RE: Notes about identifier - locator separator

["Tony Li" <Tony.Li@procket.com>]

I know less about security than Ran, but wouldn't having
a number of pseudonyms help avoid the privacy issue?

I'd have no problems with a host that migrated its identifier
along a (one time pad) list of identifiers.  I would also
have no problem with a site border router that played mapping
games with the identifier.  But I know that some people will
then scream "NAT" and run away...

I don't see how you can not keep the locator visible to
the network elements, however.  ;-)

Tony


|   On Friday, Nov 8, 2002, at 12:37 America/Montreal, 
|   Christian Huitema 
|   wrote:
|   > There are a couple of issues with any proposal of that 
|   nature, and the
|   > main one is privacy. Having a unique identifier exposed 
|   to the network
|   > means that anybody on the path can track the presence and 
|   location of
|   > users, with consequence ranging from annoying (e.g. variations of
|   > telemarketing) to downright dramatic (e.g. missile 
|   auto-aining to a 
|   > cell
|   > phone).
|   
|   They can be tracked *anyway* using traffic analysis.  And the silly
|   Privacy stateless autoconfig thing currently specified does NOT
|   prevent user tracking either -- that spec does solve the marketing
|   problem about privacy, but only for people who don't understand how
|   real commercial user tracking happens at many web sites 
|   (particularly
|   sites that don't use cookies and rely on existing commercial traffic
|   analysis tools) today.
|   
|   Ran
|   
|   
|