Hi SM,
Thank you for updating the draft.
One comment I have when reading this reco from your draft:
It is recommended that an identifier be used at the layer at which
its functionality is necessary for communication to be
established.
is, from a privacy perspective, there is no justification for it. If the
information is present in the packet, does it really matter if it is used in
other layers? Why reusing that info will impact the privacy? Take the example
of TCP that use the IP address for the pseudo header checksum, SIP, SDP, etc.
If you have in mind particular identifiers, it would be valuable to explicit
them rather than having a generic statement.
If we take the example of an IP address as an identifier, even if it is
revealed in various layers, this does not mean that one single individual/user
is associated with that identifier. Take the example of multiple machines
behind the same CPE, or multiple subscribers behind the same CGN, etc.
Nevertheless:
* the configuration of a browser may be used easily to track user (e.g.,
https://panopticlick.eff.org/)
* some application headers (e.g., referer) may contribute to ease the
correlation between many pieces of information (e.g., a web email account and a
social networking account for instance)
Discussing issues related to correlating information leaked by applications
would be useful to record in this document.
Cheers,
Med
>-----Message d'origine-----
>De : [email protected] [mailto:[email protected]]
>De la part de S Moonesamy
>Envoyé : samedi 14 septembre 2013 17:28
>À : [email protected]
>Objet : [ietf-privacy] Privacy and Identifiers - draft-moonesamy-privacy-
>identifiers-01
>
>Hello,
>
>The initial version of draft-moonesamy-privacy-identifiers was
>submitted over a year ago. There was some discussion about the draft
>on this mailing list. I submitted
>draft-moonesamy-privacy-identifiers-01 (
>http://tools.ietf.org/html/draft-moonesamy-privacy-identifiers-01 ).
>
>Anyone who feels strongly about privacy might find it the main change
>(first paragraph of Section 1) of some interest as it is a good start
>to understand the relation between privacy and secrecy.
>
>I added a reference to RFC 6973 as it may be useful for authors
>writing IETF specifications.
>
>The draft restricts to a brief discussion of privacy and
>identifiers. The intent is to keep it easy for the reader and
>encourage the person to think about identifiers from a privacy
>perspective. The draft does not focus on the technical aspects so as
>to be accessible to a technical and non-technical audience.
>
>I would appreciate comments about the draft.
>
>Regards,
>S. Moonesamy
>
>_______________________________________________
>ietf-privacy mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/ietf-privacy
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
