Re: [Int-area] request to consider sponsoring http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-scenarios-04

Wed, 12 Mar 2014 03:49:25 -0700 

Hi Scott, all,

In addition to what is mentioned by Joe, RFC6967 provides some recommendations:

   ".. the following design considerations are to be taken into
   account:

   o  It is recommended that HOST_IDs be limited to providing local
      uniqueness rather than global uniqueness.

   o  The address-sharing function should not use permanent HOST_ID
      values."

A detailed audit should be conducted for specific solutions. These solutions 
should follow the guidelines provided in RFC6967:

"
   HOST_ID specification document(s) should explain the privacy impact
   of the solutions they specify, including the extent of HOST_ID
   uniqueness and persistence, assumptions made about the lifetime of
   the HOST_ID, whether and how the HOST_ID can be obfuscated or
   recycled, whether location information can be exposed, and the impact
   of the use of the HOST_ID on device or implementation fingerprinting.
   [IAB-PRIVACY] provides further guidance.
"

draft-boucadair-intarea-host-identifier-scenarios does not specify a solution 
but enumerate use cases in which host identification issues are encountered. 
Citing privacy considerations discussed RFC6967 would be fine. 

Cheers,
Med

>-----Message d'origine-----
>De : Int-area [mailto:[email protected]] De la part de Joe Touch
>Envoyé : lundi 10 mars 2014 18:44
>À : Scott Brim
>Cc : [email protected];
>Internet Area; [email protected]
>Objet : Re: [Int-area] request to consider sponsoring
>http://tools.ietf.org/html/draft-boucadair-intarea-host-identifier-
>scenarios-04
>
>
>
>On 3/10/2014 10:16 AM, Scott Brim wrote:
>> Joe, http://
>> <http://tools.ietf.org/html/rfc6967#section-3>tools.ietf.org
>> <http://tools.ietf.org/html/rfc6967#section-3>/
>> <http://tools.ietf.org/html/rfc6967#section-3>html
>> <http://tools.ietf.org/html/rfc6967#section-3>/rfc6967#section-3
>> <http://tools.ietf.org/html/rfc6967#section-3> says that a host-id will
>> be generated anew any time the endpoint IP address changes, perhaps more
>> often.
>
>I believe you're referring to:
>
>    "... a distinct HOST_ID may be used by the address-
>    sharing function when the host reboots or gets a new internal IP
>    address."
>
>That's not a requirement; it's an example. This doc is a survey; no one
>rule applies everywhere.
>
>> Is that wrong? It's hard to do a privacy audit if the behavior isn't
>> agreed on.
>
>Again, it's a survey. An audit would apply to a given approach.
>
>Joe
>
>_______________________________________________
>Int-area mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/int-area

_______________________________________________
Int-area mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/int-area

Reply via email to