> > > The aim of this draft is to adapt the current RFC to the latest > > European law > > http://europa.eu/rapid/press-release_IP-12-46_en.htm?locale=en > > Can you please identify the exact clause in the proposed EU regulation that > would require pseudo-random IIDs that change when the subnet prefix > changes?
Randomization of IID is my proposed solution to the privacy issues discussed in EU regulation. "Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer's IP address. The EU Charter of Fundamental Rights says that everyone has the right to personal data protection in all aspects of life: at home, at work, whilst shopping, when receiving medical treatment, at a police station or on the Internet." Not changing the IID after a period of time gives attackers the ability to invade an entity's privacy. > All I can see in the EU PR release is a hint that "your computer's IP address" > might be considered to be personal data, and might therefore be covered by > privacy regulations. > Even if you can identify the exact clause, we don't normally take account of > specific national or regional legislation in IETF standards. > I think the scarecrow references to EU regulation should be deleted. This law was a reference for me as a meaning of privacy. I did not want to use my personal opinion of the definition of privacy. I will delete that reference if there is no need for it. > It would be more useful if the draft contained a threat analysis. > As far as I can see, if I set the RFC 4941 timer to a reasonable value, my > IID will > change much more often than my subnet prefix. I will add this section, thanks > I don't understand the concern about CGA. A network that uses SEND is highly > unlikely to allow RFC 4941. In that RFC is an explanation stating that there is a possibility for using CGA to generate a higher randomized IID but there is nothing mentioned on how to accomplish this. Here I used a modified version of that algorithm without any public/private key because here we want to address the privacy issues and not security issues. Thanks, Hosnieh -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
