Re: [Geopriv] Review of draft-ietf-geopriv-http-location-delivery-05.txt
"Mary Barnes" <mary.barnes@nortel.com> Tue, 01 April 2008 15:00 UTC
Return-Path: <geopriv-bounces@ietf.org>
X-Original-To: geopriv-archive@megatron.ietf.org
Delivered-To: ietfarch-geopriv-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D6DF828C4FB; Tue, 1 Apr 2008 08:00:53 -0700 (PDT)
X-Original-To: geopriv@core3.amsl.com
Delivered-To: geopriv@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0929128C4D1 for <geopriv@core3.amsl.com>; Tue, 1 Apr 2008 08:00:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.316
X-Spam-Level:
X-Spam-Status: No, score=-4.316 tagged_above=-999 required=5 tests=[AWL=2.282, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, WEIRD_PORT=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wWmIv99fJvIJ for <geopriv@core3.amsl.com>; Tue, 1 Apr 2008 08:00:47 -0700 (PDT)
Received: from zcars04f.nortel.com (zcars04f.nortel.com [47.129.242.57]) by core3.amsl.com (Postfix) with ESMTP id 08BD828C4F9 for <geopriv@ietf.org>; Tue, 1 Apr 2008 07:55:59 -0700 (PDT)
Received: from zrc2hxm1.corp.nortel.com (zrc2hxm1.corp.nortel.com [47.103.123.72]) by zcars04f.nortel.com (Switch-2.2.6/Switch-2.2.0) with ESMTP id m31Ettc10126; Tue, 1 Apr 2008 14:55:55 GMT
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Tue, 01 Apr 2008 09:52:47 -0500
Message-ID: <F66D7286825402429571678A16C2F5EE02AE762E@zrc2hxm1.corp.nortel.com>
In-Reply-To: <47EE66F9.7060602@gmx.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Geopriv] Review of draft-ietf-geopriv-http-location-delivery-05.txt
Thread-Index: AciRtar+5YSO8sAsTFekPYc9hfl4LgBmBBZg
References: <47EE66F9.7060602@gmx.net>
From: Mary Barnes <mary.barnes@nortel.com>
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
Cc: geopriv@ietf.org
Subject: Re: [Geopriv] Review of draft-ietf-geopriv-http-location-delivery-05.txt
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: geopriv-bounces@ietf.org
Errors-To: geopriv-bounces@ietf.org
Hi Hannes, Thanks for the review. Responses are embedded below [MB]. Mary. -----Original Message----- From: geopriv-bounces@ietf.org [mailto:geopriv-bounces@ietf.org] On Behalf Of Hannes Tschofenig Sent: Saturday, March 29, 2008 10:58 AM To: GEOPRIV Subject: [Geopriv] Review of draft-ietf-geopriv-http-location-delivery-05.txt I have reviewed previous versions of the draft already. The document looks good. I only have a few minor questions. ** Figure +---------------------------------------------+ | Access Network Provider | | | | +--------------------------------------+ | | | Location Information Server | | | | | | | | | | | | | | | | | | | +------|---------------------'---------+ | +----------|---------------------'------------+ | ' | ' HELD APP | ' Rule Maker - _ +-----------+ +-----------+ o - - | Device | | Location | <U\ | | - - - - | Recipient | / \ _ - - | | APP | | Target - - +-----------+ +-----------+ Figure 1: Significant Roles I would label the protocol exchange between the LR and the LIS differently. SIP Location Conveyance, as mentioned for the APP between the Device and the LR, cannot be used between the LR and the LIS. [MB] Good point. But, how should we label that interface (note that it was unlabeled in the individual draft)? If we go back to RFC 3693, the interface between the LS and the LR is identified as a "notification interface". I'd prefer to just remove that interface since it's really outside the scope of HELD and just add a note that only the interfaces relevant to the Device, related to its use of the HELD protocol, are shown. [/MB] ** VPN Usage Some time ago I got the impression that we would put a more detailed description of VPN handling in another document. The text is fine but one could obviously describe details here and there. [MB] I don't recall that we were going to add text elsewhere. The text that's in there was what was discussed and agreed on the mailing list and I don't recall that there was to be another document for VPN. I thought that the idea was to add relevant text to this document rather than putting something in another document. [/MB] ** HELD URI Section 8 says: " query: As defined in RFC3986 [22]. This allows for additional information associated with the URIs such as a unique anonymous identifier for the Device associated with the target location. " I do not understand where this parameter comes from and why we need it. Sorry if I missed some discussions. [MB] Per RFC3986, The query component contains non-hierarchical data that, along with data in the path component (Section 3.3), serves to identify a resource within the scope of the URI's scheme and naming authority (if any). The query component is indicated by the first question mark ("?") character and terminated by a number sign ("#") character or by the end of the URI. So, the intent was that field could be used for that random component you mention below. Something that's meaningless to anyone but the LIS that creates it. [/MB] " The following are