Re: Unique identifiers and privacy

[Pekka Nikander <pekka.nikander@nomadiclab.com>]

[Catching up e-mail]

On Jul 9, 2004, at 21:31, Christian Huitema wrote:
> I am concerned with the general statement that we should merely "do no
> worse than the current state of the art". I am specifically concerned
> with the use of long lived unique identifiers. ...
>
> If we do use identifiers, we should obviously allow systems to create
> short-lived identifiers, and to use different identifiers for different
> activities. However, we should be very concerned with the default
> behavior. ....

For the record, I strongly agree with Christian.  This is an
important issue.

In my opinion, it is also important to make it sufficiently hard
to link the network layer identifiers of a mobile user.  That is,
if a host changes its point of attachment, the default should
be that it can use a new network layer identifier / identifiers at
the new location, and linking the old identifier(s) with the new
identifier(s) should be hard for the average non-participating
attacker / eavesdropper.  (What is hard enough is debatable, of
course.)

RFC3014 succeeds in fulfilling this goal for certain types
of traffic with suitable implementations (e.g. HTTP where the
underlying IP address is changed) but not for others.  Mobile IPv6
fails miserably, unfortunately.  MULTI6 should not make the situation
any worse,  and preferably should make it better.

--Pekka Nikander