Re: [netext] Richard Barnes' Discuss on draft-ietf-netext-ani-location-08: (with DISCUSS and COMMENT)

Brian Haberman <brian@innovationslab.net> Thu, 05 March 2015 15:14 UTC

Return-Path: <brian@innovationslab.net>
X-Original-To: netext@ietfa.amsl.com
Delivered-To: netext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A36F81A0BE8; Thu, 5 Mar 2015 07:14:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wyTICyIeJ_2j; Thu, 5 Mar 2015 07:14:39 -0800 (PST)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB6F31A0389; Thu, 5 Mar 2015 07:13:16 -0800 (PST)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id A18FD88154; Thu, 5 Mar 2015 07:13:16 -0800 (PST)
Received: from clemson.local (unknown [76.21.129.88]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id CFE181368260; Thu, 5 Mar 2015 07:13:15 -0800 (PST)
Message-ID: <54F87285.8070703@innovationslab.net>
Date: Thu, 05 Mar 2015 10:13:09 -0500
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>, The IESG <iesg@ietf.org>
References: <20150305031437.7587.71906.idtracker@ietfa.amsl.com>
In-Reply-To: <20150305031437.7587.71906.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="7Rivr6o4OF57DJaa6fqj7I1fklvI0gJJc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/netext/Zz06Hcqq7GBJUGSyG1ar7p0clGI>
Cc: netext@ietf.org, netext-chairs@ietf.org, draft-ietf-netext-ani-location.all@ietf.org
Subject: Re: [netext] Richard Barnes' Discuss on draft-ietf-netext-ani-location-08: (with DISCUSS and COMMENT)
X-BeenThere: netext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <netext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netext>, <mailto:netext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netext/>
List-Post: <mailto:netext@ietf.org>
List-Help: <mailto:netext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 15:14:42 -0000

Hi Richard,

On 3/4/15 10:14 PM, Richard Barnes wrote:
> Richard Barnes has entered the following ballot position for
> draft-ietf-netext-ani-location-08: Discuss
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-netext-ani-location/
> 
> 
> 
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
> 
> (1) In Section 3.1, the "civic location" description here mentions the
> use of a location URI, but there's no corresponding Format for it.  Is
> that what you actually mean to have for XML Encoding (1)?  You're not
> going to fit much XML in 253 octets anyway.  I would suggest having
> format 0 be the RFC 4776 format, and format 1 be a URI pointing to an XML
> document.

Just on the above point...

I had a comment during my AD Evaluation on 3.1 and got this response:


>>
>> 2. In Section 3.1, the civic location field is limited to 253 bytes.
>> Given that there are civic locations that exceed that length, can you
>> provide a brief justification for that limit?

> This is a good question. The practical reason for 253 bytes is that
> the ANI length field is one byte.
> However, the DHCPv4 Civic Location also has a one byte length, so we
> felt it was reasonable.
> For longer length, a PIDF location URI could be used (a URI that would
> dereference to a location object).
> Potentially, we can add text around how the 253 byte limit could be
> handled for long civic locations.


So, I do not envision 253 bytes of XML.  However, your point about
clarifying the format is a good one.

The rest of your points I will leave to the authors.

Regards,
Brian

> 
> (2) It would help interoperability if you could constrain the classes of
> location URI that are supported.  For example, if the mechanism in RFC
> 6753 is sufficient for your purposes, you could require that geolocation
> values in format 1 use an HTTPS URI to be dereferenced using that
> mechanism.  Likewise, unless there's a known, compelling need to support
> HTTP URIs, you should require HTTPS.  The fact that you have 253 format
> codes remaining means that if there are future needs for other URI types,
> you can liberalize.
> 
> (3) To ensure that the location information referenced by location URIs
> is protected, please comment on the assumed access control model for
> these URIs.  Can anyone with the URI dereference it?  Or are they
> required to be access-controlled?  Section 4 of RFC 6753 should provide a
> helpful framework. 
> 
> (4) Alternatively to (2) and (3), you could just remove the option for a
> XML/URI-based location altogether.  Is there a compelling use cases here
> for very precise location?  Even with the 253-octet limit, the RFC 4776
> format would allow you to specify down to roughly the neighborhood level
> in most cases.  For example, encoding "Washington, DC 20001, US" takes
> only 26 octets.  Even looking at some Japanese addresses, which are more
> verbose, the examples I'm finding are still on the order of 70-100
> octets.
> 
> (5) Did the WG consider constraining the set of civic address elements
> that can be used?  It's not clear to me that the use cases for this
> document require very granular information, e.g., to the individual
> building, floor, or room.  The RFC 4776 format makes it fairly easy to
> express these constraints, by saying something like "The civic addresses
> carried in the civic location sub option MUST NOT contain elements other
> than A1, ..., A6 and PC."
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks for a good discussion of confidentiality protections in the
> Security Considerations.  It would be helpful if you could also note that
> another way to address the concerns here is to provision location
> information at the least granular level possible.  Suggested:
> 
> "The other way to protect the sensitive location information of network
> users is of course to not send it in the first places.  Users of the
> civic location sub option should provision location values with the
> highest possible level of granularity, e.g., to the province or city
> level, rather than provisioning specific addresses.  In addition to
> helping protect private information, reducing granularity will also
> reduce the size of the civic location sub option."
> 
> 
> 
>