-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/03/13 12:00, Michael Richardson allegedly wrote: > >>>>>> "Alexandru" == Alexandru Petrescu >>>>>> <alexandru.petre...@gmail.com> writes: >>> On 04/02/2013 12:55 PM, Alexandru Petrescu wrote: >>>>> IMO, you should follow what appears to be the consensus on >>>>> the subject: set the IID in whatever way you want, >>>> >>>> About this there is a tendency to agreement. The privacy >>>> aspect should be considered, balanced by a >>>> privacy-to-mobility tradeoff. >>> >>> Which privacy aspect? > > Alexandru> Offer privacy by default: avoid a reversible mapping > VIN-to- Alexandru> InterfaceID. Because, if a reversible mapping > Alexandru> VIN-to-InterfaceID Alexandru> existed, then it could be > exploited by attackers by Alexandru> reversing the Alexandru> > InterfaceID back into VIN, and exposing this personal Alexandru> > information to > > So, I have a question: how much privacy is actually contained in > the VIN or indexed by the VIN? Given that it's printed on the > windshield. Yes, it contains model, year and manufacturer of the > car, but all of that information is also visible by looking at the > vehicle. > > So the concern is that it be if the VIN can be discovered during > an online transaction of some kind that bad things can happen. Is > any priviledge going to be attached to the *VIN* itself (or to the > address derived from the VIN). Note that this doesn't meant that > the car doesn't have a private key with a certificate attaching > that private key to the VIN such that the vehicle can do > interesting things with the manufacturer systems, etc.
I figured you knew this already - it's about correlation. IP addresses, for a familiar example, are not a problem in and of themselves. However, they are considered personal information, not to be revealed without justification, because they are relatively constant across multiple interactions, in all of which one or more of a person's identifying tokens will be present (e.g. cookies or an email address or just a session layer ID). Not only that but as you move and your IP address changes, the new IP address's traffic can be correlated with the old one, because some other details persist across the change. Because of that, because different pieces of communicated information have overlapping lifetimes, correlations can be drawn between many of them and all sorts of stuff can be gleaned. I can find out that the guy I've hired as a contract killer occasionally goes to the FBI office in the next town, for example. Same with a VIN - -- the problem is not exposing the VIN, it's having the VIN be associated with many other personal attributes on open networks. Scott -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFcbDkACgkQF0TR2hENFASJ5QCgic6v0Udi+O7+p7kzYhQF7/bl UC8AoKLXQj3xFtoGTuY2LxXfy9C+JGCA =kbYL -----END PGP SIGNATURE----- -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------