Address randomization schemes for multi-link devices

What is claimed is: 1. A privacy enhanced (PE) access point (AP) multi-link device (MLD), comprising: one or more affiliated APs operating on different links; and a processor coupled to the one or more affiliated APs, configured to: generate a first over the air (OTA) MLD address based at least on an MLD address of the PE AP MLD, for a first affiliated PE AP (PE AP 1 ) of the one or more affiliated APs, wherein the first OTA MLD address is different than a second OTA MLD address for a second affiliated PE AP (PE AP 2 ) of the one or more affiliated APs; encrypt an aggregated Media Access Control (MAC) service data unit (A-MSDU) for transmission to a first PE non-AP station (PE non-AP STA 1 ) of a PE non-AP MLD, the A-MSDU comprising a packet number (PN); after the encryption, create an OTA packet number (PN OTA ) that is different than the PN corresponding to the A-MSDU, wherein a first data transmission comprises the PN OTA ; and transmit the first data transmission using the first OTA MLD address, wherein the first data transmission comprises a subframe of the A-MSDU that includes the MLD address. 2. The PE AP MLD of claim 1 , wherein the processor is further configured to: generate a first parameter based at least on an MLD-level parameter of the PE AP MLD, for the PE AP 1 , wherein the first parameter is different than a second parameter of the PE AP 2 , wherein the second parameter is based at least on the MLD-level parameter of the PE AP MLD. 3. The PE AP MLD of claim 2 , wherein the processor is further configured to: establish two or more link-1 specific address profiles corresponding to the PE AP 1 and the PE non-AP STA 1 , wherein the two or more link-1 specific address profiles are different than other link-specific address profiles corresponding to the PE AP 2 ; establish a schedule for switching from a first link-1 specific address profile to a second link-1 specific address profile, wherein the first and the second link-1 specific address profiles are of the two or more link-1 specific address profiles; and transmit a second data transmission using the first parameter, wherein the first parameter corresponds to the first link-1 specific address profile. 4. The PE AP MLD of claim 3 , wherein the schedule for switching from the first link-1 specific address profile to the second link-1 specific address profile is based on the first parameter, wherein the MLD-level parameter of the PE AP MLD comprises an MLD-level time synchronization function (TSF) parameter. 5. The PE AP MLD of claim 3 , wherein the processor is further configured to: switch from the first link-1 specific address profile to the second link-1 specific address profile based on the schedule; and transmit a third data transmission using the second link-1 specific address profile. 6. The PE AP MLD of claim 1 , wherein a first link-1 specific address profile corresponding to the PE AP 1 and the PE non-AP STA 1 comprises an offset PN (PN Offset ) based at least on an MLD-level PN parameter, and wherein the PN OTA =PN+PN Offset . 7. The PE AP MLD of claim 1 , wherein the processor is further configured to: after the encryption, create an OTA sequence number (SN OTA ) that is different than a sequence number (SN) corresponding to the A-MSDU, wherein a second data transmission comprises the SN OTA , wherein a first link-1 specific address profile comprises an offset SN (SN Offset ) based at least on an MLD-level SN parameter, and wherein the SN OTA =SN+SN Offset . 8. The PE AP MLD of claim 3 , wherein the processor is further configured to: after the encryption, apply a first PE AP 1 identifier of the first link-1 specific address profile, wherein the second data transmission comprises the first PE AP 1 identifier. 9. The PE AP MLD of claim 3 , wherein to establish the two or more link-1 specific address profiles, the processor is configured to: establish a joint algorithm with the PE non-AP STA 1 ; and use the joint algorithm to determine the first and the second link-1 specific address profiles as well as transition times for the schedule. 10. The PE AP MLD of claim 9 , wherein to establish the joint algorithm, the processor is further configured to: receive a link-1 specific individual address set algorithm, a MAC address seed, and a proposed address set average duration; and transmit in response to the reception, a link-1 specific individual address set start time seed, a link-1 specific individual address set end time seed, a link-1 specific group address algorithm, and a PE AP 1 MAC address seed. 11. The PE AP MLD of claim 3 , wherein the processor is further configured to: receive from the PE non-AP STA 1 , a notification of a colliding MAC address, wherein the notification comprises: the colliding MAC address, a proposed new MAC address for the PE non-AP STA 1 , a time when the proposed new MAC address for the PE non-AP STA 1 is in use, or a proposed new MAC address for the PE AP 1 ; and transmit to the PE non-AP STA 1 , a confirmation message corresponding to the notification. 12. The PE AP MLD of claim 3 , wherein the first link-1 specific address profile comprises one or more randomized parameters comprising: an association ID (AID) or a color value. 13. The PE AP MLD of claim 1 , wherein the processor is further configured to: correlate the MLD address of the PE AP MLD with multiple addresses comprising: the first OTA MLD address, a unique MLD address, and a MAC service access point (SAP) MLD address. 14. The PE AP MLD of claim 1 , wherein the first OTA MLD address is the same as a MAC service access point (SAP) MLD address of the PE AP MLD. 15. A privacy enhanced (PE) non-access point (AP) multi-link device (MLD), comprising: one or more affiliated stations (STAs) operating on different links; and a processor coupled to the one or more affiliated STAs, configured to: generate a first over the air (OTA) MLD address based at least on an MLD address of the PE non-AP MLD, for a first affiliated PE non-AP STA (PE non-AP STA 1 ) of the one or more affiliated STAs, wherein the first OTA MLD address is different than a second OTA MLD address for a second affiliated PE non-AP (PE non-AP STA 2 ) of the one or more affiliated STAs; encrypt an aggregated Media Access Control (MAC) service data unit (A-MSDU) for transmission to a first PE AP (PE AP 1 ) of a PE AP MLD, the A-MSDU comprising a packet number (PN); after the encryption, create an OTA packet number (PN OTA ) that is different than the PN corresponding to the A-MSDU, wherein a first data transmission comprises the PN OTA ; and transmit the first data transmission using the first OTA MLD address, wherein the first data transmission comprises a subframe of the A-MSDU that includes the MLD address. 16. The PE non-AP MLD of claim 15 , wherein the processor is further configured to: generate a first parameter based at least on an MLD-level parameter of the PE non-AP MLD, for the PE non-AP STA 1 , wherein the first parameter is different than a second parameter of the PE non-AP STA 2 , wherein the second parameter is based at least on the MLD-level parameter of the PE non-AP MLD. 17. The PE non-AP MLD of claim 16 , wherein the processor is further configured to: establish two or more link-1 specific address profiles corresponding to the PE non-AP STA 1 and the PE AP 1 , wherein the two or more link-1 specific address profiles are different than other link-specific address profiles corresponding to the PE non-AP STA 2 ; establish a schedule for switching from a first link-1 specific address profile