Re: [paws] WG Review: Protocol to Access White Space database (paws)
Alissa Cooper <acooper@cdt.org> Thu, 21 April 2011 11:01 UTC
Return-Path: <acooper@cdt.org>
X-Original-To: ietf@ietfc.amsl.com
Delivered-To: ietf@ietfc.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfc.amsl.com (Postfix) with ESMTP id 6648AE06C8; Thu, 21 Apr 2011 04:01:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([208.66.40.236]) by localhost (ietfc.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YdklWDG9tmjt; Thu, 21 Apr 2011 04:01:49 -0700 (PDT)
Received: from mail.maclaboratory.net (mail.maclaboratory.net [209.190.215.232]) by ietfc.amsl.com (Postfix) with ESMTP id 34E1DE06CD; Thu, 21 Apr 2011 04:01:49 -0700 (PDT)
Received: from localhost ([127.0.0.1]) by mail.maclaboratory.net (using TLSv1/SSLv3 with cipher AES128-SHA (128 bits)); Thu, 21 Apr 2011 07:01:29 -0400
Subject: Re: [paws] WG Review: Protocol to Access White Space database (paws)
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Alissa Cooper <acooper@cdt.org>
In-Reply-To: <88BE24FD9280884487DEAE0CE1FD3A5B060F1B@008-AM1MPN1-023.mgdnok.nokia.com>
Date: Thu, 21 Apr 2011 12:01:23 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <F4035489-7D81-47C9-BE99-3D9DCF1637FA@cdt.org>
References: <20110419165634.CD24CE07CF@ietfc.amsl.com> <4DADFE6D.3050107@cs.tcd.ie> <88BE24FD9280884487DEAE0CE1FD3A5B060F1B@008-AM1MPN1-023.mgdnok.nokia.com>
To: scott.probasco@nokia.com
X-Mailer: Apple Mail (2.1084)
Cc: paws@ietf.org, iesg@ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2011 11:01:50 -0000
On Apr 20, 2011, at 3:41 PM, <scott.probasco@nokia.com> <scott.probasco@nokia.com> wrote: > Hi Stephen, All, > > I believe the current wording >>> Robust security mechanisms are required to prevent: >>> device identity spoofing, modification of device requests, modification >>> of channel enablement information, ... > is acceptable because "mechanisms are required" means they should be in the protocol, it does not mean they cannot be optional. PAWS should support Regulator requirements globally, and thus I believe there will be procedures or capabilities which are "required" to be in the protocol but will be "optional" during run time. Thus different or conflicting requirements from different regions of the world can be supported. (Several regulatory groups around the world are still developing their views and requirements). > Agreed on this point, although I think the charter could make it a little less ambiguous by saying "Development of robust security mechanisms is required . . .," that way it's not indicating that the actual mechanisms themselves will always be required. Given that device identity will have to be shared in some circumstances, I would also add its protection to the end of the list of mechanisms: Development of security mechanisms is required to prevent: device identity spoofing, modification of device requests, modification of channel enablement information, impersonation of registered database services and unauthorized disclosure of a user's location and/or device identity. Alissa > It's not the time to dig deep into proposed solutions, just my opinion is the current proposed wording is an acceptable definition to allow a Work Group to get started defining the details. > > Regards, > Scott > > -----Original Message----- > From: paws-bounces@ietf.org [mailto:paws-bounces@ietf.org] On Behalf Of ext Stephen Farrell > Sent: Tuesday, April 19, 2011 4:28 PM > To: IETF-Discussion > Cc: paws@ietf.org; iesg@ietf.org > Subject: Re: [paws] WG Review: Protocol to Access White Space database (paws) > > > I think this is a good and timely thing for the IETF to do. > > One part of this where I think it might be useful to get > some broader input (which may have happened already, I'm not > sure) is the following: > > On 19/04/11 17:56, IESG Secretary wrote: >> The protocol must protect both the channel enablement process and the >> privacy of users. > > That part is fine but it goes on to say: > >> Robust security mechanisms are required to prevent: >> device identity spoofing, modification of device requests, modification >> of channel enablement information, ... > > I'm told (and believe) this in response to (at least) US > FCC requirements that call for a device ID and sometimes > serial number to be (securely, for some value of securely) > sent with the query. > > Those appear to be real regulatory requirements in the > US, presumably so the regulator can stomp on someone who > messes about in the wrong spectrum at the wrong time. > (The link below [1] may be to the right or wrong bit of > those US regulations, I'm not at all sure, not being > from there;-) > > So my questions: > > Are there may be similar (or conflicting!) requirements > elsewhere? > > Does this bit of the charter text need changes to work > well for other regions? > > Separately, I'm not sure how to square those kinds of > regulatory requirements with protecting privacy where the > device is carried by a person and has some FCC device ID > (which lots do I guess) and the person might not want > the database operator to know who's asking. But I think > that's ok as something for the WG to figure out since > the charter already calls for respecting privacy. > > I'm more concerned in case e.g. some other regional regulation > called for this protocol to be completely anonymous or > something, in which case the current charter text might > be problematic. > > Cheers, > Stephen. > > [1] > http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=3e9c322addf1f7e897d8c84a6c7aca78&rgn=div8&view=text&node=47:1.0.1.1.14.8.243.9&idno=47 > _______________________________________________ > paws mailing list > paws@ietf.org > https://www.ietf.org/mailman/listinfo/paws > _______________________________________________ > Ietf mailing list > Ietf@ietf.org > https://www.ietf.org/mailman/listinfo/ietf >
- Re: [paws] WG Review: Protocol to Access White Sp… Joel M. Halpern
- Re: [paws] WG Review: Protocol to Access White Sp… Peter Saint-Andre
- Re: WG Review: Protocol to Access White Space dat… Stephen Farrell
- Re: [paws] WG Review: Protocol to Access White Sp… Joel M. Halpern
- Re: [paws] WG Review: Protocol to Access White Sp… Joel M. Halpern
- Re: [paws] WG Review: Protocol to Access White Sp… Alexey Melnikov
- Re: [paws] WG Review: Protocol to Access White Sp… Andrew Sullivan
- RE: [paws] WG Review: Protocol to Access White Sp… Bernard Aboba
- Re: [paws] WG Review: Protocol to Access White Sp… Joel M. Halpern
- RE: [paws] WG Review: Protocol to Access White Sp… Paul Lambert
- Re: [paws] WG Review: Protocol to Access White Sp… Rex Buddenberg
- RE: [paws] WG Review: Protocol to Access White Sp… scott.probasco
- Re: [paws] WG Review: Protocol to Access White Sp… t.petch
- Re: [paws] WG Review: Protocol to Access White Sp… Cullen Jennings
- Re: [paws] WG Review: Protocol to Access White Sp… Alissa Cooper
- RE: [paws] WG Review: Protocol to Access White Sp… scott.probasco
- Re: [paws] WG Review: Protocol to Access White Sp… Glen Zorn