IETF Logo Mail Archive

RE: [Geopriv] HELD identity extension - standardisation is insecure

"Dawson, Martin" <Martin.Dawson@andrew.com> Thu, 22 November 2007 00:54 UTC

Return-path: <geopriv-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iv0LE-0007Lt-Nq; Wed, 21 Nov 2007 19:54:52 -0500
Received: from geopriv by megatron.ietf.org with local (Exim 4.43) id 1Iv0LD-0007Lo-9s for geopriv-confirm+ok@megatron.ietf.org; Wed, 21 Nov 2007 19:54:51 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Iv0LC-0007Lf-T4 for geopriv@ietf.org; Wed, 21 Nov 2007 19:54:51 -0500
Received: from smtp3.andrew.com ([198.135.207.235] helo=andrew.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1Iv0LC-0003jd-2x for geopriv@ietf.org; Wed, 21 Nov 2007 19:54:50 -0500
X-SEF-Processed: 5_0_0_910__2007_11_21_19_05_33
X-SEF-16EBA1E9-99E8-4E1D-A1CA-4971F5510AF: 1
Received: from aopexbh2.andrew.com [10.86.20.25] by smtp3.andrew.com - SurfControl E-mail Filter (5.2.1); Wed, 21 Nov 2007 19:05:32 -0600
Received: from AOPEX4.andrew.com ([10.86.20.22]) by aopexbh2.andrew.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 21 Nov 2007 18:54:49 -0600
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Subject: RE: [Geopriv] HELD identity extension - standardisation is insecure
Date: Wed, 21 Nov 2007 18:54:47 -0600
Message-ID: <EB921991A86A974C80EAFA46AD428E1E0354D94E@aopex4.andrew.com>
In-Reply-To: <00a401c82c8d$e71282a0$2f0d0d0a@cisco.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Geopriv] HELD identity extension - standardisation is insecure
Thread-Index: AcgrsVlMpPdFoz8GQYW928WCPUjhDQAsPgkvAAEyHeAABWYFIAADUsdwAAWYmGA=
References: <E51D5B15BFDEFD448F90BDD17D41CFF1039E56D8@AHQEX1.andrew.com> <00a401c82c8d$e71282a0$2f0d0d0a@cisco.com>
From: "Dawson, Martin" <Martin.Dawson@andrew.com>
To: Marc Linsner <mlinsner@cisco.com>, "Winterbottom, James" <James.Winterbottom@andrew.com>, geopriv@ietf.org
X-OriginalArrivalTime: 22 Nov 2007 00:54:49.0090 (UTC) FILETIME=[48640E20:01C82CA2]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ba231eeb0ba293f319cac22693e776bc
Cc:
X-BeenThere: geopriv@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Geographic Location/Privacy <geopriv.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:geopriv@ietf.org>
List-Help: <mailto:geopriv-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/geopriv>, <mailto:geopriv-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1055380791=="
Errors-To: geopriv-bounces@ietf.org

Isolating the first point - which appears to be a "highlight objection"
to the identity extension functionality, with a focus on security

 

The HELD identity extension supports three key sets of functionality

 

1.	The option for a target device which is also the HELD client to
provide additional information to facilitate location determination - or
provide for more accurate location determination. E.g. the device uses
LLDP to determine the connected switch/port and provides that with the
request or the device can provide RFID data as part of a specific site
location network.
2.	For one LIS to communicate information to another LIS where
location determination is performed co-operatively between LIS elements.
E.g an ISP LIS which provides the L2TP tunnel identifier to a DSL
infrastructure provider LIS so that it can correlate it with the BRAS
circuit, associated DSLAM termination, and corresponding residential
street address.
3.	For a trusted application to request location on-behalf-of a
legacy device which lacks native location-capability. E.g. an enterprise
VoIP environment with legacy IP handsets with no internal location
request capability - the call server can request the LIS to provide the
location of the IP address associated with the phone.

 

If I understand your proposition, all of these things can be done in
proprietary ways and that this is inherently more secure - correct me if
I misinterpreted the comment. While I don't see how the security
argument can be quantified (sounds like security through obscurity), my
view is that industry standardisation is very important for all of these
functions, security can definitely be addressed (and even in proprietary
ways if desired) very effectively, and any notional security concerns
associated with standardising this approach don't outweigh the benefits
in terms of interoperability and speed of implementation across many
access networks.

 

Cheers,

Martin

 

________________________________

From: Marc Linsner [mailto:mlinsner@cisco.com] 
Sent: Thursday, 22 November 2007 9:29 AM
To: Winterbottom, James; geopriv@ietf.org
Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70

 

James,

 

In-line....

	 

	
________________________________


	From: Winterbottom, James [mailto:James.Winterbottom@andrew.com]

	Sent: Wednesday, November 21, 2007 3:42 PM
	To: Marc Linsner; Stark, Barbara; rjsparks@nostrum.com;
geopriv@ietf.org
	Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70

	Marc,

	 

	Suppose the identifier is a MAC address, since this has no
formal URI representation  then what? 

