Hi Francis, Please see inline.
Cheers Med -----Message d'origine----- De : francis.dup...@fdupont.fr [mailto:francis.dup...@fdupont.fr] Envoyé : vendredi 9 septembre 2011 00:20 À : BOUCADAIR Mohamed OLNC/NAD/TIP Cc : Dan Wing; draft-boucadair-intarea-nat-reveal-analy...@tools.ietf.org; int-area@ietf.org Objet : Re: RE : [Int-area] IPv4 address sharing abuse [was RE: draft-boucadair-intarea-nat-reveal-analysis] In your previous mail you wrote: I don't know if you are talking about legal data storage or something else => no, I am talking about the privacy principle which is included in the European Convention on Human Rights and at the exception of the USA is in similar texts in all modern democracies. Med: OK. There is a section in the I-D which discusses privacy concerns. => yes, the I-D confirms the proposed mechanisms could reduce the privacy and decribes it as "what the source IP address does in a non-shared address environment". If this seems technically valid I remember well some European lawyers already described the IP source address as being a piece of personal data. As for your comment about IPv6, I'm afraid we have similar issues => no, in IPv6 we have RFC 4941 and the point of control is not at the same place (i.e., nobody trusts ISPs to protect privacy :-). Med: This is not the point. RFC4941 does not solve the issue of blacklisting for instance all hosts belonging to a given /64 prefix (e.g., all users of a hotel, IETF meeting, etc.). So if you still want to go forward I strongly suggest to make HOST_ID hard to reverse (i.e., to get the user should require the NAT logs) and short life. Med: We have this text in the current version. Do you think we should add more? The volatility of the HOST_ID information is similar to the source IP address: a distinct HOST_ID may be used by the address sharing function when the host reboots or gets a new internal IP address. If the HOST_ID is persistent it may be used to track a host (similar to persistent IP addresses). _______________________________________________ Int-area mailing list Int-area@ietf.org https://www.ietf.org/mailman/listinfo/int-area