[dns-operations] Embedding MAC address in DNS requests for selective filtering

Tony Finch dot at dotat.at
Mon Feb 1 11:40:40 UTC 2016

bert hubert <bert.hubert at powerdns.com> wrote:
> If this is done, I would highly recommend that it be done like this:
> 1) The CPE generates a random number (this by itself is already not easy)

The device should be provisioned with various private / unique keys (e.g.
for the WPA key), so it could be provisioned with a client-ID digest key
in the same way.

> 2) It hashes the MAC address together with this random number to end up with
> a locally persistent user identifier
> 3) All configuration is performed based on this locally unique but globally
> anonymous string.
> If we standardize it up, we might include words that mandate or urge an
> implementor to do it this way. Mind you, the actual MAC address might be
> 'personally identifiable' and the hashed one not, so regulators might even
> find a benefit in it.
> But, even an obfucated MAC address suffices to sell user traffic data...

Yes, the whole idea is rather distasteful.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Thames, Dover, Wight: Southwest veering west 6 to gale 8, occasionally severe
gale 9 at first. Moderate or rough. Rain at times. Good, occasionally poor.

More information about the dns-operations mailing list