Relax privacy considerations text on correlation of long and short addresses

Tag: WGLC

Tero Kivinen wrote (https://mailarchive.ietf.org/arch/msg/6tisch/jTAFrLJfp6qfJ3t5UuKBJW3P2RI):

Also outsiders can also do the same guess, so they will be able to coordinate the short address 0x0010 to the extended address quite easily, even when the section 11 claims otherwise.

I see this as a privacy concern, where based on the timing, an attacker would be able to correlate an extended address of the pledge with the short address. Do you have a proposal on how we could tackle this?

No. I think privacy concerns are so hard that we cannot solve them. We can help them by doing things we do here, i.e., assigning short addresses which are transmitted in encrypted format, but that does not solve the problem, it just makes it harder. I think that is only thing we can do, but we should not try to claim this solves the problem.

If I rephrase the Privacy Considerations text adding something like:

"Note that an eavesdropper with access to the radio medium during the join process is able to correlate the assigned short address with the extended address based on timing information with a non-negligable probability. This probability decreases with an increasing number of pledges joining concurrently."

and relax the statement that the assignment of short addresses "mitigates" the risks to "reduces", would that be OK for you?