RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Brian Rosen ^lt;>
Date: Tue Feb 27 2007 - 11:42:57 EST

Yes, but you have no choice, under normal circumstances, other than to route
where it tells you to route. You can't drop a call because it looks
suspicious, and at least at the moment, the PSAPs don't want a designated
sucker which would be some kind of a call center that gets suspicious calls.


When the PSAP is under attack, it may be possible to divert calls earlier in
the routing process that don't have valid signatures (possibly in
combination with other factors) to secondary queues or IVR or something
else. We're planning on doing that in the U.S. system.


PSAPs deal with suspicious calls now. They probably will have to get more
adept at dealing with them, because IP networks are more open and they are
likely to happen more often. That is something we're getting them
comfortable with. However, they want as much information as we can give
them, and signatures seem like something that is useful.






From: Stuard, Doug []
Sent: Tuesday, February 27, 2007 11:22 AM
To: Andrew Newton;
Cc:; Dawson, Martin;
Subject: RE:


Perhaps I'm missing something, but what I haven't seen mentioned is the
routing function.


Specific location information is of course desired to dispatch resources,
and call takers can (and do) have a number of sniff tests to determine if a
call or displayed location might be bogus, but the call must first be routed
to the correct PSAP. While of larger granularity than actual caller
location, it would be subject to the various vulnerabilities discussed, and
without benefit of call taker skepticism.


Doug Stuard


From: Andrew Newton []
Sent: Tuesday, February 27, 2007 11:10 AM
Cc:; Dawson, Martin;
Subject: Re:



On Feb 26, 2007, at 10:17 PM, wrote:


Well, I can only speculate as, to my knowledge, this is not a current
situation. However, it could be foreseen that, as an example, a call taker
would try to cross validate the information by say, asking the caller sub
information to corroborate the provided information. But don't get hooked on
the example only. The point is that it just raises awareness that something
may be wrong with that call.




I'm a little concerned that we are missing some points in this discussion.
Thanks for your patience.


It is my understanding that in all cases where a PSAP is able to talk to a
person on the other end of the phone, that they will trust the location
given verbally over any automated location regardless of crypto bells and
whistles. The location from the network may get used if the emergency
responders cannot use the information given by the caller, but in this case
signed location seems of little value.


Where signed location seems to have more validity is in the case where the
PSAP cannot talk to the caller, such as a 9-1-1 hang-up. However, even in
this case it wouldn't take more than a few calls an hour for the PSAP to
catch on to the problem and change tactics. So the question comes down to
this, can signed location be enough of a differentiation from non-signed or
invalidly signed location where a PSAP would quit ignoring calls? Even with
signed location, it is possible to have a coordinated attack within the
window necessary to trigger the PSAPs alternate tactics.




This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender
immediately and delete the original. Any unauthorized use of
this email is prohibited.


Geopriv mailing list
Received on Tue, 27 Feb 2007 11:42:57 -0500

This archive was generated by hypermail 2.1.8 : Tue Feb 27 2007 - 11:42:53 EST