On Wed, Nov 1, 2017 at 10:21 AM, Toerless Eckert <tte@xxxxxxxxx> wrote: > On Wed, Oct 11, 2017 at 12:34:19PM -0700, Christian Huitema wrote: >> Some thing you should be hearing is that "long term identity of device" >> has almost the same privacy properties as "long term identity of the >> device's owner". You may think that identifying a random piece of >> hardware is no big deal, but it turns out that the network activity and >> network locations of that piece of hardware can be associated to those >> of its human owner. So you need the same kind of protection for these >> device identifiers as for human identifiers. > > Sure, but i don't think it can be generalized: > > There will be more and more non-individually owned nodes in public and > corporate infrastructures where requirements will be quite different > from those derived from individual human privacy. > Toerless, That maybe true, but personal devices, such as smart phones and cars that are associated with individuals, are hardly going away anytime soon. How addresses are assigned to these devices has a material impact on individual privacy. Even right now there are two long threads on v6ops right now that are delving precisely into privacy of IPv6 addresses that may be relevant. This includes discussion about CGNAT and efforts by some governments to illegalize it because the privacy it gives is too strong for law enforcement. > If lets say those long term identifiers do not provide good human > privacy protection but good communications security properties and > managed transpacency for regulators then they could still be a great > benefit for those class of nodes. > > [rant] > > Trying to get more privacy into network layer is like making > tobacco more organic. You can get buried in the organic section > of the graveyard after you die of lung cancer. Great success! > > Aka: Where is the IETF on any warnings, architectures or recommendations > on the actual application layer: > Maybe there should be something like that. But, not unlike security, if the goal is to derive a system with good privacy characteristics then privacy should be considered at every layer including the networking layer. Tom