[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Notes about identifier - locator separator

To: <multi6@ops.ietf.org>
Subject: RE: Notes about identifier - locator separator
From: "Christian Huitema" <huitema@windows.microsoft.com>
Date: Fri, 8 Nov 2002 14:53:22 -0800

> >>>>> "Tony" == Tony Li <Tony.Li@procket.com> writes:
>     Tony> I know less about security than Ran, but wouldn't having a
> number
>     Tony> of pseudonyms help avoid the privacy issue?
> 
>   Ran's point is that nobody is depending upon the IP addresses
> (whether they are locators or end-point identifiers) to do tracking.

Well, if we specify that all packets shall carry a unique identifier
that is independent of the location we certainly facilitate tracking,
don't we?

To answer Tony's question: there are indeed possible mitigations. One is
to simply hide the identifier inside an encrypted portion of the packet.
Another may be to have the identifier be function of the locator, as in
e.g. hash(locator, secret identifier value). Yet another is to not carry
an identifier in every packet, and to simply use some kind of "binding
update" mechanism to link the address/locator with an identity of some
form. 

-- Christian Huitema

Follow-Ups:
- Re: Notes about identifier - locator separator
  - From: RJ Atkinson <rja@extremenetworks.com>

Prev by Date: Re: Notes about identifier - locator separator
Next by Date: SIP again
Previous by thread: RE: Notes about identifier - locator separator
Next by thread: Re: Notes about identifier - locator separator
Index(es):
- Date
- Thread