	 

macaddressofmarclinsnersworkstation-00-01-6C-CB-DF-01@accessprovider.net
<mailto:macaddressofmarclinsnersworkstation-00-01-6C-CB-DF-01@accessprov
ider.net> 

 

IMO, formalization of such is not required as entities passing such
information have established relationships and can negotiate syntax via
that relationship.  If in fact it's standardized, it creates an attack
vector.

	 

	Suppose HELD is bound to a transport other than HTTP, such as in
http://tools.ietf.org/html/draft-thomson-geopriv-held-beep-01, how are
the parameters simply added to the URI? Does it even make sense to do
so? 

	 

Hmm....HELD = HTTP enabled location discovery is bound to a transport
other than HTTP?

	 

	
http://www.ietf.org/internet-drafts/draft-ietf-geopriv-l7-lcp-ps-06.txt
indicates that identifiers other than IP address will be required in
some scenarios. 

	 

LCP = location configuration protocol. Configuration of a host, not SP
OSS boxes.  Where draft-ietf-geopriv-http-location-delivery-03.txt does
not work is spelled out in that draft.  The draft works in ALL scenarios
except tunnels.  I'll accept that the security/privacy required by
3693/4 is met as is, but not with extensions.

	 

	 

	
http://www.ietf.org/internet-drafts/draft-ietf-ecrit-phonebcp-03.txt
identifies the need, in some situations, for an outbound proxy to insert
location on-behalf-of the calling device. In this situation using HELD
requires a formal way to express how the Device is being identified, and
what the identifier represents. 

	 

 Not all requirements have technical solutions.  The phonebcp is
attempting to state that it's possible for a proxy to insert location,
it doesn't provide or require the 'how'.

	 

	Please read the draft
http://tools.ietf.org/html/draft-winterbottom-geopriv-held-identity-exte
nsions-04 before jumping on to the attack. 

	 

Yes, this drafts opens up several ways for someone other than a target
to gain knowledge of some other target's location. 

	 

	There are several architectures and deployments well underway
that require this work. The ABNF definitions in the extensions draft
have applicability beyond just HELD. 

	 

I realize Barbara's concern and offered an alternative, asking why it
doesn't solve her use case.  To state there are 'several' more adds
nothing to this thread. 

	 

	 

	    I don't see a need to delay this work further. 

	 

That's a surprise.

 

-Marc-

	 

 

	 

	Cheers

	James

	 

	
________________________________


	From: Marc Linsner [mailto:mlinsner@cisco.com] 
	Sent: Thursday, 22 November 2007 4:54 AM
	To: 'Stark, Barbara'; rjsparks@nostrum.com; geopriv@ietf.org
	Subject: RE: [Geopriv] draft agenda: GEOPRIV @ IETF 70

	 

	Barbara,

	 

	Remind me again why this can't be accomplished by putting the
identifier in the uri?  ex: identifier@accessprovider.net

	 

	Thanks,

	 

	-Marc-

	 

	 

		 

		
________________________________


		From: Stark, Barbara [mailto:bs7652@att.com] 
		Sent: Wednesday, November 21, 2007 12:17 PM
		To: rjsparks@nostrum.com; geopriv@ietf.org
		Subject: Re: [Geopriv] draft agenda: GEOPRIV @ IETF 70

		Robert,
		I think the HELD identity extensions is important. It's
needed for LIS to LIS communication, which is critical where the entity
who assigns the public IP address is not the same as the access
provider.
		Barbara
		
		----- Original Message -----
		From: Robert Sparks <rjsparks@nostrum.com>
		To: GEOPRIV <geopriv@ietf.org>
		Sent: Tue Nov 20 15:09:03 2007
		Subject: [Geopriv] draft agenda: GEOPRIV @ IETF 70
		
		Folks -
		
		We have 2.5 hrs in Vancouver (Friday morning). Based on
our chartered 
		work, list discussions, and agenda requests, here's the
agenda I'm 
		planning to follow:
		
		15m     Administrivia   Chairs
		30m     http-location-delivery  Mary (<- Lets finish
this one!)
		20m     Finishing geopriv-policy        Hannes/Cullen
		30m     LIS Discovery   James W
		10m     l7lcp-ps        Hannes
		20m     pidf-lo-dynamic Henning
		15m     dhcp-lbyr-uri-option    James P
		10m     civicaddresses-austria  Karl
		20m     Uncertainty and Confidence      James W
		10m     HELD Dereference        James W
		
		As usual, we have many other requests to talk about
other things - 
		please take those to the list for now.
		
		This is a draft agenda and we can change it. Let me know
if you think 
		I've missed something important.
		
		RjS
		
		
		_______________________________________________
		Geopriv mailing list
		Geopriv@ietf.org
		https://www1.ietf.org/mailman/listinfo/geopriv

		*****

		The information transmitted is intended only for the
person or entity to which it is addressed and may contain confidential,
proprietary, and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon
this information by persons or entities other than the intended
recipient is prohibited. If you received this in error, please contact
the sender and delete the material from all computers. GA623

	 


------------------------------------------------------------------------
------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------
------------------------
[mf2]

	 

------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv

v2.23.0 | Report a Bug | By Email