Re: [Geopriv] draft-ietf-geopriv-lbyr-requirements-02 ???
"Roger Marshall" <RMarshall@telecomsys.com> Tue, 01 April 2008 22:04 UTC
Return-Path: <geopriv-bounces@ietf.org>
X-Original-To: geopriv-archive@megatron.ietf.org
Delivered-To: ietfarch-geopriv-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9D2E53A6E44; Tue, 1 Apr 2008 15:04:47 -0700 (PDT)
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 538443A6E44 for <geopriv@core3.amsl.com>; Tue, 1 Apr 2008 15:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.444
X-Spam-Level:
X-Spam-Status: No, score=-2.444 tagged_above=-999 required=5 tests=[AWL=0.155, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QSr+co5IN+0h for <geopriv@core3.amsl.com>; Tue, 1 Apr 2008 15:04:44 -0700 (PDT)
Received: from sea-mimesweep-1.telecomsys.com (sea-mimesweep-1.telecomsys.com [206.173.41.176]) by core3.amsl.com (Postfix) with ESMTP id 612943A6CA3 for <geopriv@ietf.org>; Tue, 1 Apr 2008 15:04:44 -0700 (PDT)
Received: from SEA-EXCHVS-2.telecomsys.com (unverified [10.32.12.7]) by sea-mimesweep-1.telecomsys.com (Clearswift SMTPRS 5.2.9) with ESMTP id <T8616ed7f330a200c491b58@sea-mimesweep-1.telecomsys.com>; Tue, 1 Apr 2008 15:04:41 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 01 Apr 2008 15:04:40 -0700
Message-ID: <8C837214C95C864C9F34F3635C2A6575097B9FEC@SEA-EXCHVS-2.telecomsys.com>
In-Reply-To: <XFE-SJC-211SA1XvpFV000024eb@xfe-sjc-211.amer.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Geopriv] draft-ietf-geopriv-lbyr-requirements-02 ???
Thread-Index: AciUN/6MBK9ydjH3S3yie4aOf7wHgAABFR1Q
References: <47EE7EF1.90901@gmx.net> <XFE-SJC-2127KDSpCW400002129@xfe-sjc-212.amer.cisco.com> <47EF8D53.9060704@gmx.net> <XFE-SJC-2113jbONWDD0000231f@xfe-sjc-211.amer.cisco.com> <8C837214C95C864C9F34F3635C2A6575097B9ED6@SEA-EXCHVS-2.telecomsys.com> <XFE-SJC-211SA1XvpFV000024eb@xfe-sjc-211.amer.cisco.com>
From: Roger Marshall <RMarshall@telecomsys.com>
To: "James M. Polk" <jmpolk@cisco.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Cc: GEOPRIV <geopriv@ietf.org>
Subject: Re: [Geopriv] draft-ietf-geopriv-lbyr-requirements-02 ???
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: geopriv-bounces@ietf.org
Errors-To: geopriv-bounces@ietf.org
The Philly geopriv minutes reference a "129 bits of entropy...EKR statement..." - besides the obvious typo, the 128 bits of entropy there related to the security draft, http://www3.tools.ietf.org/html/draft-barnes-geopriv-lo-sec-02, whereas the stuff below came from a couple of Richard's (and others) discussion thread on Q3: 1. a snippet of Richard's response of one such message... R*: The dereference protocol MUST define an anonymized format for location URIs. This format MUST identify the desired LO by a random token with at least 128 bits of entropy (rather than an ! ^^^^^^^^^^^^^^^^^^^ explicit identifier, such as an IP address). Any URI whose dereference will not subject to authentication and access control MUST be anonymized. Link to above message: http://www.ietf.org/mail-archive/web/geopriv/current/msg05352.html 2. ...also an earlier email talking about (base) number examples which don't work... Example 1: Using a 5-digit number doesn't work, because that's only 10k queries, and I can write a script to run through those in a few minutes. Thus, you need more digits. Example 2: Using a 32-byte number doesn't work if you assign it sequentially, since I can just start from the bottom and win a lot faster than at random. Thus, the numbers need to be assigned at random. Link to complete message: http://www.ietf.org/mail-archive/web/geopriv/current/msg05346.html What was the resolution between unique & random? Whatever the outcome, it should probably be inserted into the lbyr-requirements draft, yes? -roger marshall. > -----Original Message----- > From: James M. Polk [mailto:jmpolk@cisco.com] > Sent: Tuesday, April 01, 2008 1:36 PM > To: Roger Marshall; Hannes Tschofenig > Cc: GEOPRIV > Subject: Re: [Geopriv] draft-ietf-geopriv-lbyr-requirements-02 ??? > > Roger > > There were comments in