Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Stephen Farrell
Hiya, So I think this is a recurring theme in various protocols and note that the drafts referenced in this thread overnight [1,2,3,4] total 134 pages of text. So istm that there is scope for a bit of generic guidance on the specific issues about which Peter is asking, i.e. guidance on what kinds

Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Michael Richardson
Stephen Farrell wrote: > So I think this is a recurring theme in various protocols > and note that the drafts referenced in this thread overnight > [1,2,3,4] total 134 pages of text. So istm that there is > scope for a bit of generic guidance on the

Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Hugo Maxwell Connery
Hi, (I was trying to not reply to this topic, but have failed.) I am very happy to see this community addressing this topic. I think it is really difficult; the implications for different actors with differing motives illuminate the challenge. 1. I want to be able to control my devices to be

Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Michael Richardson
Dave Thaler wrote: > https://tools.ietf.org/html/draft-thaler-core-redirect-00#section-1 is > a short summary I wrote last month about this problem. okay, so it just lets one repeat the query over COAPS. With (D)TLS <=1.2, the server still reveals it's

Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Michael Richardson
Christian Huitema wrote: >> I think people need to go and read draft-ietf-netconf-zerotouch >> and draft-ietf-anima-bootstrapping-keyinfra. > Another useful draft is draft-winfaa-intarea-broadcast-consider. It was > precisely motivated by the use of unique

Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Michael Richardson
Brian E Carpenter wrote: > That doesn't mean it needs to be visible in clear after bootstrap. I'm just keeping this here to emphasis the point. -- Michael Richardson , Sandelman Software Works -= IPv6 IoT consulting =-

Re: [perpass] privacy implications of UUIDs for IoT devices

2016-10-06 Thread Stephen Farrell
On 06/10/16 15:09, Michael Richardson wrote: > I will volunteer, and I'll do this publically so that you'll hold me to it. > Expect it by draft cut-off date. > Excellent, thanks! S. signature.asc Description: OpenPGP digital signature ___