IETF Logo Mail Archive

[Ecrit] Re: [Geopriv] New draft on Secure Location Objects

"Richard L. Barnes" <rbarnes@bbn.com> Mon, 06 November 2006 17:53 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gh8ei-0007mD-2D; Mon, 06 Nov 2006 12:53:08 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gh8eg-0007lq-D5; Mon, 06 Nov 2006 12:53:06 -0500
Received: from mx11.bbn.com ([128.33.0.80]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gh8ec-000269-3Z; Mon, 06 Nov 2006 12:53:06 -0500
Received: from dommiel.bbn.com ([192.1.122.15] helo=[127.0.0.1]) by mx11.bbn.com with esmtp (Exim 4.60) (envelope-from <rbarnes@bbn.com>) id 1Gh8eX-0005ym-5V; Mon, 06 Nov 2006 12:52:57 -0500
Message-ID: <454F766D.9090002@bbn.com>
Date: Mon, 06 Nov 2006 09:52:45 -0800
From: "Richard L. Barnes" <rbarnes@bbn.com>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: Henning Schulzrinne <hgs@cs.columbia.edu>
References: <454BD3C6.1060609@bbn.com> <6AD351BE-7106-4DF9-8902-70C6A1CA0534@cs.columbia.edu>
In-Reply-To: <6AD351BE-7106-4DF9-8902-70C6A1CA0534@cs.columbia.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 4b800b1eab964a31702fa68f1ff0e955
Cc: geopriv@ietf.org, ECRIT <ecrit@ietf.org>, Matt Lepinski <mlepinski@bbn.com>, Steve Kent <kent@bbn.com>
Subject: [Ecrit] Re: [Geopriv] New draft on Secure Location Objects
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: ecrit.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
Errors-To: ecrit-bounces@ietf.org

Henning,

You're certainly right that we don't need to revisit the arguments that 
have gone on about location signing (and other security issues).  In 
this draft, I think we were hoping to sidestep some of that by treating 
mechanisms for security separately from the underlying trust models.  
That is, this draft is trying to examine the tradeoffs of various 
security mechanisms, and their performance against security threats in 
current GEOPRIV and ECRIT documents -- independent of the trust model 
and associated semantics.

I agree that the trust model that supports GEOPRIV security is a 
complicated and difficult question, and one we should elaborate on more 
in our next draft.   We will try to incorporate the prior ECRIT and 
GEOPRIV discussions, in addition to the current documents.  However, we 
should bear in mind that the selection of a trust model is a separate 
and independent problem from defining formats and mechanisms that might 
rely on such a trust model.

Thanks,
--Richard

Henning Schulzrinne wrote:
> Richard,
>
> your author group may benefit from perusing the ECRIT and GEOPRIV 
> mailing list archives, as they discuss many of these issues in depth. 
> Unfortunately, issues such as what it means to sign a location (how 
> can the receiver tell who can legitimately sign for an unknown user's 
> location?) do not seem to be reflected in your draft. Given the long 
> and contentious debates on these topics, it would seem helpful to 
> avoid having them again, so I think you could do the working groups a 
> favor by reflecting those discussions in your draft. If you're able to 
> summarize and reflect on those issues, your draft could be potentially 
> useful to move the discussion forward, rather than just having the 
> same discussion again.
>
> Many of these items are already discussed in the L7 and conveyance 
> document, so it might be useful to reduce the overlap.
>
> Henning
>
>
> On Nov 3, 2006, at 6:41 PM, Richard L. Barnes wrote:
>
>> The issue of the security of location information in the GEOPRIV 
>> architecture has gotten a lot of discussion, so we wanted to examine 
>> some ways that security features might be embedded in location objects.
>>
>> The internet-drafts queue seems to be saturated, so please find 
>> draft-barnes-geopriv-secure-location-object-00.txt attached.
>>
>> Cheers,
>> --Richard
>>
>>
>>
>> Network Working Group                                          R. Barnes
>> Internet-Draft                                               M. Lepinski
>> Intended status: Informational                                  R. Watro
>> Expires: April 27, 2007                                 BBN Technologies
>>                                                         October 24, 2006
>>
>>
>>                         Secure Location Objects
>>              draft-barnes-geopriv-secure-location-object-00
>
>



_______________________________________________
Ecrit mailing list
Ecrit@ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit

v2.23.0 | Report a Bug | By Email