Philly that 128 was an arbitrary > number without backing, so why was it picked. There was also > discussion on the difference between unique and random in > Philly, which was resolved -- but that doesn't mean either > issue is dropped. > > James > > At 03:03 PM 4/1/2008, Roger Marshall wrote: > >The following summarizes the third of the three original subj: > >questions, Q1,Q2,Q3: > > > >Q3. > > > >...about draft-ietf-geopriv-lbyr-requirements-01 > >Sent: Friday, February 15, 2008 4:24 PM, From: James M. Polk > > > > > > > > I may have missed the text, but I don't see it in a > requirement -- > > > but at the last meeting, I was told by James W and Hannes > that each > > > LbyR URI MUST be unique. I don't read that anywhere in this ID. > > > > > > I read that "...it MUST be hard to guess..." > > > > > > why can't all 200 participants in the room draw from a > smaller pool > > > of numbers that a cryptographically random value? It > would still be > > > "hard to guess" who has which identifier... > > > >Not much discussion here, but there seemed to be two > differing views on > >this: > > > >[a.] One view (Hannes) is that we need to add a new requirement... > > > > > [...from...] Tschofenig, Hannes > > > Sent: Sunday, February 17, 2008 3:48 AM > > > Subject: Re: [Geopriv] Q3 about > >draft-ietf-geopriv-lbyr-requirements-01 > > > > > > Uniqueness is very important. The draft should really have such a > > > requirement. Saying that a part of the identifier is > random is not > > > enough. > > > > > > We need to add a requirement. > > > >[b.] the other view, (James P. responding to Richard's clarification > >q's), seems to take some exception with the idea of a new req. > > > >[...from...] James M. Polk > >Sent: Sunday, February 17, 2008 7:05 PM To: Richard Barnes; > Tschofenig, > >Hannes > >Subject: Re: [Geopriv] Q3 about > draft-ietf-geopriv-lbyr-requirements-01 > > > > > > At 08:27 PM 2/17/2008, Richard Barnes wrote: > > > >Could you two clarify what you mean by "unique"? > > > > > > well, this is part of what I was getting at. For example, > within RFC > > > 3261, the Call-ID value "MUST be unique through space and > time" -- > > > meaning the alphanumeric value is never repeatable by any > UA ever, > > > not just within the same UA. > > > > > > This is reeeeally unique. > > > > > > I think this is more than we need here. > > > > > > >That is, within what scope should the URI be unique? > > > > > > I think a URI has to be unique within a LIS for all clients that > > > have asked for one. I'm not sure we need to be any more > unique than > > > that. > > > > > > >Do you mean to prevent the LS from issuing multiple URIs > > > that refer to > > > >the same location? > > > > > > I actually don't see a problem in this... but I could be > wrong (and > > > want to know why I'm wrong BTW) > > > > > > >Or are you trying to rule out a case where an LS just hands > > > out one URI > > > >(or a few URIs), then hands out different LOs depending > on who asks > > > >(i.e., the LS uses one URI to refer to multiple LOs)? > > > > > > No, from my pov, unique means that a LIS has one unique > URI for each > > > client that has asked for one. > > > > > > I do not believe this URI has to be unique from what's given out > > > tomorrow, as long as no two clients have the same URI. > > > This is one of the uses of the valid-for parameter (that both the > > > DHCP Option ID and HELD ID have). My client shouldn't > necessarily > > > always be given the same URI, since there is no real guarantee it > > > won't be compromised, someone will always have knowledge > of my URI > > > once they learn it once. > > > > > > Having my URI change periodically has a benefit, as long as it > > > doesn't change sooner than the active timer of the 'valid-for' > > > parameter is set (unless there's been a new request and a > particular > > > client's URI has been overwritten. > > > >SUMMARY: > >I don't have any further record of any progression on the > topic, which > >kept me from adding said requirement in -02. What