mmccool
commented
5 years ago Part of this should be a description of the "information lifecycle" for IDs: when and how they are updated.
Closed mmccool closed 4 years ago
mmccool
commented
5 years ago Part of this should be a description of the "information lifecycle" for IDs: when and how they are updated.
mmccool
commented
4 years ago The security and privacy sections of the TD and Architecture documents were updated as part of the CR2/PR review cycle. In particular it was updated as part of making IDs optional in TDs. The information lifecycle (and the device lifecycle) are now part of the WoT WG charter renewal and are being discussed in architecture. So this can be closed for now, although we should review again in the next publication release.
We have gotten feedback that we have identified privacy risks but have not given as much clarity around mitigations. We should review the mitigation sections for TD ids and fingerprinting and ensure that recommended mitigations are clear.