IEEE 802.11-20/1770r2 Responses and Comments Summary

November 2020 doc.: IEEE 802.11-20/1770r2 RCM and EDP PAR and CSD comment responses Date: 2020-11-04 Authors: Name Stephen McCann Affiliations Huawei Address Southampton, UK Phone email stephen.mccann@ieee.org Montemurro.michael@gmail.com Michael Montemurro Huawei Toronto, ON. CANADA Submission Slide 1 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 Abstract This document is a composite of all IEEE 802 WG comments and IEEE 802.11 RCM SG responses on the RCM (802.11bh) and EDP (802.11bi) PARs and CSDs. Submission Slide 2 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 IEEE 802.1 & 802.3 Submission Slide 3 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs Prelude to P802.11bh and P802.11bi comments 802.1 appreciates the clear intent (as captured in the Scope and Need of the PARs for both proposed projects) to facilitate improvements in user privacy. 802.1 also appreciates the clear indication of the difficulties (already discussed) that both projects will face in improving user privacy, and in particular the possibility of unacceptable service disruption or limitation when an STA s MAC address is changed. Response: Thanks to 802.1 for the comments Submission Slide 4 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs Both P802.11bh and P802.11bi CSDs CSD Templates The CSD templates used appear to be out of date, as they refer to Balanced costs (infrastructure versus attached stations) . Use the current CSD template that can be retrieved from https://www.ieee802.org/devdocs.shtml. Response: Thanks. The CSD documents have been updated using the latest template. Submission Slide 5 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bh PAR 2.1 Project Title: The project title indicates a change in MAC address would be only by randomization. The scope discusses changing addresses. Additionally, this amendment does not enhance the service, but rather preserves the service while addressing privacy concerns with MAC addresses. Change the title of the amendment to, IEEE Standard for Information technology Telecommunications and information exchange between systems Local and metropolitan area networks Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment: Service preservation with randomized or changing MAC addresses Response: Replace Enhanced service with randomized MAC addresses to Service preservation with changing MAC addresses Submission Slide 6 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bh: Titles The association between each CSD and its PAR is not entirely clear. One CSD is entitled CSD Draft for Privacy Amendment of RCM Study Group and the other RCM SG Proposed CSD Draft for 802.11 RCM Project . The association between a CSD and a PAR needs to be clear now and 5 years hence when the CSD is being confirmed for project progression to SA Ballot and RevCom . After 5 years many will have forgotten subtle distinctions that accompanied the initial discussion and might not even be sure that a CSD belongs to either project. Include the project designation P802.11bi/P802.11bh and amendment title in the CSD. Response: Agree with the comment. Change title from RCM SG Proposed CSD Draft for 802.11 RCM Project to Proposed CSD for P802.11bh Submission Slide 7 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bi: Titles The association between each CSD and its PAR is not entirely clear. One CSD is entitled CSD Draft for Privacy Amendment of RCM Study Group and the other RCM SG Proposed CSD Draft for 802.11 RCM Project . The association between a CSD and a PAR needs to be clear now and 5 years hence when the CSD is being confirmed for project progression to SA Ballot and RevCom . After 5 years many will have forgotten subtle distinctions that accompanied the initial discussion and might not even be sure that a CSD belongs to either project. Include the project designation P802.11bi/P802.11bh and amendment title in the CSD. Response: Agree with comment. Change title from CSD Draft for Privacy Amendment of RCM Study Group to Proposed CSD for P802.11bi Submission Slide 8 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bh General Neither the PARs nor CSDs clearly distinguish the need for two similar projects. Scopes overlap, and distinct identity is not established between proposed P802.11bh and proposed P802.11bi. We appreciate the submittal is a .pdf, but the file name being a docx extension caused some problems in opening. Response: The 11bh PAR amends the standard to address requirements for managing 802.11 non-AP STAs that change their MAC addresses. No changes required. Submission Slide 9 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bi General Neither the PARs nor CSDs clearly