Re: [perpass] privacy implications of UUIDs for IoT devices

On 10/05/2016 09:01 PM, George Michaelson wrote: > As an example the IEEE MAC registry is really only to provide > uniqueness, but its been demonstrated to act as a passive-capture > mechanism to identify probable host architecture from on-the-wire > sniffs. This then leads directly to: "If its a

Re: [perpass] privacy implications of UUIDs for IoT devices

On 10/06/2016 08:15 AM, Stephen Farrell wrote: > Hiya, > > So I think this is a recurring theme in various protocols > and note that the drafts referenced in this thread overnight > [1,2,3,4] total 134 pages of text. So istm that there is > scope for a bit of generic guidance on the specific

Re: [perpass] privacy implications of UUIDs for IoT devices

On 10/05/2016 09:09 PM, Dave Thaler wrote: > The issue with IEEE MAC's is that it's sent to untrusted observers, not that > it is a stable identifier per se. > It just so happens that you typically don't have a choice but to send it in > packets such that it can be observed > by untrusted

Re: [perpass] privacy implications of UUIDs for IoT devices

On 10/05/2016 08:54 PM, Peter Saint-Andre - Filament wrote: > Over on the CORE WG list, we've had a little discussion about the > desirability (or not) of unique identifiers for devices in the Internet > of Things. The message below provides some context. > > I'd be curious to learn more about

Re: [perpass] privacy implications of UUIDs for IoT devices

On 13 October 2016 at 21:23, Fernando Gont wrote: > On 10/05/2016 09:09 PM, Dave Thaler wrote: >> The issue with IEEE MAC's is that it's sent to untrusted observers, not that >> it is a stable identifier per se. >> It just so happens that you typically don't have a choice

Re: [perpass] privacy implications of UUIDs for IoT devices

The MAC address issue is situational. When a device is moving, you want it not tracked, and you want the MAC random. At home, you don't care about the device privacy, and you want an easy way to do an inventory of what is on the network. -- Christian Huitema > On Oct 14, 2016, at 8:07 AM,

Re: [perpass] privacy implications of UUIDs for IoT devices

In fairness, the vast majority of people have no such need "at home". I would wager that 99.9% of people who use networked devices on a daily basis have no idea what a MAC address is, would be at least somewhat concerned that that sort of consistent data was leaking from them constantly, and have

Re: [perpass] privacy implications of UUIDs for IoT devices

On 10/14/16 12:23 AM, Fernando Gont wrote: The issue with MAC addresses is that they are constant across networks when, if anything, they just need to be stable within the same subnet. Besides, they have semantics (vendor ID) when in fact they need not. While I understand the concern, this

Re: [perpass] privacy implications of UUIDs for IoT devices

On 10/14/16 12:28 PM, Robin Wilton wrote: +1, plus a small further comment: Paul says "if this feature didn't exist, we'd have to invent an overt equivalent" as if that's a bad thing. From my perspective, that kind of design decision ought always to be an overt one - especially where, as

Re: [perpass] privacy implications of UUIDs for IoT devices

+1, plus a small further comment: Paul says "if this feature didn't exist, we'd have to invent an overt equivalent" as if that's a bad thing. >From my perspective, that kind of design decision ought always to be an overt >one - especially where, as Stephen implies, an occasional use-case