RE: [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00 (PIDF-LOdigitalsignatures)

From: Brian Rosen ^lt;br@brianrosen.net>
Date: Tue Feb 13 2007 - 16:21:46 EST

I respectfully disagree.

The intention so far is that all location configuration protocols are
equivalent, and the choice is up to the access network provider. The client
has to deal with them all. Signatures are not a characteristic of the
protocol, they are a characteristic of a generic solution to the threat.
Further, the signature has to survive the conveyance (meaning at least
sip-location-conveyance). I am not interested in solving subsets of the
problem. Either a recipient, like a PSAP, can reasonably depend on getting
a signature in most circumstances, or it can't. If it gets it sometimes,
it's not useful. If it gets it almost always, then it is useful, and it can
have reasonable strategies to deploy when it doesn't get one.

There are legitimate cases where the signature will be missing or bad. It
DOES NOT mean that the location is wrong. It might be, and the receiver
will have to have a process it follows when that happens. I don't believe
the mechanism can be made foolproof, but it can be useful. However, it can
only be useful if the signature is there most of the time. If only L7 LCP
does it, then it won't.

Brian

> -----Original Message-----
> From: Winterbottom, James [mailto:James.Winterbottom@andrew.com]
> Sent: Tuesday, February 13, 2007 4:11 PM
> To: Brian Rosen; jerome.grenier@bell.ca; geopriv@ietf.org
> Subject: RE: [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00 (PIDF-
> LOdigitalsignatures)
>
> I don't believe that placing a requirement on the L7 acquisition protocol
> that you can only do signatures if they can be supported by LLDP-MED and
> DHCP is a reasonable thing to do.
>
> By the definitions that are used in this WG, DHCP and LLDP-MED are
> sighting protocols. Consequently they are not subject to the same or
> covered by the requirements being proposed in the L7 Location Acquisition
> document. Encumbering the L7 solution to extend characteristics to
> sighting protocols so that they can exhibit behaviours required by other
> protocols seems absurd.
>
> I would be happy to say that the L7 acquisition protocol must not preclude
> the future inclusion and transport of signatures applicable to sighting
> protocol forms (what ever they may be). You are then free to come up with
> signature solutions over time if they prove to be required for sighting
> protocols.
>
> I don't believe that this limitation on sighting protocols should be made
> to encumber the more feature-rich alternatives, nor should it delay
> progression of solutions that are ready to go.
>
> Cheers
> James
>
>
>
> > -----Original Message-----
> > From: Brian Rosen [mailto:br@brianrosen.net]
> > Sent: Wednesday, 14 February 2007 7:49 AM
> > To: jerome.grenier@bell.ca; geopriv@ietf.org
> > Subject: RE: [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00 (PIDF-
> > LOdigitalsignatures)
> >
> > I am a proponent of signing location. I think it provides a worthwhile
> > level of protection against wholesale forgery of location, but does not
> > prevent some forms of replay attacks (or stealing a valid location from
> a
> > compromised or cooperating device, and representing that as the location
> > when it isn't).
> >
> > However, I believe that the signature mechanism must pass through ALL
> > location configuration and conveyance protocols, which would include
> > LLDP-MED and DHCP (and, depending on how things work out, SUPL). The
> > cited
> > work does not do that.
> >
> > I also wonder if the extra work involved in passing identity actually
> > helps.
> > I think forging the identity is as easy as forging the location, and if
> > you
> > compromise an element, or have an accomplice, then you can masquerade as
> > another identity. Some identities can be verified, others cannot.
> Couple
> > that with the necessity that identity not always be revealed when
> location
> > is revealed, and you have to question the value of that part of it.
> >
> > I think a signature by the location source, with a time stamp, provides
> > substantial protection. We can make it better, but at what cost, and
> with
> > what additional complexity, and with what value.
> >
> > I do think we should first decide if the threat (trivial forgery) is
> > significant to do something about it. I think it is.
> >
> > Brian
> >
> >
> > > -----Original Message-----
> > > From: jerome.grenier@bell.ca [mailto:jerome.grenier@bell.ca]
> > > Sent: Tuesday, February 13, 2007 3:34 PM
> > > To: geopriv@ietf.org
> > > Subject: RE: [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00 (PIDF-
> > > LOdigital signatures)
> > >
> > > It seems to me that many non-working group documents of Geopriv have
> the
> > > potential for a promotion, especially the ones that have been sitting
> > > there for months. With official milestones in the range of early 2005,
> I
> > > wonder what the criteria for promoting them to active working group
> > > documents are. From my perspective, many core issues inherent to the
> > > Geopriv charter are not yet formally addressed through working group
> > > documents.
> > >
> > > Here is an example I came across, based on a need we had as an
> emergency
> > > service provider, to find a standard way to validate the integrity of
> > > provided location data, in order to prevent location forgery. From
> > draft-
> > > ietf-geopriv-l7-lcp-ps-00, the need for digital signatures for PIDF-LO
> > > documents is clearly acknowledged, with many surrounding issues and
> > > counter-measures presented, but a specific signing technique is stated
> > to
> > > be out-of-scope of the document. In this context, I find quite
> relevant
> > to
> > > promote draft-thomson-domain-auth-01 to a working group document as it
> > > defines a way to perform such signatures using already established
> > > standards.
> > >
> > > Regards,
> > >
> > > Jérôme
> > >
> > > -----Message d'origine-----
> > > De : Andrew Newton [mailto:andy@hxr.us]
> > > Envoyé : 5 février 2007 23:08
> > > À : GEOPRIV WG
> > > Objet : [Geopriv] WGLC on draft-ietf-geopriv-l7-lcp-ps-00
> > >
> > > All,
> > >
> > > This message marks the issuance of a working group last call (WGLC)
> > > on GEOPRIV's Internet Draft entitled "GEOPRIV Layer 7 Location
> > > Configuration Protocol; Problem Statement and Requirements" (draft-
> > > ietf-geopriv-l7-lcp-ps-00.txt). You may view this document at http://
> > > www.ietf.org/internet-drafts/draft-ietf-geopriv-l7-lcp-ps-00.txt.
> > >
> > > Please post comments and questions to this mailing list no later than
> > > 20 February 2007.
> > >
> > > -andy, GEOPRIV co-chair
> > >
> > > _______________________________________________
> > > Geopriv mailing list
> > > Geopriv@ietf.org
> > > https://www1.ietf.org/mailman/listinfo/geopriv
> > >
> > > _______________________________________________
> > > Geopriv mailing list
> > > Geopriv@ietf.org
> > > https://www1.ietf.org/mailman/listinfo/geopriv
> >
> >
> > _______________________________________________
> > Geopriv mailing list
> > Geopriv@ietf.org
> > https://www1.ietf.org/mailman/listinfo/geopriv
>
> --------------------------------------------------------------------------
> ----------------------
> This message is for the designated recipient only and may
> contain privileged, proprietary, or otherwise private information.
> If you have received it in error, please notify the sender
> immediately and delete the original. Any unauthorized use of
> this email is prohibited.
> --------------------------------------------------------------------------
> ----------------------
> [mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Tue, 13 Feb 2007 16:21:46 -0500

This archive was generated by hypermail 2.1.8 : Tue Feb 13 2007 - 16:21:12 EST