Re: [perpass] privacy implications of UUIDs for IoT devices

"Christian Huitema" <huitema@huitema.net> Thu, 06 October 2016 01:05 UTC

Return-Path: <huitema@huitema.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE0DC129404 for <perpass@ietfa.amsl.com>; Wed, 5 Oct 2016 18:05:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Level:
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DyWqce5EAPIV for <perpass@ietfa.amsl.com>; Wed, 5 Oct 2016 18:05:11 -0700 (PDT)
Received: from mx43-out1.antispamcloud.com (mx43-out1.antispamcloud.com [138.201.61.189]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6ABBE1293F5 for <perpass@ietf.org>; Wed, 5 Oct 2016 18:05:11 -0700 (PDT)
Received: from xsmtp24.mail2web.com ([168.144.250.190] helo=xsmtp04.mail2web.com) by mx43.antispamcloud.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.86) (envelope-from <huitema@huitema.net>) id 1brx7U-0005Oo-BI for perpass@ietf.org; Thu, 06 Oct 2016 03:05:09 +0200
Received: from [10.5.2.13] (helo=xmail03.myhosting.com) by xsmtp04.mail2web.com with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.63) (envelope-from <huitema@huitema.net>) id 1brx7R-0002GR-9Y for perpass@ietf.org; Wed, 05 Oct 2016 21:05:06 -0400
Received: (qmail 13316 invoked from network); 6 Oct 2016 01:05:04 -0000
Received: from unknown (HELO icebox) (Authenticated-user:_huitema@huitema.net@[24.16.156.113]) (envelope-sender <huitema@huitema.net>) by xmail03.myhosting.com (qmail-ldap-1.03) with ESMTPA for <brian.e.carpenter@gmail.com>; 6 Oct 2016 01:05:04 -0000
From: Christian Huitema <huitema@huitema.net>
To: 'Brian E Carpenter' <brian.e.carpenter@gmail.com>, perpass@ietf.org
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <8195a761-9714-df53-0c42-43bac757b203@gmail.com>
In-Reply-To: <8195a761-9714-df53-0c42-43bac757b203@gmail.com>
Date: Wed, 05 Oct 2016 18:05:02 -0700
Message-ID: <029701d21f6d$ab5e5c70$021b1550$@huitema.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQHrHhqZ7lEOm5Y+wD7zgEwKzfRBMgHbrl67ATmTp5egT/NcEA==
Content-Language: en-us
X-Filter-ID: s0sct1PQhAABKnZB5plbIVbU93hg6Kq00BjAzYBqWlUcW8ntawmIBRrYFzUH2lbvx1wTMkEUUoeb KIhkyzl2dO5jGoutCtPJ/11xS2TwWqZOY5lkjXYUoNnYIToAcyNTM4a8dHyy/6XKHITvJur9hdh9 wLVSv9mhm8xGgqvkR8k/qi69Y0KMSvcUtuRtQMKnIbtf63VNbf0lrvssY+k7AEofBVNG/3HAcYkT jK1+QSQEit8V5LMJlG7WqlxGSGzSDTQlgKl0NCglTv0GMiLlbZnckpWaLvahyBjmQxBKOzvQAufT jZZvuYhxtUmLumqmDO+ustUYaLmreOUtW3+6dDeNFeO8e/E+Ekw8fYdgTfXTPpuFqUUQz+mM8JAD 4ECWxFVfhA0wo5opwb7rzMjLtxILKgSTD/NX0ENWAOoHFGLn7qCHm7t9J44StsUNvjV8/2rAztFe klLxGNN3KHaPkHjAtYpWjlxpV9EL7OSJ3VWOecfSiNGtWyX+SkzL/xDONGP0PwcsocAqk8Y/wQ+e 4Bn8TZYUMmZkt04C8NgOiGJbXUwkuFrD1XDSUv13DQc3YXCFpq8YnEJMb3PcNAkxC60jiD6XqsJZ tjQxlyCdsewTaGJorwW9JJ/gTcx95t8bMiBnidwi6OkAXzU5a6Q/tJTbLDrPzkvdTIJ076hDdLsR ZMxd0ZLZrOPTv3nlZv/9
X-Report-Abuse-To: spam@mx99.antispamcloud.com
X-Originating-IP: 168.144.250.190
X-SpamExperts-Domain: xsmtpout.mail2web.com
X-SpamExperts-Username: 168.144.250.0/24
Authentication-Results: antispamcloud.com; auth=pass smtp.auth=168.144.250.0/24@xsmtpout.mail2web.com
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.56)
X-Recommended-Action: accept
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/YaJa_cY1qU2G58GDqwYOuJ4Ckp8>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 01:05:13 -0000

On Wednesday, October 5, 2016 5:34 PM, Brian E Carpenter wrote:

> I think people need to go and read draft-ietf-netconf-zerotouch
> and draft-ietf-anima-bootstrapping-keyinfra. 

Another useful draft is draft-winfaa-intarea-broadcast-consider. It was
precisely motivated by the use of unique identifiers in device specific
broadcast protocols. UUID kind of fall in that category.

> Then explain how we
> could ever bootstrap a trustworthy network without some sort of
> unique bitstring per device (in practice, an 802.1AR-2009 X.509
> initial device identifier installed by the manfacturer).
> 
> That doesn't mean it needs to be visible in clear after bootstrap.

It also does not mean that the identifiers should be sent in clear text...

-- Christian Huitema