On 2011-11-15 15:26, Michael Richardson wrote:
> Brian Carpenter raised the point at the mic that we have to pay
> attention to privacy when it comes to the subnet-id. We shouldn't make
> it possible for members of the household to spy on each other.
>
> My understanding of the purpose of RFC4941 privacy extensions is to make
> is hard for an (off-path) observer (including web server operator) to
> trivially track a user from location to location by their EUI-64.
>
> The question is, do we have any similar requirements that we want to
> apply to subnet-id. The example that Brian gave in XMPP was:
>
> BEC> And if you have a separate subnet for the kids' bedroom...
> BEC> 'Honey, one of the kids is using Facebook again'
>
> if there is only one possible host on a particular subnet, then RFC4941
> can't help disguise who is doing what.
>
> My question is: what is the real issue here. It seems that the kind of
> things that 4941 deals with, are neither better nor worse. But maybe
> there are other things that we need to concern ourselves with.
Waxing philosophical, you can obfuscate an ID but you can't obfuscate
a locator. I really don't see a way out of this. If the admin can
run Wireshark, she can see the locator.
Brian
_______________________________________________
homenet mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/homenet
