IETF Logo Mail Archive

Re: [Geopriv] Please note: Re: I-D Action: draft-ietf-geopriv-deref-protocol-06.txt

Richard L. Barnes <rbarnes@bbn.com> Thu, 12 July 2012 19:35 UTC

Return-Path: <rbarnes@bbn.com>
X-Original-To: geopriv@ietfa.amsl.com
Delivered-To: geopriv@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B072711E80EF for <geopriv@ietfa.amsl.com>; Thu, 12 Jul 2012 12:35:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.589
X-Spam-Level:
X-Spam-Status: No, score=-106.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cT6Bwh6KV8UG for <geopriv@ietfa.amsl.com>; Thu, 12 Jul 2012 12:35:17 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id CB70811E80E9 for <geopriv@ietf.org>; Thu, 12 Jul 2012 12:35:17 -0700 (PDT)
Received: from ros-dhcp192-1-51-20.bbn.com ([192.1.51.20]:50031) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1SpPB0-0006W6-Gy; Thu, 12 Jul 2012 15:35:50 -0400
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="iso-8859-1"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <4FFF145D.9050409@nostrum.com>
Date: Thu, 12 Jul 2012 15:35:50 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <6277DD8F-3932-45B8-A68A-04820E0EAA55@bbn.com>
References: <20120711231357.12731.12817.idtracker@ietfa.amsl.com> <4FFF145D.9050409@nostrum.com>
To: Robert Sparks <rjsparks@nostrum.com>
X-Mailer: Apple Mail (2.1278)
Cc: geopriv@ietf.org, draft-ietf-geopriv-deref-protocol@tools.ietf.org
Subject: Re: [Geopriv] Please note: Re: I-D Action: draft-ietf-geopriv-deref-protocol-06.txt
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/geopriv>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2012 19:35:18 -0000

<hat type="individual"/>

I would prefer that this text make a little clearer which entities in the protocol are required to do something and when.

OLD:
"
TLS SHOULD be used.
"

NEW: 
"
The scheme of a location URI determines whether or not TLS is used on a given dereference transaction.  Location Servers MUST be configured to issue HTTPS URIs and respond to HTTPS dereference request, unless confidentiality and integrity protection are provided by some other mechanism.  For example, the server might only accept requests from clients within a trusted network, or via an IPsec-protected channel.  Dereference clients MUST support dereference of HTTPS URIs and SHOULD support dereference of HTTP URIs.
"





On Jul 12, 2012, at 2:15 PM, Robert Sparks wrote:

> This revision addressed all the points from IESG review.
> 
> Notably, it contained a clarification to when TLS is required:
> 
> OLD:
>   TLS SHOULD be used.
> 
> NEW:
>    TLS MUST be used unless confidentiality and integrity are provided by
>    some other mechanism, such as IPsec or a fully trusted network.
>    Without a reliable assertion that a mechanism is in place, such as
>    through configuration or user override, then TLS MUST be used.
> 
> If you have a concern with this change, please let me know ASAP.
> If I haven't heard anything I'll approve the document towards the end of next week.
> 
> RjS
>  
> On 7/11/12 6:13 PM, internet-drafts@ietf.org wrote:
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>  This draft is a work item of the Geographic Location/Privacy Working Group of the IETF.
>> 
>> 	Title           : A Location Dereferencing Protocol Using HELD
>> 	Author(s)       : James Winterbottom
>>                           Hannes Tschofenig
>>                           Henning Schulzrinne
>>                           Martin Thomson
>> 	Filename        : draft-ietf-geopriv-deref-protocol-06.txt
>> 	Pages           : 23
>> 	Date            : 2012-07-11
>> 
>> Abstract:
>>    This document describes how to use the Hypertext Transfer Protocol
>>    (HTTP) over Transport Layer Security (TLS) as a dereferencing
>>    protocol to resolve a reference to a Presence Information Data Format
>>    Location Object (PIDF-LO).  The document assumes that a Location
>>    Recipient possesses a URI that can be used in conjunction with the
>>    HTTP-Enabled Location Delivery (HELD) protocol to request the
>>    location of the Target.
>> 
>> 
>> The IETF datatracker status page for this draft is:
>> 
>> https://datatracker.ietf.org/doc/draft-ietf-geopriv-deref-protocol
>> 
>> 
>> There's also a htmlized version available at:
>> 
>> http://tools.ietf.org/html/draft-ietf-geopriv-deref-protocol-06
>> 
>> 
>> A diff from previous version is available at:
>> 
>> http://tools.ietf.org/rfcdiff?url2=draft-ietf-geopriv-deref-protocol-06
>> 
>> 
>> 
>> Internet-Drafts are also available by anonymous FTP at:
>> 
>> ftp://ftp.ietf.org/internet-drafts/
>> 
>> 
>> _______________________________________________
>> Geopriv mailing list
>> 
>> Geopriv@ietf.org
>> https://www.ietf.org/mailman/listinfo/geopriv
> 
> 
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv

v2.23.0 | Report a Bug | By Email