distinguish the need for two similar projects. Scopes overlap, and distinct identity is not established between proposed P802.11bh and proposed P802.11bi. We appreciate the submittal is a .pdf, but the file name being a docx extension caused some problems in opening. Response: The 11bi PAR amends the standard to address user privacy requirements for 802.11 non-AP STAs. No changes required. Submission Slide 10 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bi PAR General Neither the PARs nor CSDs clearly distinguish the need for two similar projects. Scopes overlap, and distinct identity is not established between proposed P802.11bh and proposed P802.11bi. We really can t understand what this PAR is proposed to do. A better Project Scope or more detail in Need could help with this. 2.1, Title Capitalization is inconsistent (not title case nor consistent with IEEE style). Recommend Enhanced service with data privacy protection . Response: As stated in the section 5.2.b, the scope of the amendment is to to specify new mechanisms that address and improve user privacy. No changes to the PAR and CSD required. For the Title, change Enhanced service with data privacy protection to Enhanced Service with Data Privacy Protection Submission Slide 11 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bh PARs 5.2.b. Scope of the project: 802.1 s interpretation of the Scope of both PARs is that incorporation of additional information elements in 802.11 that could further diminish user privacy (to, for example, facilitate continued user identification in the absence of a permanent STA to MAC address association) is Out of Scope. Please amend the Scope to state explicitly what new user tracking capabilities are within or excluded from the Scope of the PAR. Response: Agree with comment. Add an additional explanatory note with respect to 5.2.b to clarify that the intention is to maintain the REVmd requirements regarding changing a MAC address, e.g. not during an ESS connection. In section 8.1, add the following: 5.2.b: The P802.11REVmd requirements regarding changing a MAC address will be maintained. A non-AP STA MAC address shall not change during an ESS connection. Submission Slide 12 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bi PAR 5.2.b. Scope of the project: 802.1 s interpretation of the Scope of both PARs is that incorporation of additional information elements in 802.11 that could further diminish user privacy (to, for example, facilitate continued user identification in the absence of a permanent STA to MAC address association) is Out of Scope. Please amend the Scope to state explicitly what new user tracking capabilities are within or excluded from the Scope of the PAR. Response: Agree with comment. Is this really an 11bh comment? Add an additional explanatory note with respect to 5.2.b to clarify that the intention is to not diminish user privacy. In section 8.1, add the following: 5.2.b: The P802.11REVmd requirements regarding user privacy will not be diminished by new requirements added in this amendment. Submission Slide 13 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bh PAR 5.2.b. Scope of the project 5.5 Need for the Project: 802.1 is concerned that both Scope and Need of P802.11bh appear to explicitly limit consideration of disruption, and the need for session continuity, to 802.11 mechanisms. Important 802.1Q TSN capabilities, such as bandwidth allocation, depend on flow identification that span both the wired and wireless networks. [Our comments on the CSDs point out that Technical Feasibility appears to be based, at least in part, on erroneous information about the scope of 802.1 in general and 802.1Q in particular]. Please amend the Scope to explicitly indicate that the mechanisms to enable session continuity recognize the fact that sessions extend to the LAN beyond the medium supported by 802.11. Response: Agree with comment. Add an additional explanatory note with respect to 5.2.b to clarify that the intention is to maintain the REVmd requirements regarding changing a MAC address, e.g. not during an ESS connection. In section 8.1, add the following: 5.2.b: The P802.11REVmd requirements regarding changing a MAC address will be maintained. A non-AP STA MAC address shall not change during an ESS connection. Submission Slide 14 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bi PAR 5.2.b. Scope of the project 5.5 Need for the Project: 802.1 is concerned that both Scope and Need of P802.11bh appear to explicitly limit consideration of disruption, and the need for session continuity, to 802.11 mechanisms. Important 802.1Q TSN capabilities, such as bandwidth allocation, depend on flow identification that span both the wired and