Re: [netext] Richard Barnes' Discuss on draft-ietf-netext-ani-location-08: (with DISCUSS and COMMENT)
Brian Haberman <brian@innovationslab.net> Thu, 05 March 2015 15:14 UTC
Return-Path: <brian@innovationslab.net>
X-Original-To: netext@ietfa.amsl.com
Delivered-To: netext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A36F81A0BE8; Thu, 5 Mar 2015 07:14:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wyTICyIeJ_2j; Thu, 5 Mar 2015 07:14:39 -0800 (PST)
Received: from uillean.fuaim.com (uillean.fuaim.com [206.197.161.140]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB6F31A0389; Thu, 5 Mar 2015 07:13:16 -0800 (PST)
Received: from clairseach.fuaim.com (clairseach-high.fuaim.com [206.197.161.158]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by uillean.fuaim.com (Postfix) with ESMTP id A18FD88154; Thu, 5 Mar 2015 07:13:16 -0800 (PST)
Received: from clemson.local (unknown [76.21.129.88]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by clairseach.fuaim.com (Postfix) with ESMTP id CFE181368260; Thu, 5 Mar 2015 07:13:15 -0800 (PST)
Message-ID: <54F87285.8070703@innovationslab.net>
Date: Thu, 05 Mar 2015 10:13:09 -0500
From: Brian Haberman <brian@innovationslab.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>, The IESG <iesg@ietf.org>
References: <20150305031437.7587.71906.idtracker@ietfa.amsl.com>
In-Reply-To: <20150305031437.7587.71906.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="7Rivr6o4OF57DJaa6fqj7I1fklvI0gJJc"
Archived-At: <http://mailarchive.ietf.org/arch/msg/netext/Zz06Hcqq7GBJUGSyG1ar7p0clGI>
Cc: netext@ietf.org, netext-chairs@ietf.org, draft-ietf-netext-ani-location.all@ietf.org
Subject: Re: [netext] Richard Barnes' Discuss on draft-ietf-netext-ani-location-08: (with DISCUSS and COMMENT)
X-BeenThere: netext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Mailing list for discusion of extensions to network mobility protocol, i.e PMIP6. " <netext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netext>, <mailto:netext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/netext/>
List-Post: <mailto:netext@ietf.org>
List-Help: <mailto:netext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netext>, <mailto:netext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 15:14:42 -0000
Hi Richard, On 3/4/15 10:14 PM, Richard Barnes wrote: > Richard Barnes has entered the following ballot position for > draft-ietf-netext-ani-location-08: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > http://datatracker.ietf.org/doc/draft-ietf-netext-ani-location/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > (1) In Section 3.1, the "civic location" description here mentions the > use of a location URI, but there's no corresponding Format for it. Is > that what you actually mean to have for XML Encoding (1)? You're not > going to fit much XML in 253 octets anyway. I would suggest having > format 0 be the RFC 4776 format, and format 1 be a URI pointing to an XML > document. Just on the above point... I had a comment during my AD Evaluation on 3.1 and got this response: >> >> 2. In Section 3.1, the civic location field is limited to 253 bytes. >> Given that there are civic locations that exceed that length, can you >> provide a brief justification for that limit? > This is a good question. The practical reason for 253 bytes is that > the ANI length field is one byte. > However, the DHCPv4 Civic Location also has a one byte length, so we > felt it was reasonable. > For longer length, a PIDF location URI could be used (a URI that would > dereference to a location object). > Potentially, we can add text around how the 253 byte limit could be > handled for long civic locations. So, I do not envision 253 bytes of XML. However, your point about clarifying the format is a good one. The rest of your points I will leave to the authors. Regards, Brian > > (2) It would help interoperability if you could constrain the classes of > location URI that are supported. For example, if the mechanism in RFC > 6753 is sufficient for your purposes, you could require that geolocation > values in format 1 use an HTTPS URI to be dereferenced using that > mechanism. Likewise, unless there's a known, compelling need to support > HTTP URIs, you should require HTTPS. The fact that you have 253 format > codes remaining means that if there are future needs for other URI types, > you can liberalize. > > (3) To ensure that the location information referenced by location URIs > is protected, please comment on the assumed access control model for > these URIs. Can anyone with the URI dereference it? Or are they > required to be access-controlled? Section 4 of RFC 6753 should provide a > helpful framework. > > (4) Alternatively to (2) and (3), you could just remove the option for a > XML/URI-based location altogether. Is there a compelling use cases here > for very precise location? Even with the 253-octet limit, the RFC 4776 > format would allow you to specify down to roughly the neighborhood level > in most cases. For example, encoding "Washington, DC 20001, US" takes > only 26 octets. Even looking at some Japanese addresses, which are more > verbose, the examples I'm finding are still on the order of 70-100 > octets. > > (5) Did the WG consider constraining the set of civic address elements > that can be used? It's not clear to me that the use cases for this > document require very granular information, e.g., to the individual > building, floor, or room. The RFC 4776 format makes it fairly easy to > express these constraints, by saying something like "The civic addresses > carried in the civic location sub option MUST NOT contain elements other > than A1, ..., A6 and PC." > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for a good discussion of confidentiality protections in the > Security Considerations. It would be helpful if you could also note that > another way to address the concerns here is to provision location > information at the least granular level possible. Suggested: > > "The other way to protect the sensitive location information of network > users is of course to not send it in the first places. Users of the > civic location sub option should provision location values with the > highest possible level of granularity, e.g., to the province or city > level, rather than provisioning specific addresses. In addition to > helping protect private information, reducing granularity will also > reduce the size of the civic location sub option." > > > >
- [netext] Richard Barnes' Discuss on draft-ietf-ne… Richard Barnes
- Re: [netext] Richard Barnes' Discuss on draft-iet… Brian Haberman