Let me ask for your opinion Christian (or anyone else for that matter). If a device is assigned a private/public key-pair and the identifier for the device is a hash of the public-key, is the identifier private?
Is the identifier trackable even when its network location is not generally known, not advertised publicly, and possibly changing frequently? Dino > On Oct 11, 2017, at 12:34 PM, Christian Huitema <[email protected]> wrote: > > On 10/11/2017 10:32 AM, Padma Pillay-Esnault wrote: >> but you do not need a reference to a permanent identity for that -- systems >> similar to CGA would work just fine. >> >> >> The identity of the device is just adding a lever of identifier which >> effectively allows authentication to modify the identifiers used by that >> device but also what the users of these identifiers can look up. If we had >> used "user of identifier" it would have been misconstrued for humans. So >> damn if you do and damn if you don't ... >> >> We are open for discussions anytime. >> > > Some thing you should be hearing is that "long term identity of device" has > almost the same privacy properties as "long term identity of the device's > owner". You may think that identifying a random piece of hardware is no big > deal, but it turns out that the network activity and network locations of > that piece of hardware can be associated to those of its human owner. So you > need the same kind of protection for these device identifiers as for human > identifiers. > -- > Christian Huitema > _______________________________________________ lisp mailing list [email protected] https://www.ietf.org/mailman/listinfo/lisp
