Re: [perpass] privacy implications of UUIDs for IoT devices

Paul Kyzivat <pkyzivat@alum.mit.edu> Fri, 14 October 2016 14:55 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFEE4129415 for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 07:55:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.197
X-Spam-Level:
X-Spam-Status: No, score=-7.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LCxiafXnMS2t for <perpass@ietfa.amsl.com>; Fri, 14 Oct 2016 07:55:34 -0700 (PDT)
Received: from alum-mailsec-scanner-3.mit.edu (alum-mailsec-scanner-3.mit.edu [18.7.68.14]) by ietfa.amsl.com (Postfix) with ESMTP id AD0F31295C2 for <perpass@ietf.org>; Fri, 14 Oct 2016 07:55:16 -0700 (PDT)
X-AuditID: 1207440e-c7bff70000000b1c-94-5800f1d28d03
Received: from outgoing-alum.mit.edu (OUTGOING-ALUM.MIT.EDU [18.7.68.33]) by alum-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 75.8E.02844.2D1F0085; Fri, 14 Oct 2016 10:55:15 -0400 (EDT)
Received: from [192.168.1.110] (c-73-186-127-100.hsd1.ma.comcast.net [73.186.127.100]) (authenticated bits=0) (User authenticated as pkyzivat@ALUM.MIT.EDU) by outgoing-alum.mit.edu (8.13.8/8.12.4) with ESMTP id u9EEtE1E012123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <perpass@ietf.org>; Fri, 14 Oct 2016 10:55:14 -0400
To: perpass@ietf.org
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <CAKr6gn2EjAwqvTXgNyO0Jc3yt9qFRfixXMURHg3wQLe4FcwWWQ@mail.gmail.com> <CY1PR03MB2265659F67817DF02F3FCF29A3C70@CY1PR03MB2265.namprd03.prod.outlook.com> <61bb307c-6186-db01-1664-6ecabc9c21a3@si6networks.com>
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
Message-ID: <c0b89950-268e-a350-cbee-33c35cf92c2d@alum.mit.edu>
Date: Fri, 14 Oct 2016 10:55:13 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <61bb307c-6186-db01-1664-6ecabc9c21a3@si6networks.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOIsWRmVeSWpSXmKPExsUixO6iqHvlI0OEQXecxd1LHSwOjB5Llvxk CmCM4rJJSc3JLEst0rdL4Mo4+mI/S8Fq1ormPYdZGxins3QxcnJICJhItLS1sHcxcnEICVxm lFh1/w0ThPOOSWLjhk3MIFXCAi4St25MYAWxRQREJBatesYKUXSUSWLyyZ2MIAk2AS2JOYf+ g43lFbCX2Pz8PFgDi4CqxNJph8HiogJpEtvX7WaGqBGUODnzCVicU8BZ4ufKdWA2s4CtxJ25 EDXMAvIS29/OYZ7AyDcLScssJGWzkJQtYGRexSiXmFOaq5ubmJlTnJqsW5ycmJeXWqRrrJeb WaKXmlK6iRESZnw7GNvXyxxiFOBgVOLhnfGBIUKINbGsuDL3EKMkB5OSKG+tHlCILyk/pTIj sTgjvqg0J7X4EKMEB7OSCO9ikHLelMTKqtSifJiUNAeLkjiv2hJ1PyGB9MSS1OzU1ILUIpis DAeHkgSvGjCehASLUtNTK9Iyc0oQ0kwcnCDDeYCGs4DU8BYXJOYWZ6ZD5E8x6nIs+HF7LZMQ S15+XqqUOG/2e6AiAZCijNI8uDmw9PCKURzoLWHeJpA7eYCpBW7SK6AlTEBLPrSBLSlJREhJ NTCGT5q5i/fpjaT/PzP3rH2fuX71ynscab0l7hJyfY732hT6Nlaapaa0KwVOMbz9s6RLNP3R jJh/E5p+Zcb/yNSQl1o+aY8IgyqD4/z5IRqGr/k3ifybqmKZrfL58Fwjg7K0nU/jJrt2lOnM yXoY/0331rmvS4y4O/qr7rO99bxo7R3DKqA/Y6MSS3FGoqEWc1FxIgC7Nzvr6gIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/av2yajpPaCRFqFDXem7P2iaBBbs>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 14:55:36 -0000

On 10/14/16 12:23 AM, Fernando Gont wrote:

> The issue with MAC addresses is that they are constant across networks
> when, if anything, they just need to be stable within the same subnet.
>
> Besides, they have semantics (vendor ID) when in fact they need not.

While I understand the concern, this is also a *feature* that is widely 
used.

When looking at devices seen on WiFi the vendor ID is often displayed 
and used to figure out which device is which, to correlate problem 
symptoms with likely causes, and many other reasons.

If this "feature" were to disappear there would likely be need to invent 
and *overt* feature to replace it.

	Thanks,
	Paul