Re: AW: Privacy (Was: Re: NAI decoration: User Identity issues)

[Jari Arkko <jari.arkko@piuha.net>]

Lothar Reith wrote:
> Is there any reason that the roaming consortium or the local access 
> network *needs* to know the  *true" user identity, in case of the 
> authenticating user (or the home network) requesting privacy ?

I don't think so (except maybe for some some legal interception
purposes).

In any case, the discussion has focused around giving some stable
identity (not necessarily the true identity) to the access network.
The purpose of this is to implement some business models where
there's per-user fixed price for roaming.

So, it is not necessary to give the true identity but even having
a stable identity will make it possible to do some correlation
of the user's movements, *assiming* access to NASes or cleartext RADIUS
traffic from them. Of course, the main problem of revealing
the user's identity to everyone on the access link is already
solved, if the identity does not appear in clear on the access
link. Typical EAP methods handle this with tunneling or temporary
pseudonyms.

--Jari

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>