Re: [Sip] Re: [Geopriv] Location-by-value in a SIP Location Header

From: Hannes Tschofenig ^lt;Hannes.Tschofenig@gmx.net>
Date: Tue Jul 18 2006 - 09:18:26 EDT

I have to agree with Henning here.

You can sign the PIDF-LO, encode it and then put it into the data URI.

Even if you do not sign the PIDF-LO in the header it makes no difference
since that's what you accomplish by sending a location reference (in the
header) as well.

The argument that you can use authorization policies to decide who is
allowed to resolve the reference to the location object is a bit
misleading. Where do these policies come from?

Ciao
Hannes

Henning Schulzrinne wrote:
> Brian, James:
>
> this is simply false. If desired, XML-DSIG is a well-known and accepted
> mechanism to achieve integrity. Such specification is no longer than
> the MUST NOT that you propose. You are also willfully ignoring the
> other technical arguments made as part of this discussion.
>
> Henning
>
> On Jul 18, 2006, at 8:48 AM, Rosen, Brian wrote:
>
>> There was a desire expressed by Hannes to provide a way for a proxy to
>> insert location-by-value. He had proposed a SIP Location header
>> specific way. In IETF66, Henning suggested just using a data URI.
>>
>> Doing this may run afoul of the geopriv location privacy concerns,
>> because there is no way for the user to sign the header to provide
>> assurance that the PIDF, and specifically the retention and other policy
>> bits are preserved. Note that S/MIME provides sufficient integrity
>> protection for a body. It's probably okay to use TLS per hop to provide
>> privacy, but not integrity protection. The authors believe that there
>> is no really compelling use case for this feature, and the effort to
>> define acceptable security mechanisms for location data in a header
>> would be a significant effort, further delaying the draft.
>>
>> We propose, therefore, to state in sip-location-conveyance, that a Data
>> URI MUST NOT be used in the Location header until a standards track RFC
>> defines a suitable security mechanism to protect the PIDF in the header.
>>
>> Brian and James
>>
>> _______________________________________________
>> Geopriv mailing list
>> Geopriv@ietf.org
>> https://www1.ietf.org/mailman/listinfo/geopriv
>
>
>
> _______________________________________________
> Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors@cs.columbia.edu for questions on current sip
> Use sipping@ietf.org for new developments on the application of sip
>
>

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Tue, 18 Jul 2006 15:18:26 +0200

This archive was generated by hypermail 2.1.8 : Tue Jul 18 2006 - 09:34:29 EDT