[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unique identifiers and privacy

To: Christian Huitema <huitema@windows.microsoft.com>, Erik Nordmark <Erik.Nordmark@sun.com>
Subject: Re: Unique identifiers and privacy
From: Jukka Ylitalo <jukka.ylitalo@nomadiclab.com>
Date: Tue, 3 Aug 2004 04:55:19 +0300 (EEST)
Cc: Brian E Carpenter <brc@zurich.ibm.com>, Multi6 List <multi6@ops.ietf.org>
In-reply-to: <Roam.SIMC.2.0.6.1091385105.19527.nordmark@bebop.france>
References: <Roam.SIMC.2.0.6.1091385105.19527.nordmark@bebop.france>

I am concerned with the general statement that we should merely "do no
worse than the current state of the art". I am specifically concerned
with the use of long lived unique identifiers. We have already got
significant feedback on such identifiers in a number of products, e.g.
identifiers of CPU chips, identifiers of users of audio-video players,
host identifiers in IPv6, use of social security numbers in data bases,
and the list goes on. Any unique identifier is a privacy time bomb.


Hi Christian,

We have presented a HIP variant (see below) in our latest Cambridge
Security Workshop paper that offers identity privacy protection for
long lived unique identifiers, e.g., for HITs. I believe that it is
possible to apply the same mechanism with other wedge layer 3.5
identifiers.

"Jukka Ylitalo, and Pekka Nikander, "BLIND: A Complete Identity Protection Framework for End-points", to appear in Proceedings of the Twelfth International Workshop on Security Protocols, (Cambridge'04), Sidney Sussex College, Cambridge, England, April 26-28, 2004."

http://www.hut.fi/~jylitalo/publications/Cam04-Ylitalo-Nikander.pdf

br, Jukka

References:
- Re: Unique identifiers and privacy
  - From: Erik Nordmark <Erik.Nordmark@sun.com>

Prev by Date: Re: Install DNS mappings based on TLS/IPsec?
Next by Date: Comments on threats and things-to-think about
Previous by thread: Re: Unique identifiers and privacy
Next by thread: RE: Unique identifiers and privacy
Index(es):
- Date
- Thread