Incorrect randomness claim in 50-privacy.md
Closed this issue · 4 comments
Privacy of traceparent field
section incorrectly states that trace-id
is randomly generated. Section should be modified such that PII in trace ids is discouraged or forbidden, and randomness suggested as a possible solution.
Leaving this issue open to decide if we can backport this (#482) to level-1 of the spec.
I feel the wording in #482 ("“MUST NOT contain PII”) is sufficiently backwards compatible to backport, since the Level 1 spec indirectly talks about not exposing user-identifiable information.
@plehegar , based on a discussion on this in a recent working group meeting, we wanted to get your thoughts on this.
Assigned to Philippe per our discussion in the DT working group meeting today, thanks Philippe!
Closing this one as we have a separate issue to track republishing of level 1 spec to include this fix.