[secdir] SECDIR Review of draft-ietf-geopriv-arch-02
Phillip Hallam-Baker <hallam@gmail.com> Sun, 29 August 2010 02:41 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4C743A6922 for <secdir@core3.amsl.com>; Sat, 28 Aug 2010 19:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.307
X-Spam-Level:
X-Spam-Status: No, score=-1.307 tagged_above=-999 required=5 tests=[AWL=-0.197, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9AF0iVIfcTe for <secdir@core3.amsl.com>; Sat, 28 Aug 2010 19:41:11 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 8BC203A68F8 for <secdir@ietf.org>; Sat, 28 Aug 2010 19:41:11 -0700 (PDT)
Received: by iwn3 with SMTP id 3so4193111iwn.31 for <secdir@ietf.org>; Sat, 28 Aug 2010 19:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=sH18ho8JFsdokY1AnSY4K8FxKnTx7scAQ0m9cX8Bbrk=; b=pZiWw2rhYV4McYL1bigpRg3492eyQLjufTk51OxesW2XCsHMvdGwZpIJT6Ohj5QOEK Y8+v0/uGTHEifEUrvvv2Lx7pczm7CeWbsNDXe2a5LgDcXKoaaHMnswslsEw3ndXi1R29 yw7Cso/oIelOdZ6gpxth9i8RCmCVHWFRzj180=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=RTx4BwcUG64FLI4zFYJNFMH2+GgMEmrEi7UogoM9FHaBq+Fi/hvcrPnEu3ou6gPOsx XWXasuA8w0TNDuNv6eLY25d2kCM//slg54qtoXSGnrBEwm5oOBGF9Zo5RajZXk9wa9vd jGithATAu8k+HKPfai8oH9UkWgaEGhIOvxa10=
MIME-Version: 1.0
Received: by 10.231.145.16 with SMTP id b16mr3160171ibv.198.1283049703018; Sat, 28 Aug 2010 19:41:43 -0700 (PDT)
Received: by 10.231.35.70 with HTTP; Sat, 28 Aug 2010 19:41:42 -0700 (PDT)
Date: Sat, 28 Aug 2010 22:41:42 -0400
Message-ID: <AANLkTimswiRU4Cq+uX_HGiT6dOUy_mNOm8Zz5jncb-H=@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: secdir@ietf.org, Richard Barnes <rbarnes@bbn.com>, mlepinski@bbn.com, acooper@cdt.org, jmorris@cdt.org, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Henning Schulzrinne <hgs@cs.columbia.edu>
Content-Type: text/plain; charset="ISO-8859-1"
Subject: [secdir] SECDIR Review of draft-ietf-geopriv-arch-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Aug 2010 02:41:13 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The document sets out architectural considerations for location and location privacy systems. As such it is essentially an extended set of security considerations. The document is very thorough and describes both the problem and generalized approaches addressing requirements that arise. In my opinion it is suitable for publication in its current form. I have no particular issues with the document except to note the following: 1) Legal risks of collecting location information. You can't lose what you don't have. Sites that collect and store credit card numbers expose themselves to the risk of penalties should they be compromised. Sites that collect location information they don't need may be opening themselves to unnecessary liability. Implementing privacy architectures is thus not merely a matter of compliance, it is potentially a means of mitigating liability risk. 2) Unintended location information GPS and similar devices are designed to collect location information, but many Internet technologies leak information that has a high correlation with position. Even an IP address can be tracked down to a street level address in many instances. The issues raised in this document are thus of wider application than technologies intended to provide location information. -- Website: http://hallambaker.com/
- [secdir] SECDIR Review of draft-ietf-geopriv-arch… Phillip Hallam-Baker