IETF Logo Mail Archive

RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70

"Winterbottom, James" <James.Winterbottom@andrew.com> Wed, 21 November 2007 22:42 UTC

Return-path: <geopriv-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuyGh-00066S-Iq; Wed, 21 Nov 2007 17:42:03 -0500
Received: from geopriv by megatron.ietf.org with local (Exim 4.43) id 1IuyGf-00065m-Q3 for geopriv-confirm+ok@megatron.ietf.org; Wed, 21 Nov 2007 17:42:01 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IuyGf-00065d-GH for geopriv@ietf.org; Wed, 21 Nov 2007 17:42:01 -0500
Received: from smtp3.andrew.com ([198.135.207.235] helo=andrew.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IuyGV-0000SO-7W for geopriv@ietf.org; Wed, 21 Nov 2007 17:42:01 -0500
X-SEF-Processed: 5_0_0_910__2007_11_21_16_52_34
X-SEF-16EBA1E9-99E8-4E1D-A1CA-4971F5510AF: 1
Received: from aopexbh2.andrew.com [10.86.20.25] by smtp3.andrew.com - SurfControl E-mail Filter (5.2.1); Wed, 21 Nov 2007 16:52:33 -0600
Received: from AHQEX1.andrew.com ([10.86.20.21]) by aopexbh2.andrew.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Nov 2007 16:41:50 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70
Date: Wed, 21 Nov 2007 16:41:48 -0600
Message-ID: <E51D5B15BFDEFD448F90BDD17D41CFF1039E5739@AHQEX1.andrew.com>
In-Reply-To: <00a401c82c8d$e71282a0$2f0d0d0a@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Geopriv] draft agenda: GEOPRIV @ IETF 70
thread-index: AcgrsVlMpPdFoz8GQYW928WCPUjhDQAsPgkvAAEyHeAABWYFIAADUsdwAAETOCA=
References: <E51D5B15BFDEFD448F90BDD17D41CFF1039E56D8@AHQEX1.andrew.com> <00a401c82c8d$e71282a0$2f0d0d0a@cisco.com>
From: "Winterbottom, James" <James.Winterbottom@andrew.com>
To: Marc Linsner <mlinsner@cisco.com>, geopriv@ietf.org
X-OriginalArrivalTime: 21 Nov 2007 22:41:50.0483 (UTC) FILETIME=[B4C53E30:01C82C8F]
X-Spam-Score: 1.8 (+)
X-Scan-Signature: b6435b1bfa5977f2eb96dc7e52434b6d
Cc:
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1285303990=="
Errors-To: geopriv-bounces@ietf.org

Marc,

 

In-line

 

macaddressofmarclinsnersworkstation-00-01-6C-CB-DF-01@accessprovider.net
<mailto:macaddressofmarclinsnersworkstation-00-01-6C-CB-DF-01@accessprov
ider.net> 

 

IMO, formalization of such is not required as entities passing such
information have established relationships and can negotiate syntax via
that relationship.  If in fact it's standardized, it creates an attack
vector.

	[AJW] You are entitled to your opinion, though I fail to see how
a standardized way of expressing an identifier leads to attack vectors.
In my experience non-standard or poorly defined ways of expressing
things simply leads to interoperability problems. Either something is a
URI or it isn't. If it is, it should have a formal specification that
can be referenced. 

	 

	 

	Suppose HELD is bound to a transport other than HTTP, such as in
http://tools.ietf.org/html/draft-thomson-geopriv-held-beep-01, how are
the parameters simply added to the URI? Does it even make sense to do
so? 

	 

Hmm....HELD = HTTP enabled location discovery is bound to a transport
other than HTTP?

	 

	
http://www.ietf.org/internet-drafts/draft-ietf-geopriv-l7-lcp-ps-06.txt
indicates that identifiers other than IP address will be required in
some scenarios. 

	 

LCP = location configuration protocol. Configuration of a host, not SP
OSS boxes.  Where draft-ietf-geopriv-http-location-delivery-03.txt does
not work is spelled out in that draft.  The draft works in ALL scenarios
except tunnels.  I'll accept that the security/privacy required by
3693/4 is met as is, but not with extensions.

 

[AJW] I am not sure that understand what you are trying to say here at
all. I see it as quite legitimate for a device to provide additional
identity information that might assist a LIS in location determination.
Providing the LIS can validate this information, where does the security
issue come form, and why isn't this pertinent to an LCP?

 

	 

	 

	
http://www.ietf.org/internet-drafts/draft-ietf-ecrit-phonebcp-03.txt
identifies the need, in some situations, for an outbound proxy to insert
location on-behalf-of the calling device. In this situation using HELD
requires a formal way to express how the Device is being identified, and
what the identifier represents. 

	 

 Not all requirements have technical solutions.  The phonebcp is
attempting to state that it's possible for a proxy to insert location,
it doesn't provide or require the 'how'.

 

[AJW] PRECISELY, but this requirement does have a technical solution,
and it can be accomplished with an identity extension in HELD. 

 

	 

	Please read the draft
http://tools.ietf.org/html/draft-winterbottom-geopriv-held-identity-exte
nsions-04 before jumping on to the attack. 

	 

Yes, this drafts opens up several ways for someone other than a target
to gain knowledge of some other target's location. 

 

 

[AJW] It also provides ways for a device to provide additional
information about itself to the LIS to help speed things up.

	 

	There are several architectures and deployments well underway
that require this work. The ABNF definitions in the extensions draft
have applicability beyond just HELD. 

	 

I realize Barbara's concern and offered an alternative, asking why it
doesn't solve her use case.  To state there are 'several' more adds
nothing to this thread. 

	 

	 

	    I don't see a need to delay this work further. 

	 

That's a surprise.

 

[AJW] So you agree that this work should proceed then?

 

-Marc-

	 

 

	 

	Cheers

	James

	 

	
________________________________


	From: Marc Linsner [mailto:mlinsner@cisco.com] 
	Sent: Thursday, 22 November 2007 4:54 AM
	To: 'Stark, Barbara'; rjsparks@nostrum.com; geopriv@ietf.org
	Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70

	 

	Barbara,

	 

	Remind me again why this can't be accomplished by putting the
identifier in the uri?  ex: identifier@accessprovider.net

	 

	Thanks,

	 

	-Marc-

	 

	 

		 

		
________________________________


		From: Stark, Barbara [mailto:bs7652@att.com] 
		Sent: Wednesday, November 21, 2007 12:17 PM
		To: rjsparks@nostrum.com; geopriv@ietf.org
		Subject: Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70

		Robert,
		I think the HELD identity extensions is important. It's
needed for LIS to LIS communication, which is critical where the entity
who assigns the public IP address is not the same as the access
provider.
		Barbara
		
		----- Original Message -----
		From: Robert Sparks <rjsparks@nostrum.com>
		To: GEOPRIV <geopriv@ietf.org>
		Sent: Tue Nov 20 15:09:03 2007
		Subject: [Geopriv] draft agenda: GEOPRIV @ IETF 70
		
		Folks -
		
		We have 2.5 hrs in Vancouver (Friday morning). Based on
our chartered 
		work, list discussions, and agenda requests, here's the
agenda I'm 
		planning to follow:
		
		15m     Administrivia   Chairs
		30m     http-location-delivery  Mary (<- Lets finish
this one!)
		20m     Finishing geopriv-policy        Hannes/Cullen
		30m     LIS Discovery   James W
		10m     l7lcp-ps        Hannes
		20m     pidf-lo-dynamic Henning
		15m     dhcp-lbyr-uri-option    James P
		10m     civicaddresses-austria  Karl
		20m     Uncertainty and Confidence      James W
		10m     HELD Dereference        James W
		
		As usual, we have many other requests to talk about
other things - 
		please take those to the list for now.
		
		This is a draft agenda and we can change it. Let me know
if you think 
		I've missed something important.
		
		RjS
		
		
		_______________________________________________
		Geopriv mailing list
		Geopriv@ietf.org
		https://www1.ietf.org/mailman/listinfo/geopriv

		*****

		The information transmitted is intended only for the
person or entity to which it is addressed and may contain confidential,
proprietary, and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please contact
the sender and delete the material from all computers. GA623

	 


------------------------------------------------------------------------
------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------
------------------------
[mf2]

	 

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv

v2.23.0 | Report a Bug | By Email