wireless networks. [Our comments on the CSDs point out that Technical Feasibility appears to be based, at least in part, on erroneous information about the scope of 802.1 in general and 802.1Q in particular]. Please amend the Scope to explicitly indicate that the mechanisms to enable session continuity recognize the fact that sessions extend to the LAN beyond the medium supported by 802.11. Response: Agree with comment. Is this really an 11bh comment? Add an additional explanatory note with respect to 5.2.b to clarify that the intention is to not diminish user privacy. In section 8.1, add the following: 5.2.b: The P802.11REVmd requirements regarding user privacy will not be diminished by new requirements added in this amendment. Submission Slide 15 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bh PAR 5.2.b. Scope of the project: The use of 802.11 technology is expected to play an important and increasing role in environments that are tightly controlled, e.g., in flexible factories https://mentor.ieee.org/802.1/dcn/20/1-20-0026-00-ICne-ieee-802-nendica-report- flexible-factory-iot-use-cases-and-communication-requirements-for-wired-and-wireless-bridged-networks.pdf. 802.1 is concerned that P802.11bh could restrict the use of some 802.11 devices in these environments, and thus reduce the use of low latency and prioritization capabilities discussed in the context of 802.11be with TSN. Please amend the Scope to indicate that a conformant 802.11 device should be configurable to operate without address randomization. Response: Agree with comment. REVmd allows configuration of whether a STA randomizes or not the MAC address.Add an additional explanatory note with respect to 5.2.b to clarify that the intention is to maintain the REVmd requirements regarding changing a MAC address, e.g. not during an ESS connection. In section 8.1, add the following: 5.2.b: The P802.11REVmd requirements regarding changing a MAC address will be maintained. A non-AP STA MAC address shall not change during an ESS connection. Submission Slide 16 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bh PAR 6.1.2, Registration activity The PAR does not make it clear that work will only use randomization and changing of MAC addresses within the local address space. Without that restriction, this question should be answered yes. Because the current myProject PAR code only allows an explanation here if answered yes, either the answer could be changed to yes here citing previous RAC interest in MAC address randomization, or an explanation of the restriction could be added to 8.1. Response: Agree with comment. Change the answer to 6.1.2 to yes. Modify the PAR as follows: 6.1.2. Is the Standards Committee aware of possible registration activity related to this project?: Yes Explanation: The RAC may want to review for correct and consistent usage of registry terms. Submission Slide 17 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bi PAR 6.1.2, Registration activity The PAR does not make it clear that work will only use randomization and changing of MAC addresses within the local address space. Without that restriction, this question should be answered yes. Because the current myProject PAR code only allows an explanation here if answered yes, either the answer could be changed to yes here citing previous RAC interest in MAC address randomization, or an explanation of the restriction could be added to 8.1. Response: Agree with comment. Change the answer to 6.1.2 to yes. Modify the PAR as follows: 6.1.2. Is the Standards Committee aware of possible registration activity related to this project?: Yes Explanation: The RAC may want to review for correct and consistent usage of registry terms. Submission Slide 18 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs Both P802.11bh and P802.11bi CSDs 1.2.2 Compatibility: Both CSDs claim compliance with 802.1Q, without qualification. However, this appears to be based on an incomplete understanding of the scope of 802.1Q. The referenced presentation (19 0851 00, P802.1CQ MAC Address Assignment Requirements) states: P802.1CQ is currently the only 802.1 project dealing with end station behavior Formerly, protocols for end stations were out of scope for 802.1 . This is not the case and has not been the case for many years. 