Marshall Eubanks wrote: > > On Sep 14, 2009, at 12:29 PM, Scott Brim wrote: > >> Excerpts from Eric Rescorla on Sun, Sep 13, 2009 11:09:31PM -0700: >>> At Sun, 13 Sep 2009 21:19:53 -0700 (PDT), >>> Ole Jacobsen wrote: >>>> >>>> >>>> Eric, >>>> >>>> The local hosts are reading the messages on this list and will take >>>> appropriate steps including: >>>> >>>> * Not displaying the ID number <--> attendee mapping anywhere >>>> >>>> * Not assigning numbers sequencially >>> >>> That seems like a good start. As Richard and I have both indicated, >>> however, this system seems to have substantial residual privacy >>> risk, even if the identifiers are assigned completely unpredictably >>> (and note that non-sequential and unpredictable are not at all the >>> same thing). >> >> So don't carry it. Or carry it in your faraday cage passport holder. > > Maybe we could do a test of this as part of the meeting. I often tell > people that a metal lunch box or > aluminum foil should be sufficient, but it might be good to see how good > they (plus the holders you can buy) > really are. > > Also, since the RFID readers can be bought easily (they're probably at > Fry's), I would hope to hear of some good hack uses of this technology. I worked on RFID readers last year as part of an aborted tentative[1] to improve remote attendance for IETF meeting. I expected the kind of problems that people are (rightly so) worrying about currently, so I did a little bit of research on the privacy part. 125Khz tags needs to be completely enclosed in a Faraday cage with a double layer of conductive material. OTOH 13.56 Mhz tags can be isolated with a single layer of conductive material, and it works fine even if the material is only on one side or the card. I chose 13.56 Mhz tags because, at the difference of 125 Khz tag that can only carry a serial id, 13.56 Mhz tags can store data (i.e. name, affiliation) and I do like the idea of having only to destroy a card to improve my privacy (when it is in a database somewhere, it is no longer yours). Anyway, I designed a prototype of a card holder that permit to read the RFID card and the printed information when open, and prevent to read both when closed: http://ietf.implementers.org/rfid.jpg [1] http://ietf.implementers.org/IETF20081118.pdf -- Marc Petit-Huguenin Personal email: marc@xxxxxxxxxxxxxxxxxx Professional email: petithug@xxxxxxx Blog: http://blog.marc.petit-huguenin.org _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf
