cjpatton
commented
4 months ago I think the only thing we can do here is not the attack in privacy considerations. Note that this is not an attack on the task binding property of the draft, but only the provisioning part.
@bemasc pointed out the following attack at IETF 118. A malicious Author can provision a Client with a unique task that allows it to track uploads from the Client over time. This might allow it to collude with the Leader and track where they are.
Is this an attack we're concerned about?