MAC randomisation and DHCP pools

Rudy Zijlstra rudy at grumpydevil.homelinux.org
Sun Jul 26 08:26:13 UTC 2020 

Hi Glenn,

The DHCP Id should be stable, at least according to the dhcp RFC. I need 
to start playing around a bit...

I do understand the privacy concerns here, and why this is being 
implemented.

Cheers

Rudy

On 26-07-2020 05:02, glenn.satchell at uniq.com.au wrote:
> Hi Mike,
>
> I think in the short term setting the lease time to 24 hours would 
> free up old leases after the MAC address changes, meaning the old 
> client effectively goes away. Public places like shopping malls, 
> should already have shorter leases due to the massive churn in 
> clients, so it's not going to bother them much.
>
> But that doesn't address any of the issues with identifying individual 
> devices, eg to put into different classes. For that I think it will 
> need an education scheme with your users to turn off the feature on 
> networks where identifying the client matters, eg corporate or home 
> networks.
>
> I think this will evolve to having some other persistent identifier 
> for systems to use.
>
> regards,
> -glenn
>
> On 2020-07-25 11:46, Joshua Stark wrote:
>> The user can decide to turn the feature off on the Apple device per
>> WiFi network:
>>
>> Rarely, a network might allow you to join with a private address, but
>> won't allow Internet access. If that happens, you can choose to stop
>> using private addresses [1] with that network
>> (https://support.apple.com/en-us/HT211227)
>>
>> I agree, this will make things different, harder initially. One
>> example that comes to mind is white/black lists on WiFi networks, that
>> will go out the window.
>> And the other of being able to set a static IPv4 will be next to
>> impossible.
>>
>> But was that not the point of IPv6 - totally random
>>
>> In my mind this means we need an evolution of how we do things, like
>> how AWS/GCP have taken the classic firewall of IP/Port to a Service
>> Layer Firewall.
>> There is going to need to be another way to identify a device to allow
>> automatic re-authentication, like public WiFi where you purchase
>> access for greater then 24hrs.
>>
>> How we do that, I don't know, but it's time to start thinking about
>> how to implement the next evolution in technology!
>>
>> Thanks
>> Josh
>>
>> On 24/7/20 20:59, Mike Richardson wrote:
>>
>>>> Hi Mike,
>>>>
>>>> This is not something new, it has been around since IOS 8 in 2014.
>>>> I think
>>>> this page summarises how it works and has links to Apple's site
>>>> with more
>>>> details.
>>>>
>>>>
>>>
>> https://9to5mac.com/2014/09/26/more-details-on-how-ios-8s-mac-address-randomization-feature-works-and-when-it-doesnt/ 
>>
>>>>
>>>> It appears that it randomises the MAC address when the device is
>>>> passively
>>>> scanning for networks and other particular settings are enabled or
>>>> disabled,
>>>> so systems can't use the MAC address to persistently track
>>>> wherever you go.
>>>> However, it seems that any associations/joining of networks is
>>>> based on the
>>>> actual MAC address.
>>>>
>>>> Or am I talking about something else entirely different?
>>>
>>> Something new I believe:
>>>
>>>
>> https://wifinowglobal.com/news-and-blog/new-private-wi-fi-address-iphone-feature-could-severely-impact-the-wi-fi-industry-expert-says/?mc_cid=9ff8988c11&mc_eid=000d85d9e3 
>>
>>> https://support.apple.com/en-us/HT211227
>>>
>>> Apple, in IOS14, are going to implement the changing of MACs every
>>> 24 hours
>>> as the default, and different ones for each SSID, I believe.
>>>
>>> I'm just trying to evaluate the impact on things like DHCP, but I'm
>>> not sure
>>> about exactly what happens when pools are, sort of, exhausted.
>>>
>>> Thanks,
>>>
>>> Mike
>>
>>
>>
>> Links:
>> ------
>> [1] https://support.apple.com/en-us/HT211227#onoff
>> _______________________________________________
>> ISC funds the development of this software with paid support
>> subscriptions. Contact us at https://www.isc.org/contact/ for more
>> information.
>>
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
> _______________________________________________
> ISC funds the development of this software with paid support 
> subscriptions. Contact us at https://www.isc.org/contact/ for more 
> information.
>
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users

More information about the dhcp-users mailing list