On Monday, January 7, 2019 4:32:04 PM EST Lennart Poettering wrote:
On Mo, 07.01.19 16:04, John Harris (johnmh(a)splentity.com) wrote:
> On Monday, January 7, 2019 3:18:10 PM EST Lennart Poettering wrote:
>
> > hence my recommendation to derive the any uuid for purposes like this
> > from /etc/machine-id, by using a HMAC of some kind (see other mail).
>
>
>
> I really don't think that this should be derived in any way from a machine
> id,
> if it really is meant to be used for counting users, rather than
> tracking.
Please read up on what I wrote above, and what an HMAC does. Deriving
some identifier from the machine ID doesn't mean you leak the machine
ID, but it means resetting the machine ID will also reset that
identifier, which is a useful property in this case.
Lennart
--
Lennart Poettering, Red Hat
My suggestion was not because of some fear that the machine ID would be
leaked, but rather my personal opinion that this UUID should not be derived in
any way from the machine ID. We need to first decide whether or not we want
containers and other declarative environments to be considered separate
machines.
--
John M. Harris, Jr. <johnmh(a)splentity.com>
Splentity
https://splentity.com/