Skip to content

Commit ecaed3d

Browse files
dyladankalyanaj
dyladan
and
kalyanaj
authored
Remove incorrect randomness claim from privacy considerations (#482)
* Remove incorrect randomness claim from privacy considerations * Update spec/50-privacy.md Co-authored-by: J. Kalyana Sundaram <[email protected]> Co-authored-by: J. Kalyana Sundaram <[email protected]>
1 parent 0c3135d commit ecaed3d

File tree

2 files changed

+4
-4
lines changed

2 files changed

+4
-4
lines changed

spec/50-privacy.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ Vendors MUST assess the risk of header abuse. This section provides some conside
66

77
## Privacy of traceparent field
88

9-
The `traceparent` field is comprised of randomly-generated numbers. If a random number generator leverages any user identifiable information like IP address as seed state, this information may be exposed. Random number generators MUST NOT rely on any information that can potentially be user-identifiable.
9+
The `traceparent` field MUST NOT contain any personally identifiable information. One way to achieve this is to randomly generate all trace IDs using a random number generator that does not expose any personally identifiable information. Any random number generator used for generating trace IDs MUST NOT rely on any information as input or seed state that can potentially be personally identifiable.
1010

1111
Another privacy risk of the `traceparent` field is the ability to correlate requests made as part of a single transaction. A downstream service may track and correlate two or more requests made in a single transaction and may make assumptions about the identity of the caller of a request based on information from another request.
1212

spec/60-trace-id-format.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,9 +22,9 @@ concerns](#privacy-considerations) of exposing unwanted information. Randomness
2222
also allows tracing vendors to base sampling decisions on `trace-id` field value
2323
and avoid propagating an additional sampling context.
2424

25-
As shown in the next section, it is important for `trace-id` to carry
26-
"uniqueness" and "randomness" in the right part of the `trace-id`, for better
27-
inter-operability with some existing systems.
25+
As shown in the next section, if part of the `trace-id` is nonrandom,
26+
it is important for the random part of the `trace-id` to be as far right in the
27+
`trace-id` as possible for better inter-operability with some existing systems.
2828

2929
### Handling `trace-id` for compliant platforms with shorter internal identifiers
3030

0 commit comments

Comments
 (0)