On 6 Oct 2016, at 09:44, "John Levine" <[email protected]> wrote:
> In article
> <cy1pr03mb2265659f67817df02f3fcf29a3...@cy1pr03mb2265.namprd03.prod.outlook.com>
> you write:
>> The issue with IEEE MAC's is that it's sent to untrusted observers, not that
>> it is a stable identifier per se.
>> It just so happens that you typically don't have a choice but to send it in
>> packets such that it can be observed
>> by untrusted observers, hence the need to use randomized MACs.
>
> It's not just that, it's that MACs have a structure and there's a
> registry of prefixes so you can look at a MAC and know who the
> manufacturer is and usually what kind of device it is. For example,
> prefix 2C-BE-08 is Apple, and anything with that prefix is probably a
> Macbook.
>
> If the unique ID is a version 4 UUID with no structure, I'd think
> those particular problems would go away. There may well still be
> stuff you can derive from knowing that this device now is the same
> as that device then.
+1 ; any time you have a unique/linkable identifier that is sent without the
user's knowledge/involvement, it undermines users' agency and therefore the
trustworthiness of the system as a whole.
Yrs.,
Robin
>
> R's,
> John
>
> _______________________________________________
> perpass mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/perpass
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
