Re: [perpass] privacy implications of UUIDs for IoT devices
George Michaelson <ggm@algebras.org> Thu, 06 October 2016 00:25 UTC
Return-Path: <ggm@algebras.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 663CA1294F5 for <perpass@ietfa.amsl.com>; Wed, 5 Oct 2016 17:25:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3-9dOY96jzxB for <perpass@ietfa.amsl.com>; Wed, 5 Oct 2016 17:25:12 -0700 (PDT)
Received: from mail-ua0-x234.google.com (mail-ua0-x234.google.com [IPv6:2607:f8b0:400c:c08::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30E8F129404 for <perpass@ietf.org>; Wed, 5 Oct 2016 17:25:12 -0700 (PDT)
Received: by mail-ua0-x234.google.com with SMTP id p102so3715635uap.0 for <perpass@ietf.org>; Wed, 05 Oct 2016 17:25:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K/elPMfO2xqfKKVbSZjPlp2y3WlxPC3t02USy4y19WM=; b=KWmpnK0/DLIP8hfGtsRhIDuUfwDG0bIbOKj9jtTuydewrYQI5UzueQm+g1NT5ztBly YEvbMl7eeGgCUBN9GvVTdDZ0q+OULiuIcNlEP3AD1+Wziq3KJ6ymBZ8NShgU1gcKTWH8 xSZB4H1Lz/ojItecLjTmOhTUhFFxPXMVk2xxJFEvtF5O9nbjvMJyYrAMI+KzKUqo1F2t ZOTRziqTVlBTi2c4MXjgzabc3rZ4fMjqeP1MpWx2LFyHgfZG1EhsWmqxpePX03vcfN1S tDpgJ4b2vjf68pG+xDjt4heUKLV1yrN7MonHRvRpdfS+/4PkwmvwCAaIIfLZbry5ealT eU1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K/elPMfO2xqfKKVbSZjPlp2y3WlxPC3t02USy4y19WM=; b=ZjkV7EN0r43GqXSjCLHan8GQuyZJMqW+TYNehFVh7XxqgXhmWQq/93ZKJ4XUhK58at Pi6KCUgWUxgMy/QLCWDOWb41Kx8S3lm9VebgjQDstwH09TMMJsWY/XP7dr0A5DCRmRvk MmnxxL506Z6Itvk5vYwjC5IUJqK/XI190u0YByJo4Pyo01s4Z+zjhNhEn1PvzSgWgMCk HNO2Q1iVx5+3K9RZnxGSI0w7W4TF93qLWFI5SgRuFg8SVcGfDYjyeJ6tJ2emMcrfGWrg Umxy8aSmhlnrc44iUz/TB4sM2EqAFDyTXV0Ws7KmDHTWOKlfFuG8RJ2sfC25o+Z06LrZ PUXQ==
X-Gm-Message-State: AA6/9RlOmREkkob+aObzx24PaEx7iEVOznnZ36UH9Jz9R4kBN+Z/c1vHP0n99jzB1jRjYWTfuRHFV6mkJfv3Vg==
X-Received: by 10.176.2.199 with SMTP id 65mr9016516uah.102.1475713511109; Wed, 05 Oct 2016 17:25:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.95.5 with HTTP; Wed, 5 Oct 2016 17:25:10 -0700 (PDT)
X-Originating-IP: [2001:dc0:a000:4:29c6:ab71:9f28:4d0a]
In-Reply-To: <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <CAKr6gn2EjAwqvTXgNyO0Jc3yt9qFRfixXMURHg3wQLe4FcwWWQ@mail.gmail.com> <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com>
From: George Michaelson <ggm@algebras.org>
Date: Thu, 06 Oct 2016 10:25:10 +1000
Message-ID: <CAKr6gn3vFNt4U_TyJjLRQdLx33Vo0LyPUnnoGYPc+87rCdi1Vw@mail.gmail.com>
To: Dave Thaler <dthaler@microsoft.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/3QESnDthEcKJ8Ur5KJ1zFAamwU4>
Cc: "perpass@ietf.org" <perpass@ietf.org>, Peter Saint-Andre - Filament <peter@filament.com>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 00:25:13 -0000
....And UUID generation on many devices includes a function over the MAC address, as a cheap entry to guaranteed unique bits. Such that the MAC may be randomized on the wire, but the UUID function exposed to the device may well be repurposing the baked in ID in ways which expose.
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- [perpass] privacy implications of UUIDs for IoT d… Peter Saint-Andre - Filament
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… John Levine
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Hugo Maxwell Connery
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Joseph Lorenzo Hall
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Eitan Adler
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Ross Schulman
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter