[secdir] SECDIR Review of draft-ietf-geopriv-arch-02

Phillip Hallam-Baker <hallam@gmail.com> Sun, 29 August 2010 02:41 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4C743A6922 for <secdir@core3.amsl.com>; Sat, 28 Aug 2010 19:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.307
X-Spam-Level:
X-Spam-Status: No, score=-1.307 tagged_above=-999 required=5 tests=[AWL=-0.197, BAYES_05=-1.11]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O9AF0iVIfcTe for <secdir@core3.amsl.com>; Sat, 28 Aug 2010 19:41:11 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 8BC203A68F8 for <secdir@ietf.org>; Sat, 28 Aug 2010 19:41:11 -0700 (PDT)
Received: by iwn3 with SMTP id 3so4193111iwn.31 for <secdir@ietf.org>; Sat, 28 Aug 2010 19:41:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=sH18ho8JFsdokY1AnSY4K8FxKnTx7scAQ0m9cX8Bbrk=; b=pZiWw2rhYV4McYL1bigpRg3492eyQLjufTk51OxesW2XCsHMvdGwZpIJT6Ohj5QOEK Y8+v0/uGTHEifEUrvvv2Lx7pczm7CeWbsNDXe2a5LgDcXKoaaHMnswslsEw3ndXi1R29 yw7Cso/oIelOdZ6gpxth9i8RCmCVHWFRzj180=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=RTx4BwcUG64FLI4zFYJNFMH2+GgMEmrEi7UogoM9FHaBq+Fi/hvcrPnEu3ou6gPOsx XWXasuA8w0TNDuNv6eLY25d2kCM//slg54qtoXSGnrBEwm5oOBGF9Zo5RajZXk9wa9vd jGithATAu8k+HKPfai8oH9UkWgaEGhIOvxa10=
MIME-Version: 1.0
Received: by 10.231.145.16 with SMTP id b16mr3160171ibv.198.1283049703018; Sat, 28 Aug 2010 19:41:43 -0700 (PDT)
Received: by 10.231.35.70 with HTTP; Sat, 28 Aug 2010 19:41:42 -0700 (PDT)
Date: Sat, 28 Aug 2010 22:41:42 -0400
Message-ID: <AANLkTimswiRU4Cq+uX_HGiT6dOUy_mNOm8Zz5jncb-H=@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: secdir@ietf.org, Richard Barnes <rbarnes@bbn.com>, mlepinski@bbn.com, acooper@cdt.org, jmorris@cdt.org, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Henning Schulzrinne <hgs@cs.columbia.edu>
Content-Type: text/plain; charset=ISO-8859-1
Subject: [secdir] SECDIR Review of draft-ietf-geopriv-arch-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Aug 2010 02:41:13 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.


The document sets out architectural considerations for location and
location privacy systems. As such it is essentially an extended set of
security considerations.

The document is very thorough and describes both the problem and
generalized approaches addressing requirements that arise. In my
opinion it is suitable for publication in its current form.


I have no particular issues with the document except to note the following:

1) Legal risks of collecting location information.

You can't lose what you don't have. Sites that collect and store
credit card numbers expose themselves to the risk of penalties should
they be compromised. Sites that collect location information they
don't need may be opening themselves to unnecessary liability.
Implementing privacy architectures is thus not merely a matter of
compliance, it is potentially a means of mitigating liability risk.

2) Unintended location information

GPS and similar devices are designed to collect location information,
but many Internet technologies leak information that has a high
correlation with position. Even an IP address can be tracked down to a
street level address in many instances. The issues raised in this
document are thus of wider application than technologies intended to
provide location information.


-- 
Website: http://hallambaker.com/