RE: [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00 (PIDF-LOdigital signatures)

From: Brian Rosen ^lt;br@brianrosen.net>
Date: Tue Feb 13 2007 - 15:48:56 EST

I am a proponent of signing location. I think it provides a worthwhile
level of protection against wholesale forgery of location, but does not
prevent some forms of replay attacks (or stealing a valid location from a
compromised or cooperating device, and representing that as the location
when it isn't).

However, I believe that the signature mechanism must pass through ALL
location configuration and conveyance protocols, which would include
LLDP-MED and DHCP (and, depending on how things work out, SUPL). The cited
work does not do that.

I also wonder if the extra work involved in passing identity actually helps.
I think forging the identity is as easy as forging the location, and if you
compromise an element, or have an accomplice, then you can masquerade as
another identity. Some identities can be verified, others cannot. Couple
that with the necessity that identity not always be revealed when location
is revealed, and you have to question the value of that part of it.

I think a signature by the location source, with a time stamp, provides
substantial protection. We can make it better, but at what cost, and with
what additional complexity, and with what value.

I do think we should first decide if the threat (trivial forgery) is
significant to do something about it. I think it is.

Brian

> -----Original Message-----
> From: jerome.grenier@bell.ca [mailto:jerome.grenier@bell.ca]
> Sent: Tuesday, February 13, 2007 3:34 PM
> To: geopriv@ietf.org
> Subject: RE: [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00 (PIDF-
> LOdigital signatures)
>
> It seems to me that many non-working group documents of Geopriv have the
> potential for a promotion, especially the ones that have been sitting
> there for months. With official milestones in the range of early 2005, I
> wonder what the criteria for promoting them to active working group
> documents are. From my perspective, many core issues inherent to the
> Geopriv charter are not yet formally addressed through working group
> documents.
>
> Here is an example I came across, based on a need we had as an emergency
> service provider, to find a standard way to validate the integrity of
> provided location data, in order to prevent location forgery. From draft-
> ietf-geopriv-l7-lcp-ps-00, the need for digital signatures for PIDF-LO
> documents is clearly acknowledged, with many surrounding issues and
> counter-measures presented, but a specific signing technique is stated to
> be out-of-scope of the document. In this context, I find quite relevant to
> promote draft-thomson-domain-auth-01 to a working group document as it
> defines a way to perform such signatures using already established
> standards.
>
> Regards,
>
> Jérôme
>
> -----Message d'origine-----
> De : Andrew Newton [mailto:andy@hxr.us]
> Envoyé : 5 février 2007 23:08
> À : GEOPRIV WG
> Objet : [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00
>
> All,
>
> This message marks the issuance of a working group last call (WGLC)
> on GEOPRIV's Internet Draft entitled "GEOPRIV Layer 7 Location
> Configuration Protocol; Problem Statement and Requirements" (draft-
> ietf-geopriv-l7-lcp-ps-00.txt). You may view this document at http://
> www.ietf.org/internet-drafts/draft-ietf-geopriv-l7-lcp-ps-00.txt.
>
> Please post comments and questions to this mailing list no later than
> 20 February 2007.
>
> -andy, GEOPRIV co-chair
>
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www1.ietf.org/mailman/listinfo/geopriv
>
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www1.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Tue, 13 Feb 2007 15:48:56 -0500

This archive was generated by hypermail 2.1.8 : Tue Feb 13 2007 - 15:48:22 EST