RE: [Geopriv] HELD bindings and relevance to identity extensions
"Dawson, Martin" <Martin.Dawson@andrew.com> Thu, 22 November 2007 04:17 UTC
Return-path: <geopriv-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iv3Uw-0004LW-5g; Wed, 21 Nov 2007 23:17:06 -0500
Received: from geopriv by megatron.ietf.org with local (Exim 4.43) id 1Iv3Ut-0004LF-Gw for geopriv-confirm+ok@megatron.ietf.org; Wed, 21 Nov 2007 23:17:03 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iv3Ut-0004K3-5F for geopriv@ietf.org; Wed, 21 Nov 2007 23:17:03 -0500
Received: from smtp3.andrew.com ([198.135.207.235] helo=andrew.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Iv3Ub-0006rW-Ty for geopriv@ietf.org; Wed, 21 Nov 2007 23:17:03 -0500
X-SEF-Processed: 5_0_0_910__2007_11_21_22_27_29
X-SEF-16EBA1E9-99E8-4E1D-A1CA-4971F5510AF: 1
Received: from aopexbh2.andrew.com [10.86.20.25] by smtp3.andrew.com - SurfControl E-mail Filter (5.2.1); Wed, 21 Nov 2007 22:27:28 -0600
Received: from AOPEX4.andrew.com ([10.86.20.22]) by aopexbh2.andrew.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Nov 2007 22:16:45 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [Geopriv] HELD bindings and relevance to identity extensions
Date: Wed, 21 Nov 2007 22:16:41 -0600
Message-ID: <EB921991A86A974C80EAFA46AD428E1E0354D98F@aopex4.andrew.com>
In-Reply-To: <00a401c82c8d$e71282a0$2f0d0d0a@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Geopriv] HELD bindings and relevance to identity extensions
Thread-Index: AcgrsVlMpPdFoz8GQYW928WCPUjhDQAsPgkvAAEyHeAABWYFIAADUsdwAAZ8pZA=
References: <E51D5B15BFDEFD448F90BDD17D41CFF1039E56D8@AHQEX1.andrew.com> <00a401c82c8d$e71282a0$2f0d0d0a@cisco.com>
From: "Dawson, Martin" <Martin.Dawson@andrew.com>
To: geopriv@ietf.org, Marc Linsner <mlinsner@cisco.com>
X-OriginalArrivalTime: 22 Nov 2007 04:16:45.0023 (UTC) FILETIME=[7E0CB6F0:01C82CBE]
X-Spam-Score: 1.8 (+)
X-Scan-Signature: b4c10eaa27436d806c79842272125a2a
Cc:
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1292673528=="
Errors-To: geopriv-bounces@ietf.org
With respect to the following point: [JW] Suppose HELD is bound to a transport other than HTTP, such as in http://tools.ietf.org/html/draft-thomson-geopriv-held-beep-01, how are the parameters simply added to the URI? Does it even make sense to do so? [ML] Hmm....HELD = HTTP enabled location discovery is bound to a transport other than HTTP? [ML] I realize Barbara's concern and offered an alternative, asking why it doesn't solve her use case. To state there are 'several' more adds nothing to this thread. Very early in the piece, when the first HELD draft was submitted, we were encouraged to specify alternative bindings for the protocol. It's been observed a few times that the protocol name contains an epithet that isn't strictly applicable any longer - but there was a body of opinion that said keep the name for continuity and that's what has happened. Nevertheless the wisdom of proposing other bindings has certainly become evident to the authors since then. In your basic device-LIS interaction, HTTP is good - it's easy to implement and plays nicely in the considerable majority of networks. Similarly, using it for dereferencing is good for the same reasons - reaching a LIS behind an operator firewall is easy on the network operator's IS policies if it comes in on HTTP. However, when it comes to LIS-LIS traffic between elements within an operator environment or, in particular, between operator environments HTTP has certain performance characteristics that militate against its use for such a high volume "trunk" link. Actually we find this is the case with the OMA MLP protocol specification as well. MLP is based on HTTP - for the same sorts of reasons described above. In a model where there are many arbitrary location application clients using the gateway location server, HTTP makes sense. However, it turns out in practice that a standard implementation is for an operator to have an application middleware platform (which binds network functions such as location, SMS, voice-response, etc.) together as application building blocks. Applications are then hosted on this middleware and all the location gateway sees is the middleware host as a single client which is trunking many, and frequent, requests toward it on a single HTTP session. Each of these requests has different response time requirements but the nature of HTTP is such that the response to a request cannot be provided until the responses to previous requests have been sent. This leads to an unfortunate sub-optimal latency effect because responses cannot be arbitrarily interleaved with requests. The OMA solution to this is to define an asynchronous response model using HTTP. Requests come in from the client and are acknowledged immediately. When the response is cooked, the gateway becomes the HTTP client and pushes the result back to the application. Correlation is done using a transaction ID. This is quite unattractive from an implementation perspective and highlights the fact that certain implementation models benefit from alternative transport protocols being available. In the case of HELD, such "trunking" scenarios are better served by using BEEP as the transport/session protocol than using HTTP. So - after all those words - that is why relying on an informal convention for URI encoding is not satisfactory - it assumes a particular binding. Having the application protocol support the semantics explicitly is more robust. And, as a final question, why doesn't the use of such a convention for URI construction invite the same sort of security issues that are being ascribed to the identity extension? Cheers, Martin ________________________________ From: Marc Linsner [mailto:mlinsner@cisco.com] Sent: Thursday, 22 November 2007 9:29 AM To: Winterbottom, James; geopriv@ietf.org Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James, In-line.... ________________________________ From: Winterbottom, James [mailto:James.Winterbottom@andrew.com] Sent: Wednesday, November 21, 2007 3:42 PM To: Marc Linsner; Stark, Barbara; rjsparks@nostrum.com; geopriv@ietf.org Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Marc, Suppose the identifier is a MAC address, since this has no formal URI representation then what? macaddressofmarclinsnersworkstation-00-01-6C-CB-DF-01@accessprovider.net <mailto:macaddressofmarclinsnersworkstation-00-01-6C-CB-DF-01@accessprov ider.net> IMO, formalization of such is not required as entities passing such information have established relationships and can negotiate syntax via that relationship. If in fact it's standardized, it creates an attack vector. Suppose HELD is bound to a transport other than HTTP, such as in http://tools.ietf.org/html/draft-thomson-geopriv-held-beep-01, how are the parameters simply added to the URI? Does it even make sense to do so? Hmm....HELD = HTTP enabled location discovery is bound to a transport other than HTTP? http://www.ietf.org/internet-drafts/draft-ietf-geopriv-l7-lcp-ps-06.txt indicates that identifiers other than IP address will be required in some scenarios. LCP = location configuration protocol. Configuration of a host, not SP OSS boxes. Where draft-ietf-geopriv-http-location-delivery-03.txt does not work is spelled out in that draft. The draft works in ALL scenarios except tunnels. I'll accept that the security/privacy required by 3693/4 is met as is, but not with extensions. http://www.ietf.org/internet-drafts/draft-ietf-ecrit-phonebcp-03.txt identifies the need, in some situations, for an outbound proxy to insert location on-behalf-of the calling device. In this situation using HELD requires a formal way to express how the Device is being identified, and what the identifier represents. Not all requirements have technical solutions. The phonebcp is attempting to state that it's possible for a proxy to insert location, it doesn't provide or require the 'how'. Please read the draft http://tools.ietf.org/html/draft-winterbottom-geopriv-held-identity-exte nsions-04 before jumping on to the attack. Yes, this drafts opens up several ways for someone other than a target to gain knowledge of some other target's location. There are several architectures and deployments well underway that require this work. The ABNF definitions in the extensions draft have applicability beyond just HELD. I realize Barbara's concern and offered an alternative, asking why it doesn't solve her use case. To state there are 'several' more adds nothing to this thread. I don't see a need to delay this work further. That's a surprise. -Marc- Cheers James ________________________________ From: Marc Linsner [mailto:mlinsner@cisco.com] Sent: Thursday, 22 November 2007 4:54 AM To: 'Stark, Barbara'; rjsparks@nostrum.com; geopriv@ietf.org Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Barbara, Remind me again why this can't be accomplished by putting the identifier in the uri? ex: identifier@accessprovider.net Thanks, -Marc- ________________________________ From: Stark, Barbara [mailto:bs7652@att.com] Sent: Wednesday, November 21, 2007 12:17 PM To: rjsparks@nostrum.com; geopriv@ietf.org Subject: Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Robert, I think the HELD identity extensions is important. It's needed for LIS to LIS communication, which is critical where the entity who assigns the public IP address is not the same as the access provider. Barbara ----- Original Message ----- From: Robert Sparks <rjsparks@nostrum.com> To: GEOPRIV <geopriv@ietf.org> Sent: Tue Nov 20 15:09:03 2007 Subject: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Folks - We have 2.5 hrs in Vancouver (Friday morning). Based on our chartered work, list discussions, and agenda requests, here's the agenda I'm planning to follow: 15m Administrivia Chairs 30m http-location-delivery Mary (<- Lets finish this one!) 20m Finishing geopriv-policy Hannes/Cullen 30m LIS Discovery James W 10m l7lcp-ps Hannes 20m pidf-lo-dynamic Henning 15m dhcp-lbyr-uri-option James P 10m civicaddresses-austria Karl 20m Uncertainty and Confidence James W 10m HELD Dereference James W As usual, we have many other requests to talk about other things - please take those to the list for now. This is a draft agenda and we can change it. Let me know if you think I've missed something important. RjS _______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www1.ietf.org/mailman/listinfo/geopriv ***** The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. GA623 ------------------------------------------------------------------------ ------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------ ------------------------ [mf2] ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2]
_______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www1.ietf.org/mailman/listinfo/geopriv
- Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Stark, Barbara
- [Geopriv] draft agenda: GEOPRIV @ IETF 70 Robert Sparks
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Marc Linsner
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Winterbottom, James
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 g.caron
- Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Hannes Tschofenig
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James M. Polk
- Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James M. Polk
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Winterbottom, James
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James M. Polk
- Please us an appropriate subject line : Re: [Geop… Robert Sparks
- [Geopriv] In response to.. Winterbottom, James
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Marc Linsner
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Marc Linsner
- Re: [Geopriv] In response to.. Hannes Tschofenig
- RE: [Geopriv] In response to.. Winterbottom, James
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Winterbottom, James
- Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Hannes Tschofenig
- Re: [Geopriv] In response to.. James M. Polk
- Re: [Geopriv] In response to.. James M. Polk
- Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James M. Polk
- RE: [Geopriv] HELD identity extension - standardi… Dawson, Martin
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Winterbottom, James
- RE: [Geopriv] HELD bindings and relevance to iden… Dawson, Martin
- [Geopriv] Message Flow Hannes Tschofenig
- Re: [Geopriv] Message Flow Salvatore Loreto
- [Geopriv] Message Flow, again Hannes Tschofenig
- RE: [Geopriv] Message Flow, again Winterbottom, James
- RE: [Geopriv] Message Flow Brian Rosen
- RE: [Geopriv] Message Flow, again Brian Rosen
- RE: [Geopriv] Message Flow Dawson, Martin
- RE: [Geopriv] Message Flow, again Winterbottom, James
- Re: [Geopriv] Message Flow Hannes Tschofenig
- Re: [Geopriv] Message Flow, again Hannes Tschofenig
- Re: [Geopriv] Message Flow, again Hannes Tschofenig
- RE: [Geopriv] Message Flow Brian Rosen
- RE: [Geopriv] Message Flow, again Brian Rosen
- RE: [Geopriv] Message Flow Brian Rosen
- RE: [Geopriv] Message Flow, again Brian Rosen
- Re: [Geopriv] Message Flow Hannes Tschofenig
- RE: [Geopriv] Message Flow, again Winterbottom, James
- RE: [Geopriv] Message Flow Brian Rosen
- RE: [Geopriv] Message Flow Winterbottom, James
- Re: [Geopriv] Message Flow Hannes Tschofenig
- RE: [Geopriv] Message Flow Brian Rosen
- RE: [Geopriv] Message Flow Winterbottom, James
- Re: [Geopriv] Message Flow Henning Schulzrinne
- RE: [Geopriv] Message Flow Marc Berryman
- RE: [Geopriv] Message Flow, again Marc Linsner
- RE: [Geopriv] Message Flow Dawson, Martin
- RE: [Geopriv] Message Flow, again Dawson, Martin
- RE: [Geopriv] Message Flow Dawson, Martin
- RE: [Geopriv] Message Flow Marc Berryman
- RE: [Geopriv] Message Flow, again Marc Linsner
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 john.medland
- [Geopriv] HELD IDs in extension vs. URI Stark, Barbara
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James M. Polk
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 James M. Polk
- Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Hannes Tschofenig
- RE: [Geopriv] Message Flow Winterbottom, James
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Winterbottom, James
- [Geopriv] Religious Terminology Discussions Hannes Tschofenig
- RE: [Geopriv] Message Flow, again Thomson, Martin
- RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70 Dawson, Martin
- RE: [Geopriv] Message Flow, again Dawson, Martin
- [Geopriv] SIP Location Conveyance and Content Ind… James M. Polk
- RE: [Geopriv] Message Flow, again Marc Linsner
- RE: [Geopriv] Message Flow, again Dawson, Martin
- [Geopriv] RE: SIP Conveyance vs Retrieval James M. Polk
- [Geopriv] RE: SIP Conveyance vs Retrieval Dawson, Martin
- Re: [Geopriv] Religious Terminology Discussions Carl Reed OGC Account
- OBO (was - RE: [Geopriv] Message Flow, again) Marc Linsner
- Re: OBO (was - RE: [Geopriv] Message Flow, again) Hannes Tschofenig
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Marc Linsner
- Re: OBO (was - RE: [Geopriv] Message Flow, again) Hannes Tschofenig
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Brian Rosen
- Re: OBO (was - RE: [Geopriv] Message Flow, again) Hannes Tschofenig
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Marc Linsner
- Re: OBO (was - RE: [Geopriv] Message Flow, again) Hannes Tschofenig
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Brian Rosen
- Re: OBO (was - RE: [Geopriv] Message Flow, again) Hannes Tschofenig
- [Geopriv] RE: OBO Marc Linsner
- [Geopriv] RE: OBO Brian Rosen
- RE: [Geopriv] RE: OBO Stark, Barbara
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Brian Rosen
- RE: [Geopriv] RE: OBO Marc Linsner
- RE: [Geopriv] Religious Terminology Discussions Roger Marshall
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Dawson, Martin
- Re: [Geopriv] Religious Terminology Discussions Carl Reed OGC Account
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Tatham Oddie
- RE: [Geopriv] RE: OBO Dawson, Martin
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Dawson, Martin
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Brian Rosen
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Dawson, Martin
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Marc Linsner
- RE: [Geopriv] Religious Terminology Discussions Roger Marshall
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Winterbottom, James
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Marc Linsner
- Re: OBO (was - RE: [Geopriv] Message Flow, again) Robert Sparks
- RE: OBO (was - RE: [Geopriv] Message Flow, again) Marc Linsner
- [Geopriv] http-location-delivery Hannes Tschofenig
- RE: [Geopriv] http-location-delivery Winterbottom, James