Access Control (MAC) Security - Amendment 4: MAC Privacy protection</title><author initials="" surname="IEEE 802.1" fullname="IEEE 802.1"><author> <organization>IEEE</organization> </author> <datemonth=""month="August" year="2023"/> </front> <seriesInfo name="IEEE Std" value="802.1AEdk-2023"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2023.10225636"/> </reference> <referenceanchor="IEEE802.1D-2004" >anchor="IEEE_802.1D"> <front> <title>IEEEStd 802.1D-2004: IEEEStandard for Local and metropolitan area networks: Media Access Control (MAC) Bridges</title><author initials="" surname="IEEE 802.1" fullname="IEEE 802.1"><author> <organization>IEEE</organization> </author> <datemonth=""month="June" year="2004"/> </front> <seriesInfo name="IEEE Std" value="802.1D-2004"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2004.94569"/> </reference> <referenceanchor="IEEE802.1AB-2016" >anchor="IEEE_802.1AB"> <front> <title>IEEEStd 802.1AB-2016: IEEEStandard for Local and metropolitan area networks - Station and Media Access Control Connectivity Discovery</title><author initials="" surname="IEEE 802.1" fullname="IEEE 802.1"><author> <organization>IEEE</organization> </author> <datemonth=""month="March" year="2016"/> </front> <seriesInfo name="IEEE Std" value="802.1AB-2016"/> <seriesInfo name="DOI" value="10.1109/IEEESTD.2016.7433915"/> </reference> <referenceanchor="wba_paper" >anchor="wba_paper"> <front> <title>Wi-Fi Identification Scope for Liasing - In a post MAC Randomization Era</title><author fullname="Wireless<author> <organization>Wireless BroadbandAlliance">Alliance</organization> </author> <date month="March" year="2020"/> </front><seriesInfo name="doc.:WBA<refcontent>doc.:WBA Wi-Fi ID Intro: Post MAC Randomization Era v1.0 - IETFliaison" value="" />liaison</refcontent> </reference> <reference anchor="contact_tracing_paper">target="https://ieeexplore.ieee.org/document/9488728"> <front> <title>Contact Tracing App Privacy: What Data Is Shared By Europe's GAEN Contact Tracing Apps</title> <author fullname="Douglas J.Leith"></author>Leith"/> <author fullname="StephenFarrell"></author>Farrell"/> <datemonth="July" year="2020"/>month="May" year="2021"/> </front><seriesInfo name="IEEE<refcontent>IEEE INFOCOM2021" value="" />2021 - IEEE Conference on Computer Communications</refcontent> <seriesInfo name="DOI" value="10.1109/INFOCOM42981.2021.9488728"/> </reference> </references> <section anchor="Acknowledgments" numbered="false" toc="default"> <name>Acknowledgments</name> <t> The authors would like to thank <contact fullname="Guillermo Sanchez Illan"/> for the extensive tests performed on different OSes to analyze their behavior regarding address randomization. </t> <t> The authors would also like to thank <contact fullname="Jerome Henry"/>, <contact fullname="Hai Shalom"/>, <contact fullname="Stephen Farrell"/>, <contact fullname="Alan DeKok"/>, <contact fullname="Mathieu Cunche"/>, <contact fullname="Johanna Ansohn McDougall"/>, <contact fullname="Peter Yee"/>, <contact fullname="Bob Hinden"/>, <contact fullname="Behcet Sarikaya"/>, <contact fullname="David Farmer"/>, <contact fullname="Mohamed Boucadair"/>, <contact fullname="Éric Vyncke"/>, <contact fullname="Christian Amsüss"/>, <contact fullname="Roman Danyliw"/>, <contact fullname="Murray Kucherawy"/>, and <contact fullname="Paul Wouters"/> for their reviews and comments on previous draft versions of this document. In addition, the authors would like to thank <contact fullname="Michael Richardson"/> for his contributions on the taxonomy section. Finally, the authors would like to thank the IEEE 802.1 Working Group for its review and comments (see <eref target="https://datatracker.ietf.org/liaison/1884/"/>). </t> </section> </back> </rfc>