Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers

Brandon Williams <> Mon, 09 June 2014 14:36 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6A7151A01A0; Mon, 9 Jun 2014 07:36:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LjQODoC-4yoO; Mon, 9 Jun 2014 07:36:06 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 3D5A61A0198; Mon, 9 Jun 2014 07:36:06 -0700 (PDT)
Received: from (localhost.localdomain []) by postfix.imss70 (Postfix) with ESMTP id D0B664745E; Mon, 9 Jun 2014 14:36:04 +0000 (GMT)
Received: from ( []) by (Postfix) with ESMTP id C35504751A; Mon, 9 Jun 2014 14:36:04 +0000 (GMT)
Received: from [] ( []) by (Postfix) with ESMTP id AD9E22027; Mon, 9 Jun 2014 14:36:04 +0000 (GMT)
Message-ID: <>
Date: Mon, 09 Jun 2014 10:36:04 -0400
From: Brandon Williams <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Stephen Farrell <>, Dan Wing <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: "" <>, Internet Area <>
Subject: Re: [ietf-privacy] [Int-area] NAT Reveal / Host Identifiers
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 09 Jun 2014 14:36:07 -0000

I agree that the discussions in this draft and rfc6269 at least imply 
that potential solutions would provide a host identifier of some sort. 
However, this draft does not in fact propose any such solution, and 
instead clearly references rfc6967, which includes a discussion of the 
privacy implications of host identification. In particular, that 
document states:

    HOST_ID specification document(s) should explain the privacy impact
    of the solutions they specify, including the extent of HOST_ID
    uniqueness and persistence, assumptions made about the lifetime of
    the HOST_ID, whether and how the HOST_ID can be obfuscated or
    recycled, whether location information can be exposed, and the impact
    of the use of the HOST_ID on device or implementation fingerprinting.
    [IAB-PRIVACY] provides further guidance.

Considering the fact that there is already a separate solution analysis 
rfc that discusses privacy considerations and provides the above 
guidance for authors of solution drafts, what are you suggesting for the 
use cases draft?


On 06/09/2014 10:01 AM, Stephen Farrell wrote:
> On 09/06/14 14:46, Brandon Williams wrote:
>> Would you please indicate where the draft proposes a new identifier? If
>> you are seeing a proposal for protocol changes somewhere in the draft,
>> editing work is required in order to either clarify or excise the
>> associated text.
> Fair enough that its an assumption of mine that adding some kind of
> identifier is required to meet the (no-longer mis-stated:-)
> requirements for these use-cases. But I think that is logically
> required, and its valid to draw obvious conclusions and its also
> invalid to ignore obvious conclusions.
> S.

Brandon Williams; Senior Principal Software Engineer
Emerging Products Engineering; Akamai Technologies Inc.