On Wed, Jan 11, 2023 at 1:03 PM Marc Blanchet <marc.blanc...@viagenie.ca> wrote: > > My 2 cents. an object shall have a mandatory unique identifier. I think we > are going way too far by removing a unique (random) object identifier for the > purpose of privacy. A UID/UUID does not provide any privacy related info. I’m > aware of the cross references, but I just think we are going way too far. I > would vote for keeping the UID as mandatory, since for an implementer > perspective, I can keep this object and its UID, put it in a database and > know when I have an updated version of that object because the UID is unique > and mandatory. Without UID, all objects are different, and this is no fun to > correlate: I would potentially have multiple copies of the same object > without being able to flush them out, unless a do a full deep comparison, > which does not make any sense. >
I disagree with dismissing cross-reference privacy leaks. They should be taken into consideration. Also, what do you mean by "mandatory unique identifier"? What is the scope of uniqueness? If it's unique within the scope of the response, I think that is ok. If the mandatory scope is broader, I think that is a problem. -andy _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
