>>>>> "Alexandru" == Alexandru Petrescu <alexandru.petre...@gmail.com> writes:
>> On 04/02/2013 12:55 PM, Alexandru Petrescu wrote:
>>>> IMO, you should follow what appears to be the consensus on the
>>>> subject: set the IID in whatever way you want,
>>>
>>> About this there is a tendency to agreement. The privacy aspect
>>> should be considered, balanced by a privacy-to-mobility tradeoff.
>>
>> Which privacy aspect?
Alexandru> Offer privacy by default: avoid a reversible mapping VIN-to-
Alexandru> InterfaceID. Because, if a reversible mapping
Alexandru> VIN-to-InterfaceID
Alexandru> existed, then it could be exploited by attackers by
Alexandru> reversing the
Alexandru> InterfaceID back into VIN, and exposing this personal
Alexandru> information to
So, I have a question: how much privacy is actually contained in the
VIN or indexed by the VIN? Given that it's printed on the windshield.
Yes, it contains model, year and manufacturer of the car, but all of
that information is also visible by looking at the vehicle.
So the concern is that it be if the VIN can be discovered during an
online transaction of some kind that bad things can happen. Is any
priviledge going to be attached to the *VIN* itself (or to the address
derived from the VIN). Note that this doesn't meant that the car
doesn't have a private key with a certificate attaching that private key
to the VIN such that the vehicle can do interesting things with the
manufacturer systems, etc.
If there are databases indexed by VIN, I wonder if that in itself isn't
a violation of privacy given that the VIN is rather publically
displayed.
(I imagine the Department of Motor Vehicles/DMV-equivalent) does this.
The DMV database is sometimes protected, sometimes private, and in some
jurisdictions rather porous if 1970 era episodes of Rockford Files and
Riptide are to be believed).
I am way more concerned about privacy concerns where the VIN, given that
it can be easily known, can then be used to derive the prefix that the
vehicle uses and then seek out that vehicle's systems electronically.
So, I'm saying that VIN->prefix via hash may be great protection for the
VIN, but it might be poor protection for the prefix.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
pgpE7dp_5W6rZ.pgp
Description: PGP signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
