Hi Ben,
At 08:32 PM 03-11-2017, Ben Campbell wrote:
The draft says the UAC MUST NOT include a sip.instance tag with the
MEID in a request intended to be anonymous, and that the service
provider MUST NOT forward it towards the UAS. That seems as
relevant today as in 2009 or 2014. It may well be that the guidance
in 5626 is not sufficient to guarantee anonymity, but I don't see
how that would change the guidance in this draft. Is there something
in particular you would like to see?
From the draft:
"MEID a globally unique identifier that identifies mobile devices
used in the 3GPP2 networks."
The BCP states that "It is therefore timely to revisit the security
and privacy properties of our standards". This draft is about using
the MEID in the in the "+sip.instance". Shouldn't the properties be
revisited instead of relying on what was written in 2009?
I'm guessing that is because the affiliation change since the
shepherd did the writeup. Is there a specific concern there? The
writeup does say that the author stated that he was not aware of any
IPR, which is our usual standard.
I found it unusual that the write-up included a comment about
"affiliation". It seems better to provide clear information about
that instead of leaving the reader guessing or, as in this case, to
ask whether there is a specific concern about IPR.
Regards,
S. Moonesamy