Codel stores the minimum client data required to validate Documents, VRs, Audit Trails etc, in accordance with our Data Storage Objectives.
The only data we MUST store are relevant hashes together with a time stamp from a trusted source.
It may be that, for a number of reasons, the owner of the relevant hashes may also wish to store other carefully selected non sensitive identifying details, such product name, consignment numbers, destinations, bid numbers etc. These, however, are usually optional and rarely required by Codel.
Exceptions include our email validation protocol, which requires us also to store keys and source identifiers so that we can verify the identity of parties to an email communication. But even these are not in a form of any use to an attacker. For example, the source id might well be the sender's public key. As this is, by definition, already in the public domain, it is of little benefit to an attacker. (but see further comment here)
The choice, therefore, of what additional data to make available online
is the clients, with the exception that we will, in line with our second
objective, decline to store data of obvious significant value to attackers.
Brand owners using our anti-counterfeit protocol or manufacturers using the system for tracking goods through the supply chain may, for example, wish to include routine shipping data - the sort you would normally expect to find on a consignment note or bill of lading: Shipping source, Destination, Date of shipping, Courier id, Package or Container IDs, Product type and quantities. None of which will assist counterfeiters in creating valid VRs but could be of use to industrial competitors trying to estimate the scale of the manufacturers market and production capacity. Hence the need to protect ourselves against attacks even against the "non sensitive" data.
