Let me ask for your opinion Christian (or anyone else for that matter). If a device is assigned a private/public key-pair and the identifier for the device is a hash of the public-key, is the identifier private? Is the identifier trackable even when its network location is not generally known, not advertised publicly, and possibly changing frequently? Dino > On Oct 11, 2017, at 12:34 PM, Christian Huitema <huitema@xxxxxxxxxxx> wrote: > > On 10/11/2017 10:32 AM, Padma Pillay-Esnault wrote: >> but you do not need a reference to a permanent identity for that -- systems similar to CGA would work just fine. >> >> >> The identity of the device is just adding a lever of identifier which effectively allows authentication to modify the identifiers used by that device but also what the users of these identifiers can look up. If we had used "user of identifier" it would have been misconstrued for humans. So damn if you do and damn if you don't ... >> >> We are open for discussions anytime. >> > > Some thing you should be hearing is that "long term identity of device" has almost the same privacy properties as "long term identity of the device's owner". You may think that identifying a random piece of hardware is no big deal, but it turns out that the network activity and network locations of that piece of hardware can be associated to those of its human owner. So you need the same kind of protection for these device identifiers as for human identifiers. > -- > Christian Huitema >