IETF Logo Mail Archive

Re: [Geopriv] Please note: Re: I-D Action: draft-ietf-geopriv-deref-protocol-06.txt

"Richard L. Barnes" <rbarnes@bbn.com> Fri, 13 July 2012 16:04 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: geopriv@ietfa.amsl.com
Delivered-To: geopriv@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F3921F872A for <geopriv@ietfa.amsl.com>; Fri, 13 Jul 2012 09:04:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.567
X-Spam-Level:
X-Spam-Status: No, score=-106.567 tagged_above=-999 required=5 tests=[AWL=0.032, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b-xzrCFnNbjl for <geopriv@ietfa.amsl.com>; Fri, 13 Jul 2012 09:04:46 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id 06BCE21F8722 for <geopriv@ietf.org>; Fri, 13 Jul 2012 09:04:46 -0700 (PDT)
Received: from [128.89.253.210] (port=59131) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1SpiMb-000DE6-A7; Fri, 13 Jul 2012 12:05:05 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="iso-8859-1"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <50003106.2080800@nostrum.com>
Date: Fri, 13 Jul 2012 12:05:04 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D77B2668-C930-4D56-B857-805729C13A23@bbn.com>
References: <20120711231357.12731.12817.idtracker@ietfa.amsl.com> <4FFF145D.9050409@nostrum.com> <6277DD8F-3932-45B8-A68A-04820E0EAA55@bbn.com> <50003106.2080800@nostrum.com>
To: Robert Sparks <rjsparks@nostrum.com>
X-Mailer: Apple Mail (2.1278)
Cc: geopriv@ietf.org, draft-ietf-geopriv-deref-protocol@tools.ietf.org, sec-ads@tools.ietf.org
Subject: Re: [Geopriv] Please note: Re: I-D Action: draft-ietf-geopriv-deref-protocol-06.txt
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 16:04:50 -0000

I don't think we want to preclude HTTP entirely.  For example, a LIS might want to use HTTP to redirect clients to HTTPS if they decide to try going non-secure.  But obviously, it shouldn't send location in HTTPS unless alternative protections are in place.

NEW:
"
The scheme of a location URI determines whether or not TLS is used on a given dereference transaction.  Location Servers MUST be configured to issue only HTTPS URIs and respond to only to HTTPS dereference request, unless confidentiality and integrity protection are provided by some other mechanism.  For example, the server might only accept requests from clients within a trusted network, or via an IPsec-protected channel.  Location Servers MAY respond to dereference requests over HTTP, but MUST NOT provide location information over HTTP unless alternative protections are in place.  HTTP should only be used for ancillary functions, such as redirecting clients toward HTTPS URIs.  Dereference clients MUST support dereference of HTTPS URIs and SHOULD support dereference of HTTP URIs.
"




On Jul 13, 2012, at 10:30 AM, Robert Sparks wrote:

> Hi Richard.
> 
> Where you say "be configure to" and "respond to", do you mean "be configured to only" and "respond only to"?
> 
> RjS
> 
> On 7/12/12 2:35 PM, Richard L. Barnes wrote:
>> <hat type="individual"/>
>> 
>> I would prefer that this text make a little clearer which entities in the protocol are required to do something and when.
>> 
>> OLD:
>> "
>> TLS SHOULD be used.
>> "
>> 
>> NEW:
>> "
>> The scheme of a location URI determines whether or not TLS is used on a given dereference transaction.  Location Servers MUST be configured to issue HTTPS URIs and respond to HTTPS dereference request, unless confidentiality and integrity protection are provided by some other mechanism.  For example, the server might only accept requests from clients within a trusted network, or via an IPsec-protected channel.  Dereference clients MUST support dereference of HTTPS URIs and SHOULD support dereference of HTTP URIs.
>> "
>> 
>> 
>> 
>> 
>> 
>> On Jul 12, 2012, at 2:15 PM, Robert Sparks wrote:
>> 
>>> This revision addressed all the points from IESG review.
>>> 
>>> Notably, it contained a clarification to when TLS is required:
>>> 
>>> OLD:
>>>   TLS SHOULD be used.
>>> 
>>> NEW:
>>>    TLS MUST be used unless confidentiality and integrity are provided by
>>>    some other mechanism, such as IPsec or a fully trusted network.
>>>    Without a reliable assertion that a mechanism is in place, such as
>>>    through configuration or user override, then TLS MUST be used.
>>> 
>>> If you have a concern with this change, please let me know ASAP.
>>> If I haven't heard anything I'll approve the document towards the end of next week.
>>> 
>>> RjS
>>>  On 7/11/12 6:13 PM, internet-drafts@ietf.org wrote:
>>>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>>>  This draft is a work item of the Geographic Location/Privacy Working Group of the IETF.
>>>> 
>>>> 	Title           : A Location Dereferencing Protocol Using HELD
>>>> 	Author(s)       : James Winterbottom
>>>>                           Hannes Tschofenig
>>>>                           Henning Schulzrinne
>>>>                           Martin Thomson
>>>> 	Filename        : draft-ietf-geopriv-deref-protocol-06.txt
>>>> 	Pages           : 23
>>>> 	Date            : 2012-07-11
>>>> 
>>>> Abstract:
>>>>    This document describes how to use the Hypertext Transfer Protocol
>>>>    (HTTP) over Transport Layer Security (TLS) as a dereferencing
>>>>    protocol to resolve a reference to a Presence Information Data Format
>>>>    Location Object (PIDF-LO).  The document assumes that a Location
>>>>    Recipient possesses a URI that can be used in conjunction with the
>>>>    HTTP-Enabled Location Delivery (HELD) protocol to request the
>>>>    location of the Target.
>>>> 
>>>> 
>>>> The IETF datatracker status page for this draft is:
>>>> 
>>>> https://datatracker.ietf.org/doc/draft-ietf-geopriv-deref-protocol
>>>> 
>>>> 
>>>> There's also a htmlized version available at:
>>>> 
>>>> http://tools.ietf.org/html/draft-ietf-geopriv-deref-protocol-06
>>>> 
>>>> 
>>>> A diff from previous version is available at:
>>>> 
>>>> http://tools.ietf.org/rfcdiff?url2=draft-ietf-geopriv-deref-protocol-06
>>>> 
>>>> 
>>>> 
>>>> Internet-Drafts are also available by anonymous FTP at:
>>>> 
>>>> ftp://ftp.ietf.org/internet-drafts/
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Geopriv mailing list
>>>> 
>>>> Geopriv@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/geopriv
>>> 
>>> _______________________________________________
>>> Geopriv mailing list
>>> Geopriv@ietf.org
>>> https://www.ietf.org/mailman/listinfo/geopriv
> 
>

v2.23.0 | Report a Bug | By Email