examples of held: URIs: held://ls.example.com:49152/thisLocation?token=xyz987 held://ls.example.com/THISLOCATION held://ls.example.com/THISlocation held://ls.example.com/civic " These aren't good examples given that we state in another place that the URIs should contain a random component. Hence, in the typical case they will be random. I don't understand the first URI example. [MB] The first one is an error leftover from the original URI definition. "token" should be "query" per comment above. I agree the examples could use improvement, adding the random component, which was the point of the token in the first one (i.e., something only potentially meaningful to the LIS). [/MB] Based on last IETF meeting I understood that we the URI scheme should be helds: rather than held:. [MB] That is correct. This document hasn't been updated since the meeting because the WGLC spanned the meeting and ended on the 22nd of March. I will make that change in the -06. [/MB] *** Security - Return Routability Using IP return routability as an authenticator means that location information is vulnerable to exposure through IP address spoofing attacks. A temporary spoofing of IP address could mean that a device could request a Location URI that would result in another Device's location. [hannes] I would say that you should say "... could request a Location Object or a Location URI ....". [MB] Yep - I'll make that change. [/MB] One or more of the following approaches are RECOMMENDED to limit this exposure: o Location URIs SHOULD have a limited lifetime, as reflected by the value for the expires element in Section 6.5.2. o The network SHOULD have mechanisms that protect against IP address spoofing, such as those defined in [9]. o The LIS and network SHOULD be configured so that the LIS is made aware of Device movement within the network and addressing changes. If the LIS detects a change in the network that results in it no longer being able to determine the location of the Device, then all location URIs for that Device SHOULD be invalidated. [hannes] Is a MUST more appropriate? [MB] This goes back to our discussion at IETF-70 as to whether we can mandate LIS behaviors. We can mandate how the LIS populates the protocol elements (e.g., "MUST include expires attribute" per 6.5.2), but per the discussion, we can't mandate how the LIS determines the value for the attribute. We also cannot mandate how a LIS Is configured, but we can make recommendations, thus the SHOULD. [/MB] Omit the summary for the security considerations section since it is fairly short anyway. [MB] I'm totally neutral - I like the idea of a summary, but it could lend itself to inconsistencies, so I am okay with removing it if others do not object. [/MB] ** Security - TLS Authentication and Identity Check I believe some of the recent LoST discussions apply here as well. [MB] I have not been following the LoST discussions in detail, can you point to the particular thread? And, to which specific sections to your concerns apply? I'll make some assumptions below based on the context.[/MB] There is obviously the case where the client is pre-configured with the IP address or FQDN of the LIS. Then, the cert needs to contain this identifier. [MB] So, are you suggesting that we add text about this point to section 10.1.1? [/MB] A more interesting (and more likely) case is dynamic discovery of a LIS. In this case the client learns the domain name and uses it as input to the U-NAPTR procedure. Then, a URI is determined and the LIS is contacted. Now, what information will be found in the cert? Is it the input or the output of the U-NAPTR mechanism? For this type of deployment scenario I could imagine that one puts the input to the U-NAPTR mechanism into the cert even though I believe it will not improve security given that the mechanism to obtain the domain name is * either DHCP (which is insecure), or * STUN, UPNP, etc. (which is insecure in this setup as well). [MB] I believe your point relates to a point also made by Cullen: http://www.ietf.org/mail-archive/web/geopriv/current/msg05483.html To which I responded: http://www.ietf.org/mail-archive/web/geopriv/current/msg05487.html And then Richard responded with some new proposed text that I plan to incorporate, which reduces the scope in section 10.1.1: http://www.ietf.org/mail-archive/web/geopriv/current/msg05490.html If this is a different point, what specific text are you concerned about? [/MB] I believe we need to discuss this issue. Ciao Hannes _______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www.ietf.org/mailman/listinfo/geopriv _______________________________________________ Geopriv mailing list Geopriv@ietf.org https://www.ietf.org/mailman/listinfo/geopriv
- [Geopriv] Review of draft-ietf-geopriv-http-locat… Hannes Tschofenig
- Re: [Geopriv] Review of draft-ietf-geopriv-http-l… Mary Barnes
- Re: [Geopriv] Review ofdraft-ietf-geopriv-http-lo… Thomson, Martin
- Re: [Geopriv] Review ofdraft-ietf-geopriv-http-lo… Mary Barnes