This is not the "normal" 3GPP IMS scenario. In IMS the device as a whole is considered as a single UA, multiple IMS applications will need to share a common registration procedure that is provided by the underlying OS.
Otherwise multiple IMS registrations from different applications on a 3GPP terminal will likely conflict with each other if they do not share a common registration mechanism that registers all IMS apps using a common registration procedure. In IMS, contacts from the same entity are overwritten by subsequent registrations. Which means that if each app were to register individually then any contact parameters such as feature tags from a previous registered app would be overwritten by the latest registering app.
Therefore the registration function and the instance ID will likely be part of the OS and not the application.
In any case RFC 5626 says nothing about requiring instance IDs to be wiped or regenerated when the UA is transferred to another user or that the UA cannot be embedded in non volative. It doesn't even barr the instance ID being delivered to other users.
http://datatracker.ietf.org/doc/draft-allen-dispatch-imei-urn-as-instanceid/ goes a lot further than RFC 5626 in addressing privacy of the instance ID in that regard.
Andrew
From: Tim Bray [mailto:tbray@xxxxxxxxxxxxxx]
Sent: Saturday, July 20, 2013 04:07 PM Central Standard Time
To: Scott Brim <scott.brim@xxxxxxxxx>
Cc: Andrew Allen; ietf@xxxxxxxx <ietf@xxxxxxxx>
Subject: Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
Sent: Saturday, July 20, 2013 04:07 PM Central Standard Time
To: Scott Brim <scott.brim@xxxxxxxxx>
Cc: Andrew Allen; ietf@xxxxxxxx <ietf@xxxxxxxx>
Subject: Re: Last call: draft-montemurro-gsma-imei-urn-16.txt
Except that for normal usages at the application level, the UUID is generated by the app and placed in its private per-app storage, which is always erased on a factory-reset. To Andrew Allen: I strongly recommend factory-resetting your phone
before you sell it, and also factory-resetting any phones you buy second-hand, just to be sure. Most people do this, for good reason. -T
On Sat, Jul 20, 2013 at 1:55 PM, Scott Brim
<scott.brim@xxxxxxxxx> wrote:
On Sat, Jul 20, 2013 at 4:08 PM, Andrew Allen <aallen@xxxxxxxxxxxxxx> wrote:
> TimYou're not demonstrating that an IMEI is just as good, you're
>
> The quote is from RFC 5626 which also states:
>
> "3.1. Summary of Mechanism
>
> Each UA has a unique instance-id that stays the same for this UA even if the
> UA reboots or is power cycled."
>
> Since the UUID in the instance ID is also static how is this significantly
> different in terms of privacy concerns from the IMEI being used as an
> instance ID?
demonstrating that a UUID is just as bad.
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.