Re: [Tzdist-bis] draft-murchison-tzdist-geolocate-02.txt
Eliot Lear <lear@cisco.com> Tue, 25 September 2018 14:57 UTC
Return-Path: <lear@cisco.com>
X-Original-To: tzdist-bis@ietfa.amsl.com
Delivered-To: tzdist-bis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 764EA1312DF for <tzdist-bis@ietfa.amsl.com>; Tue, 25 Sep 2018 07:57:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.955
X-Spam-Level:
X-Spam-Status: No, score=-14.955 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.456, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0By-u3c_NpGc for <tzdist-bis@ietfa.amsl.com>; Tue, 25 Sep 2018 07:57:56 -0700 (PDT)
Received: from aer-iport-1.cisco.com (aer-iport-1.cisco.com [173.38.203.51]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D59C131155 for <tzdist-bis@ietf.org>; Tue, 25 Sep 2018 07:57:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5377; q=dns/txt; s=iport; t=1537887476; x=1539097076; h=subject:to:references:from:message-id:date:mime-version: in-reply-to; bh=p/MVxM62vBZTWCKO77QAqPXSgv93yvwsrzPzqpjfiW4=; b=VDUPdnZ90iMaOf3J3/XEPzxCho7R6DaahoxlmdqLN82qRWwIIhZ2GNH6 D9qATmXeoGbmNOX66GkvZNpY3B3p4s63zrgXon69evuQ8wypKAy4HZ4ZM K1mTIRW/zA8iZX4UYJGYRK2utYXMz/onouQzwLBwmJq6wanDs2+WjJDaM g=;
X-Files: signature.asc : 488
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CBAAAOTKpb/xbLJq0ZAUIaAQEBAQECAQEBAQcCAQEBAYREbRIog3SIdI0uLZEShzYIAxgBCoQDRgKEBDgUAQMBAQIBAQJtHAyFOQEBAQMBASFLGwsEFCoCAicwBg0GAgEBgx0BggEPhlWcf4EuH4lsCgWCbYgkggCBOYJrgxsBAYRiglcCnH8JhAGBZYNkhlkGF4h2hjaVCYFZIYFVMxoIGxU7gmyLFoVAPTCOGAEB
X-IronPort-AV: E=Sophos;i="5.54,302,1534809600"; d="asc'?scan'208,217";a="6790850"
Received: from aer-iport-nat.cisco.com (HELO aer-core-4.cisco.com) ([173.38.203.22]) by aer-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 25 Sep 2018 14:57:53 +0000
Received: from [10.61.247.199] ([10.61.247.199]) by aer-core-4.cisco.com (8.15.2/8.15.2) with ESMTP id w8PEvrW1021543 for <tzdist-bis@ietf.org>; Tue, 25 Sep 2018 14:57:53 GMT
To: Extensions to Time Zone Data Distribution Service <tzdist-bis@ietf.org>
References: <be52a320-15c3-8cfe-5db5-79343ddbb703@cisco.com>
From: Eliot Lear <lear@cisco.com>
Openpgp: preference=signencrypt
Autocrypt: addr=lear@cisco.com; prefer-encrypt=mutual; keydata= xsBNBFMe1UQBCADdYOS5APDpIpF2ohAxB+nxg1GpAYr8iKwGIb86Wp9NkK5+QwbW9H035clT lpVLciExtN8E3MCTPOIm7aITPlruixAVwlBY3g7U9eRppSw9O2H/7bie2GOnYxqmsw4v1yNZ 9NcMLlD8raY0UcQ5r698c8JD4xUTLqybZXaK2sPeJkxzT+IwupRSQ+vXEvFFGhERQ88zo5Ca Sa1Gw/Rv54oH0Dq2XYkO41rhxQ60BKZLZuQK1d9+1y3I+An3AJeD3AA31fJZD3H8YRKOBgqe ILPILbw1mM7gCtCjfvFCt6AFCwEsjITGx55ceoQ+t5B5XGYJEppMWsIFrwZsfbL+gP31ABEB AAHNJUVsaW90IExlYXIgPGxlYXJAb2Zjb3Vyc2VpbXJpZ2h0LmNvbT7CwJEEEwECADsCGwMC HgECF4ACGQEWIQSY0L2QRh2wkqeyYR2HtmtG2dJ6MwUCWxJwMwULCQgHAgYVCAkKCwIEFgID AQAKCRCHtmtG2dJ6MyMyCACXvtFjAYGMtOkD9MD4nI3ifFpkrj8xTMbXjrv5hdqmzRmQ0wqA 1U/OlZux+P/NaVMiZNZc8zw0nsx/INAqDOVd4/tLWF+ywTkeRFR0VnaUxLwCReZAZOaRS+md +52u/6ddoFja2RnjZ43qbbuvVUARQVIyMJz+GbR6mEZQHR0psD7dDYZDyrpivCxm8zHQwmB6 AZUlO7OJgljDvVPVDCabg/ZnJw1qS0OzSiNb0MySk1D5A7FdwDgeKxuMYUOOoVVTTMWNWcME UkRX9LxElswEt0PQWiz/j3FYXTxiFfl/1vKcHx4pM+E5C5mhTbrdFUFLJC3Y5fLID7stK/Ch aEaBzsBNBFMe1UQBCAC0WV7Ydbv95xYGPhthTdChBIpPtl7JPCV/c6/3iEmvjpfGuFNaK4Ma