On Fri, May 13, 2016 at 03:39:54PM +0500, Tariq Saraj <[email protected]> wrote a message of 70 lines which said:
> Dear group fellows, Frankly, I'm not sure I fully understand your message. > For distinguishing or tracing individual requires to identify > him/her first. This is not true. It's the opposite: you trace an individual, without knowing him and, if you want and can, you try to identify her. But, in some use cases, tracing is enough (research in marketing, for instance). > May I know if there is a document that can explain that the two main > issues discussed in RFC7626 "Identification of IP and in some cases > application" I disagree with this summary of RFC 7626. > can reveal Identity of an end user and how ? I don't think we have the same approach of security. You seem to say that, while the attacker did not get everything he wanted, there is no security problem. For me, if the attacker can get access to some information HE HAS NO BUSINESS TO KNOW, if is already a security issue. "My" approach is, by the way, the most common in security: do not wait until the ennemy is in the dungeon: even if he is still at the gates, you have a problem. > In simple the Impact of PM should be very clear regarding an end user > understanding. Text welcome. _______________________________________________ dns-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/dns-privacy
