Re: [perpass] privacy implications of UUIDs for IoT devices

Hugo Maxwell Connery <hmco@env.dtu.dk> Thu, 06 October 2016 14:03 UTC

Return-Path: <hmco@env.dtu.dk>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D656129677 for <perpass@ietfa.amsl.com>; Thu, 6 Oct 2016 07:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.916
X-Spam-Level:
X-Spam-Status: No, score=-4.916 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TgAAO8AeFHwU for <perpass@ietfa.amsl.com>; Thu, 6 Oct 2016 07:03:34 -0700 (PDT)
Received: from spamfilter1.dtu.dk (spamfilter1.dtu.dk [130.225.73.112]) (using TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4358B129676 for <perpass@ietf.org>; Thu, 6 Oct 2016 07:03:34 -0700 (PDT)
Received: from ait-pexedg02.win.dtu.dk (ait-pexedg02.win.dtu.dk [192.38.82.192]) by spamfilter1.dtu.dk with ESMTP id u96E3Sjk006674-u96E3Sjm006674 (version=TLSv1.0 cipher=DHE-RSA-AES256-SHA bits=256 verify=CAFAIL); Thu, 6 Oct 2016 16:03:28 +0200
Received: from ait-pex02mbx04.win.dtu.dk (192.38.82.184) by ait-pexedg02.win.dtu.dk (192.38.82.192) with Microsoft SMTP Server (TLS) id 14.3.319.2; Thu, 6 Oct 2016 16:02:42 +0200
Received: from ait-pex01mbx01.win.dtu.dk ([169.254.1.231]) by ait-pex02mbx04.win.dtu.dk ([169.254.4.6]) with mapi id 14.03.0319.002; Thu, 6 Oct 2016 16:02:49 +0200
From: Hugo Maxwell Connery <hmco@env.dtu.dk>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "perpass@ietf.org" <perpass@ietf.org>
Thread-Topic: [perpass] privacy implications of UUIDs for IoT devices
Thread-Index: AQHSH2SCsASbqwBIZUWlsCMDuicXeqCbUUIAgAAiw0Y=
Date: Thu, 6 Oct 2016 14:02:48 +0000
Message-ID: <6CB05D82CE245B4083BBF3B97E2ED470214D9AAD@ait-pex01mbx01.win.dtu.dk>
References: <5c32e81f-7e43-2bde-b8f4-46f08fecdefb@cs.tcd.ie> <db516334-43ab-e967-cfd5-87d920b65015@filament.com> <CY1PR03MB2265C3482AAD1D4FD0E6829EA3C40@CY1PR03MB2265.namprd03.prod.outlook.com>, <29005.1475761910@obiwan.sandelman.ca>
In-Reply-To: <29005.1475761910@obiwan.sandelman.ca>
Accept-Language: en-AU, da-DK, en-US
Content-Language: en-AU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.225.73.250]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/perpass/bjHg7zyW6REX2NIdlZUZ_Z_gGUw>
Subject: Re: [perpass] privacy implications of UUIDs for IoT devices
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 14:03:36 -0000

Hi,

(I was trying to not reply to this topic, but have failed.)

I am very happy to see this community addressing this topic.
I think it is really difficult; the implications for different actors
with differing motives illuminate the challenge.

1. I want to be able to control my devices to be able to report
  identifiers according to my desires.

2. As a network operator, I want to be able to limit access based
  on a fixed identifier that the user cannot change.

1. && 2. == False.

:-(

I gladly acknowledge that I am not an expert in this domain.

Can we find a space that allows human freedom and supports
the orderly operation of networks?  What are the compromises
involved in this?  Can we document them and describe the different
challenges for differing services?

/Hugo