Inline. On Fri, 11 Sep 2009, Eric Rescorla wrote: > At Thu, 10 Sep 2009 12:23:31 -0700 (PDT), > > * Each attendee will be issued an RFID card at the registration desk. > > The information stored on the card is ONLY a number, no personal > > data is stored on the card. (Note: the attendee can opt out at any > > time, including not collecting the card, see below). > > Note that removing your name from the database doesn't remove the > ability of someone to track you via the tag. If this is a great concern I would suggest either returning the card or not collecting it in the first place. Also, the type or readers used require close proximity to trigger, you literally have to touch the reader with your card to make it work. So nobody from the host organization at least will be tracking you. I am also not sure what value there is in knowing that 3478273983421 spent 10 minutes in trill and then moved on to behave (pun intended). > > > > * The "information" (number) on the card is not encrypted and could be > > read by any RFID reader, but again, it's only a number. > > How are the numbers assigned? Don't know, but I have asked. I am guessing they are pre-assigned in the sense that each card has a unique ID that is later mapped to the database. > > Does the Web UI make sure to hide the number->attendee mapping? Don't know that either, but I agree that it should. It hasn't been fully designed yet. Will ask that they do this. > > -Ekr > Ole J. Jacobsen Editor and Publisher, The Internet Protocol Journal Cisco Systems Tel: +1 408-527-8972 Mobile: +1 415-370-4628 E-mail: ole@xxxxxxxxx URL: http://www.cisco.com/ipj _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf