Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Tue, 17 August 2010 07:46 UTC
Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B482B3A68C6 for <geopriv@core3.amsl.com>; Tue, 17 Aug 2010 00:46:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.477
X-Spam-Level:
X-Spam-Status: No, score=-102.477 tagged_above=-999 required=5 tests=[AWL=0.122, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BEtzzkyIpYCa for <geopriv@core3.amsl.com>; Tue, 17 Aug 2010 00:46:35 -0700 (PDT)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by core3.amsl.com (Postfix) with ESMTP id A8A353A67A5 for <geopriv@ietf.org>; Tue, 17 Aug 2010 00:46:34 -0700 (PDT)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id o7H7kPCf025232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 17 Aug 2010 09:46:25 +0200
Received: from demuexc023.nsn-intra.net (demuexc023.nsn-intra.net [10.150.128.36]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id o7H7kLtv022431; Tue, 17 Aug 2010 09:46:25 +0200
Received: from FIESEXC015.nsn-intra.net ([10.159.0.23]) by demuexc023.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Tue, 17 Aug 2010 09:46:13 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Tue, 17 Aug 2010 10:46:11 +0300
Message-ID: <3D3C75174CB95F42AD6BCC56E5555B4502E9CADC@FIESEXC015.nsn-intra.net>
In-Reply-To: <201008162037.o7GKbq6X023539@sj-core-2.cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Geopriv] draft-ietf-geopriv-rfc3825bis
Thread-Index: Acs9guslObPxSQUpQVSp0ZBCtWuROAAXKbpw
References: <3D3C75174CB95F42AD6BCC56E5555B4502E238B8@FIESEXC015.nsn-intra.net> <C886C565.2799E%mlinsner@cisco.com> <3D3C75174CB95F42AD6BCC56E5555B4502E5CD08@FIESEXC015.nsn-intra.net> <201008162037.o7GKbq6X023539@sj-core-2.cisco.com>
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: "ext James M. Polk" <jmpolk@cisco.com>, ext Marc Linsner <mlinsner@cisco.com>, geopriv@ietf.org
X-OriginalArrivalTime: 17 Aug 2010 07:46:13.0320 (UTC) FILETIME=[4402E480:01CB3DE0]
Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Aug 2010 07:46:36 -0000
> At 08:09 AM 8/10/2010, Tschofenig, Hannes (NSN - FI/Espoo) wrote: > >Think about a regular hotel network. > > many/most wired hotel networks are DSL-like based, so this doesn't > apply as directly as it may seem. Whether the hotel network provider uses DSL or Cable does not matter for this purpose. > > What you are suggesting (that the server MUST NOT hand out location > in shared mediums) is requiring a DHCP server to have physical > topological awareness before implementing option 123. The same DHCP > server can be unaware of ever network topology between it and the > client - therefore I believe you are placing an excessive burden or > limitation on DHCP as an LCI delivery means. The GEOPRIV working group is about describing what privacy properties are being provided for the solutions we develop. You have always been quite keen on documenting everything in detail -- particularly when other people proposed something. Describing what we assume are reasonable operational considerations that are applicable is a good thing, I believe. We cannot have all these chats about how important privacy is for us but then when it actually has an operational impact then we back-off. In this specific case, I am not sure I understand what you mean with additional requirements. A DHCP server better has an idea about the network topology since otherwise how does it hand out the IP addresses and other configuration parameters. > > I'm concerned about the SMB or residential gateway impact of adding > this context - which can easily lead to some vendor(s) reading what > you are proposing and consider DHCP not appropriate for homes or > small businesses inadvertently, where it otherwise would be logical > to use. Many gateways of this sort have DHCP as a client to the WAN, > and as a server to the LAN. > > We need to be careful with how we word any changes. There are two parts here: 1) The first part is to describe what the privacy risks are with the technology 2) The second part is to make some recommendations for anticipated envionments. With SMBs and the usage of this document you are touch on item #2. Your recommendation would be that the privacy risks are not so dramatic in such an environment and I believe it is OK to say that. You still want to talk about item #1 in the document. Ciao Hannes > > James > > > > > -----Original Message----- > > > From: ext Marc Linsner [mailto:mlinsner@cisco.com] > > > Sent: Tuesday, August 10, 2010 3:59 PM > > > To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org > > > Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis > > > > > > Hannes, > > > > > > What specific network type(s) are you worried about? > > > > > > -Marc- > > > > > > > > > On 8/10/10 8:25 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" > > > <hannes.tschofenig@nsn.com> wrote: > > > > > > > But the conclusion is missing: if you are on a shared link > > > then you must > > > > not share location at the level of the individual > hosts. I fear that > > > > those who implement and deploy would not get the point and would > > > > nevertheless reveal information and put the user at risk. > > > > > > > >> -----Original Message----- > > > >> From: ext Marc Linsner [mailto:mlinsner@cisco.com] > > > >> Sent: Tuesday, August 10, 2010 3:23 PM > > > >> To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org > > > >> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis > > > >> > > > >> Hannes, > > > >> > > > >> > > > >> On 8/10/10 3:33 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" > > > >> <hannes.tschofenig@nsn.com> wrote: > > > >> > > > >>> Hi all, > > > >>> > > > >>> during the GEOPRIV meeting I mentioned missing text in > > > >>> draft-ietf-geopriv-rfc3825bis regarding security. > > > >>> > > > >>> DHCP does not provide confidentiality protection as a > > > >> built-in feature. > > > >>> As Marc mentioned in response to issue#23 (see > > > >>> http://trac.tools.ietf.org/wg/geopriv/trac/ticket/23) every > > > >> target would > > > >>> be given the exact same location information on a > shared medium. > > > >>> > > > >>> Unfortunately, the security consideration section does not > > > >> mention this > > > >>> aspect with a single word. > > > >> > > > >> Not true, currently in the security consideration section of > > > >> the draft: > > > >> > > > >> " Since there is no privacy protection for DHCP messages, an > > > >> eavesdropper who can monitor the link between the DHCP > > > server and > > > >> requesting client can discover this LCI." > > > >> > > > >> I don't believe more text is needed. > > > >> > > > >> -Marc- > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> Hence, I suggest to add: > > > >>> > > > >>> " > > > >>> Since there is no confidentiality protection for DHCP > > > >> messages, an > > > >>> eavesdropper who can monitor the link between the DHCP > > > server and > > > >>> requesting client can discover this LCI. In cases > > > where multiple > > > >>> hosts share the same link and can therefore see each > > > others DHCP > > > >>> messages the DHCP MUST NOT hand out location for > > > individual hosts > > > >>> but MUST rather provide location of the DHCP relay, > > > DHCP server, > > > >>> or a similar device instead. This ensures that > none of the end > > > >>> devices are able to learn exact information of the > other hosts > > > >>> on the same network. > > > >>> " > > > >>> > > > >>> Ciao > > > >>> Hannes > > > >>> > > > >>> _______________________________________________ > > > >>> Geopriv mailing list > > > >>> Geopriv@ietf.org > > > >>> https://www.ietf.org/mailman/listinfo/geopriv > > > >> > > > >> > > > >> > > > > > > > > > > >_______________________________________________ > >Geopriv mailing list > >Geopriv@ietf.org > >https://www.ietf.org/mailman/listinfo/geopriv > >
- [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Marc Linsner
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Ivan Shmakov
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Marc Linsner
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Brian Rosen
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Marc Linsner
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Hannes Tschofenig
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Henning Schulzrinne
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Marc Linsner
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Hannes Tschofenig
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Hannes Tschofenig
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Marc Linsner
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Carl Reed
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Bernard Aboba
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Thomson, Martin
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Bernard Aboba
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Thomson, Martin
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis James M. Polk
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Geopriv] draft-ietf-geopriv-rfc3825bis Marc Linsner