El 08/07/2004, a las 20:58, Erik Nordmark escribió:
So it isn't clear to me what problem we are actually trying to solve
in the privacy space.
Looking at a very cool presentation made by Alberto Escudero at the
IPv6 cluster meeting, there is a definition of privacy rights as:
"1.The right to be left alone
2.The right to decide: when, how, and to what extent information
about them is communicated to others.
3.The right to secrecy, anonymity and solitude."
which it translates for mobile nodes as
"The capability of a mobile node to conceal the relation between
location and personal identifiable information from third parties
while the user is on the move."
(if you are interested, you can find the full presentation at the
author's home page http://www.it.kth.se/~aep/)
So, i agree with Erik that there are three roles that an app can play:
- Server
- Client
- p2p participant
I guess that the privacy concerns don't apply to the server role, since
it is the server's will to be publicly available, in order to be
reachable by clients.
So, imho the clients may require some privacy features. Basically this
means (trying to apply above definition) that a client may wish to
conceal the act that it is the same client who performs different
communications. That is, if a client contacts a given server, then this
client may wish to conceal the fact that he is contacting the same
server again, or another server. So, privacy in a client, for me is
being capable of hiding that the same client have performed multiple
communications with the same of different servers.
In the case of p2p participants, i guess that the main difference from
the server case is that the p2p participant may not want to disclose
its identity to everyone (assuming that a server is a public server).
so in the case of a p2p participant it may behave in a hybrid mode,
where it allows some nodes to be able to recognize it as the same of
previous communications, while in other cases, it may which not to be
recognized.
Now, imho, this goals don't impose that we have to have different
identities for different interfaces, but that we need different
identities for different communications.
The problem as usual, is how the wedge layer can find out which packets
belong to which communication.
I guess that in the current arch, privacy extensions provide some
support for this, and it is based on periodically changing the iid. i
guess we could try to do the same
Now, just to mix things a bit more, how would a solution like NOID
support the privacy requirements? Are the DNS times compatible with
this requirement?