802.1Q includes end station requirements for participation in the MMRP, MVRP, MSRP, CFM, and other protocols. These protocols are important in Time Sensitive Networking environments requiring reliable and timely frame delivery (such as industrial and professional audio networks) and in service provider networks. The reference to 19-0851-00 is misleading. A more complete analysis of the interaction of 802.1 protocols is in an informative annex (following IEEE Std 802E recommendations) Privacy in Bridged Networks to P802.1AEdk/D0.5 (also in first task group ballot). Remove the 19-0851-00 presentation from the list of CSD references. A more detailed response to the 802.1Q compliance question is required. Use of a fixed STA/MAC relationship needs to remain possible throughout the duration of an association. Response: Agree with comment. The response to 1.2.2 is clear and precise. Remove the References section from both CSDs. Submission Slide 19 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bh CSD 1.2.2, Compatibility Once approved an amendment becomes part of the base standard, therefore, IEEE Std 802c is part of IEEE Std 802 and should be addressed for this project. Unless a method for restricting the range for random local MAC addresses is specified, randomization is incompatible with the optional SLAP capabilities of Std 802c. This should be addressed here. 1.2.3, Distinct identity See comments on proposed P802.11bi. There is insufficient information discriminating the work on this project and proposed P802.11bi. Response: For 1.2.2, the answer is Yes. REVmd already requires compliance to optional SLAP capabilities of Std 802c. There is no intention in 11bh to change this. For 1.2.3, the distinct identity for 11bh address operational challenges resulting from the use of random or changing MAC addresses . No changes required. Slide 20 Submission Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.3 comments on PARs and CSDs P802.11bi CSD 1.2.3, Distinct identity There is insufficient information discriminating the work on this project and proposed P802.11bh. P802.11bh seems to be a subset of what this project would allow to be done. Response: For 1.2.3, the distinct identity for 11bi specifies requirements to improve the privacy experienced by users in environments using IEEE Std 802.11 technology . No changes required. Submission Slide 21 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs P802.11bi CSD 1.2.4 Technical Feasibility The P802.11bi CSD (20/1346r2) states under 1.2.4 Technical Feasibility that: The IEEE 802.11 Wireless Next Generation (WNG) Standing Committee (SC) and RCM Topic Interest Group (TIG)/Study Group (SG) have reviewed many presentations indicating that enhancements are technically feasible. These contributions outlined techniques related to privacy to enhance current use cases and enable new ones. However, none of these presentations appear to be referenced in the CSD, and we have not identified them in the RCM study group files on Mentor. The CSD references evaluations of the difficulties faced in improving user privacy (19/588r2, 19/1313r2, 19/1314r2). It is not at present clear that it will be possible to materially improve privacy in the face of a determined attacker who is prepared to correlate information from multiple information elements and other characteristics of device behavior. It is not clear that these improvements will outweigh attendant difficulties in service provision. 802.1 understands that some proprietary attempts to improve privacy related behavior have been beta tested and withdrawn. 802.1 does appreciate that the technical challenges faced in demonstrating feasibility in large scale deployment might not be reasonably addressed within the limited lifetime of a Study Group. However, that is no reason to overstate Technical Feasibility in the CSD. Provide credible references and demonstrate Technical Feasibility. The current set of references do not meet that criteria. Response: Agree in principle with the comment. The first paragraph is sufficient to demonstrate technical feasibility for 11bi. Remove the second paragraph of 1.2.4. Submission Slide 22 Stephen McCann, Huawei

November 2020 doc.: IEEE 802.11-20/1770r2 802.1 comments on PARs and CSDs Both P802.11bh and P802.11bi CSDs References: It is unclear why the presentations 19-0884-00, 19-1027-01, 19-1320-00 are in either, much less both CSDs. P802.11bi concerns privacy exposures beyond the use of persistent source MAC Address, and these presentations are very much focused on MAC Address assignment. The presentations reflect the different and contested views on 802.11aq and 802c on the extent of the randomly chosen MAC address space, but their bearing on the feasibility or otherwise of the proposed PARs is nowhere made clear. Since they promote opposing views it is not clear what conclusion the reader of the CSDs is meant to draw. Remove these three presentations from the references list of both CSDs. Response: Agree with comment. Remove the references from both CSDs. Also, remove the second paragraph of 1.2.4 a) in the P802.11bh CSD. Submission Slide 23 Stephen McCann, Huawei