On 10/11/2017 12:39 PM, Dino Farinacci wrote: > Let me ask for your opinion Christian (or anyone else for that matter). If a device is assigned a private/public key-pair and the identifier for the device is a hash of the public-key, is the identifier private? The proper question is, what are the privacy properties of the identifier. And there, there are two big scenarios: casual observation, and proof of ownership. Casual observation is what happens when the identifier can be shown in network traffic, logs, etc. There, the properties vary depending on how the hash is constructed. If H = hash(public-key), then the identifier is static, and the privacy properties are just the same as publishing the public key -- which means, mostly terrible, as EKR said. On the other hand, if H = hash(public-key|something-that-changes-for-every-session-and-is-hard-to-predict), then the properties are similar to privacy preserving IPv6 addresses. Many of the scenarios seem to require proof-of-ownership, as in "proving that the device can legitimately use the ID by demonstrating ownership of the public key behind the ID". In that case, you are effectively publishing the public key. If the public key is static and permanent, that is a pretty strong identifier with terrible privacy properties. On the other hand, if you can pick a new public key for every session, then the privacy properties are reasonable. -- Christian Huitema > > Is the identifier trackable even when its network location is not generally known, not advertised publicly, and possibly changing frequently?