should the > >resolution now be? > > > >Thanks. > > > >-roger marshall. > > > > > -----Original Message----- > > > From: geopriv-bounces@ietf.org > > > [mailto:geopriv-bounces@ietf.org] On Behalf Of James M. Polk > > > Sent: Monday, March 31, 2008 1:19 PM > > > To: Hannes Tschofenig > > > Cc: GEOPRIV > > > Subject: Re: [Geopriv] draft-ietf-geopriv-lbyr-requirements-02 ??? > > > > > > At 07:53 AM 3/30/2008, Hannes Tschofenig wrote: > > > >It seems that you are saying that Roger has to keep things going. > > > > > > All I'm saying is that there was never a post > articulating what the > > > consensus reached answers were to each of the 3 questions > I asked on > > > the list. I don't believe that is asking a lot. Do you > think this > > > is asking too much? > > > > > > Each of the 3 questions had ~ 5 to 75 responses, so there > were a lot > > > of folks interested in the questions, and obviously the first > > > response didn't answer any of the 3 Qs right away. > > > > > > > > > >Roger, could you post a description of the outstanding > issues with > > > >a suggestions on how to address them? > > > > > > > >Ciao > > > >Hannes > > > > > > > >James M. Polk wrote: > > > > > At 12:40 PM 3/29/2008, Hannes Tschofenig wrote: > > > > >> Given the status of HELD this document should have been > > > finished a > > > > >> while ago. > > > > >> I am not even sure whether I have seen a WGLC for it. > > > > >> > > > > >> What are the next steps for it? > > > > >> Why isn't it done already? > > > > > > > > > > weeeeelllll.... > > > > > > > > > > There were 3 fairly substantiative questions posted > > > against -01 of > > > > > the ID just before the -0X deadline, and there needs to > > > be time for > > > > > proper review of -02 to see if this version answers at > > > least these 3 questions. > > > > > > > > > > I think 1 has been answered > > > > > > > > > > I think another has not reached consensus > > > > > > > > > > and the last wasn't answered at all > > > > > > > > > > but this is memory (which may or may not be reliable) > > > > > > > > > > > > > > >> _______________________________________________ > > > > >> Geopriv mailing list > > > > >> Geopriv@ietf.org > > > > >> https://www.ietf.org/mailman/listinfo/geopriv > > > > > > > >_______________________________________________ > > > >Geopriv mailing list > > > >Geopriv@ietf.org > > > >https://www.ietf.org/mailman/listinfo/geopriv > > > > > > _______________________________________________ > > > Geopriv mailing list > > > Geopriv@ietf.org > > > https://www.ietf.org/mailman/listinfo/geopriv > > > > > > > > >CONFIDENTIALITY NOTICE: The information contained in this > message may > >be privileged and/or confidential. If you are not the intended > >recipient, or responsible for delivering this message to the > intended > >recipient, any review, forwarding, dissemination, distribution or > >copying of this communication or any attachment(s) is strictly > >prohibited. If you have received this message in error, > please notify > >the sender immediately, and delete it and all attachments from your > >computer and network. > > > >_______________________________________________ > >Geopriv mailing list > >Geopriv@ietf.org > >https://www.ietf.org/mailman/listinfo/geopriv > > _______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www.ietf.org/mailman/listinfo/geopriv
- [Geopriv] draft-ietf-geopriv-lbyr-requirements-02… Hannes Tschofenig
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Hannes Tschofenig
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Winterbottom, James
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Thomson, Martin
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Winterbottom, James
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall
- [Geopriv] draft-ietf-geopriv-lbyr-requirements-02… Thomson, Martin
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Thomson, Martin
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Thomson, Martin
- Re: [Geopriv] draft-ietf-geopriv-lbyr-requirement… Roger Marshall