>>>>> "Alexandru" == Alexandru Petrescu <alexandru.petre...@gmail.com> writes: >> On 04/02/2013 12:55 PM, Alexandru Petrescu wrote: >>>> IMO, you should follow what appears to be the consensus on the >>>> subject: set the IID in whatever way you want, >>> >>> About this there is a tendency to agreement. The privacy aspect >>> should be considered, balanced by a privacy-to-mobility tradeoff. >> >> Which privacy aspect?
Alexandru> Offer privacy by default: avoid a reversible mapping VIN-to- Alexandru> InterfaceID. Because, if a reversible mapping Alexandru> VIN-to-InterfaceID Alexandru> existed, then it could be exploited by attackers by Alexandru> reversing the Alexandru> InterfaceID back into VIN, and exposing this personal Alexandru> information to So, I have a question: how much privacy is actually contained in the VIN or indexed by the VIN? Given that it's printed on the windshield. Yes, it contains model, year and manufacturer of the car, but all of that information is also visible by looking at the vehicle. So the concern is that it be if the VIN can be discovered during an online transaction of some kind that bad things can happen. Is any priviledge going to be attached to the *VIN* itself (or to the address derived from the VIN). Note that this doesn't meant that the car doesn't have a private key with a certificate attaching that private key to the VIN such that the vehicle can do interesting things with the manufacturer systems, etc. If there are databases indexed by VIN, I wonder if that in itself isn't a violation of privacy given that the VIN is rather publically displayed. (I imagine the Department of Motor Vehicles/DMV-equivalent) does this. The DMV database is sometimes protected, sometimes private, and in some jurisdictions rather porous if 1970 era episodes of Rockford Files and Riptide are to be believed). I am way more concerned about privacy concerns where the VIN, given that it can be easily known, can then be used to derive the prefix that the vehicle uses and then seek out that vehicle's systems electronically. So, I'm saying that VIN->prefix via hash may be great protection for the VIN, but it might be poor protection for the prefix. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | network architect [ ] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
pgpE7dp_5W6rZ.pgp
Description: PGP signature
-------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------