cj9le20EA5A1BH7PgLGoHOiPM65NysRpZ96RRVX3TNfLmhGMFr5hPOGNdq+xcGHVutmwPV9U 7bKeUNRiPFx3YdEkExddqV2E8FltT0x2FSKe2xszPPHB6gVtMckX5buI9p1K3fbVhXdvEkcY Y/jB0JEJGyhS5aEbct5cHUvDAkT81/YFK5Jfg8RRwu1q1t1YuIJSOWAZQ9J9oUsg6D9RpClU +tIFBoe3iTp1AUfJcypucGKgLYKtpu/aygcpQONHYkYW5003mPsrajFhReVF5veycMbHs4u5 ABEBAAHCwF8EGAECAAkFAlMe1UQCGwwACgkQh7ZrRtnSejOSuQgA27p2rYB7Kh20dym6V8c6 2pWpBHHTgxr/32zevxHSiXl6xvUCg5T8WUwfUk8OvgDcBErK/blDAMXQzSg3sp450JhR8RnX HXF5Zz2T04X7HnlIVJGwf2CjnwyEAJCqMzaCmI+g3Imvg/8L4nyBFvhlFHDv+kIvMiujyycj PAu7xxKplBs1/IEwmDoAMjneFmawvfeQnwdMhSKK8PjKSuzGU5uUmxj3GBfRqvTM0qpmhMPF OmDhJSmH55HLAky2MlmqJYXJPt/9EfSEhFiua1M6gLiuNEuPkp+8jcnHQqKr0IeHt8UqcwLt 2mGfIyl0FVdF9hvWPjNRzGbgqoT1Di03RQ==
Message-ID: <85061be3-b2e9-6d93-f095-fd91deea197d@cisco.com>
Date: Tue, 25 Sep 2018 16:57:54 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <be52a320-15c3-8cfe-5db5-79343ddbb703@cisco.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="bJvygjYpZDrInVnFWBwpM8nyy9sP9WRB2"
X-Outbound-SMTP-Client: 10.61.247.199, [10.61.247.199]
X-Outbound-Node: aer-core-4.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tzdist-bis/3QtNmI07mr7iMuwVlQe4CZpd8r4>
Subject: Re: [Tzdist-bis] draft-murchison-tzdist-geolocate-02.txt
X-BeenThere: tzdist-bis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Extensions to Time Zone Data Distribution Service <tzdist-bis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tzdist-bis>, <mailto:tzdist-bis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tzdist-bis/>
List-Post: <mailto:tzdist-bis@ietf.org>
List-Help: <mailto:tzdist-bis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tzdist-bis>, <mailto:tzdist-bis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Sep 2018 14:57:58 -0000
Just as a first order pass, I will say that I think the security and
privacy considerations are not sufficient, from my own personal point of
view. It is one thing to ask for TZ information. That is highly fuzzed
information and limits the damage an attacker can do. However, precise
geo-location information is more of an issue. An attacker can precisely
determine where someone is, and perhaps as importantly where someone is
not. "Eliot's not at home... let's break in".
I would therefore make two changes:
1. REQUIRE that TLS be used by clients in these circumstances.
2. RECOMMEND that clients that have a means to do so provide the
ability to turn off such retrieval.
Eliot
On 25.09.18 08:36, Eliot Lear wrote:
> Hi everyone,
>
> Now that the tzif draft is well on its way to being finished, it's time
> to pick up on draft-murchison-tzdist-geolocate-02.txt. Can I ask people
> to give a good scan of this? It's been pointed out that the draft
> should undergo a privacy review. I will arrange for that in due
> course. I will also post my review of the draft in the next few weeks.
>
> Eliot
>
>
>
>
> _______________________________________________
> Tzdist-bis mailing list
> Tzdist-bis@ietf.org
> https://www.ietf.org/mailman/listinfo/tzdist-bis
- [Tzdist-bis] draft-murchison-tzdist-geolocate-02.… Eliot Lear
- Re: [Tzdist-bis] draft-murchison-tzdist-geolocate… Eliot Lear
- Re: [Tzdist-bis] draft-murchison-tzdist-geolocate… Ken Murchison