Re: [perpass] privacy implications of UUIDs for IoT devices
Fernando Gont <fgont@si6networks.com> Fri, 14 October 2016 10:26 UTC
Return-Path: <fgont@si6networks.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BCDF129703 for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 03:26:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.358
X-Spam-Level:
X-Spam-Status: No, score=-0.358 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FB1F3cme54My for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 03:26:17 -0700 (PDT)
Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 761B01296FD for <perpass@ietf.org>; Fri, 14 Oct 2016 03:26:05 -0700 (PDT)
Received: from [10.56.30.17] (unknown [116.84.110.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 01F1681A44; Fri, 14 Oct 2016 12:25:59 +0200 (CEST)
To: Dave Thaler <dthaler@microsoft.com>, George Michaelson <ggm@algebras.org>, Peter Saint-Andre - Filament <peter@filament.com>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <CAKr6gn2EjAwqvTXgNyO0Jc3yt9qFRfixXMURHg3wQLe4FcwWWQ@mail.gmail.com> <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com>
From: Fernando Gont <fgont@si6networks.com>
X-Enigmail-Draft-Status: N1110
Message-ID: <61bb307c-6186-db01-1664-6ecabc9c21a3@si6networks.com>
Date: Fri, 14 Oct 2016 01:23:28 -0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/PAS5hgEWngNucuPPXpXLJcAkyJ0>
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 10:26:27 -0000
On 10/05/2016 09:09 PM, Dave Thaler wrote: > The issue with IEEE MAC's is that it's sent to untrusted observers, not that it is a stable identifier per se. > It just so happens that you typically don't have a choice but to send it in packets such that it can be observed > by untrusted observers, hence the need to use randomized MACs. The issue with MAC addresses is that they are constant across networks when, if anything, they just need to be stable within the same subnet. Besides, they have semantics (vendor ID) when in fact they need not. And well, the problem is exacerbated by IPv6 SLAAC traditionally generating IPv6 IIDs by embedding the underlying MAC address into them... Thanks, -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- [perpass] privacy implications of UUIDs for IoT d… Peter Saint-Andre - Filament
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Dave Thaler
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… George Michaelson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… John Levine
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Hugo Maxwell Connery
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Joseph Lorenzo Hall
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Michael Richardson
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Fernando Gont
- Re: [perpass] privacy implications of UUIDs for I… Eitan Adler
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Stephen Farrell
- Re: [perpass] privacy implications of UUIDs for I… Christian Huitema
- Re: [perpass] privacy implications of UUIDs for I… Ross Schulman
- Re: [perpass] privacy implications of UUIDs for I… Robin Wilton
- Re: [perpass] privacy implications of UUIDs for I… Paul Kyzivat
- Re: [perpass] privacy implications of UUIDs for I… Brian E Carpenter