RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Brian Rosen ^lt;br@brianrosen.net>
Date: Tue Feb 20 2007 - 17:39:58 EST

Bot nets can generate good location data, with valid signatures. Each of
the zombies could get off one valid call before being detected. What
signatures could do is prevent totally spoofed locations. We MIGHT be able
to detect the call as at least suspect some time after the attack starts,
and reduce the effectiveness to considerably less than one per zombie.
Generally speaking, I think we're mostly trying to stop prank calls, and we
won't be 100% effective at that, but we would be effective enough to make
the effort worthwhile.

Brian

> -----Original Message-----
> From: Henning Schulzrinne [mailto:hgs@cs.columbia.edu]
> Sent: Monday, February 19, 2007 10:35 PM
> To: Dawson, Martin
> Cc: GEOPRIV
> Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-
> LOdigitalsignatures)
>
> One could mention the old joke about searching for lost keys near the
> light.
>
> This makes no sense - bot nets are currently the most widely used
> mechanism for doing network damage of all kinds. Assuming that we
> have the threat model of 1980 doesn't exactly help.
>
> I have not argued that this precludes the use of signatures, just
> that the impact on large-scale attacks is likely to be close to zero.
> (Large-scale attacks are actually likely to be made worse, since
> verifying signatures takes effort, i.e., provides in itself a DOS
> target.) We just need to be honest about the very limited range of
> attacks that this mechanism prevents, to avoid adding to the supply
> of security snake oil.
>
> Without strong identity assertion, even the single-human attack is
> not likely to be prevented by location signatures, as long as we
> don't disallow open wireless networks.
>
> On Feb 19, 2007, at 10:17 PM, Dawson, Martin wrote:
>
> > That didn't meet the specification of being done "without exploit". We
> > can't address the general problem of the security holes currently
> > in the
> > Internet.
> >
> > The existence of bot nets is a generic Internet problem and the issues
> > go well beyond the domain of location integrity. It has to be
> > addressed
> > - but it should not preclude the existence of integrity mechanisms
> > within the location domain.
> >
> > Cheers,
> > Martin
> >
>
>
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www1.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Tue, 20 Feb 2007 17:39:58 -0500

This archive was generated by hypermail 2.1.8 : Tue Feb 20 2007 - 17:40:24 EST