RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

Andy

In all of this discussion, you seem unconvinced that the 9-1-1 call taker
can deal with information that is marked suspicious, but may be correct.
This happens already, they do handle it okay, and they are comfortable with
information that may or not be correct. A typical example is that the ALI
screen says one thing, the caller insists on another. This is suspicious,
but permitted. The response will always go to where the caller said to go.
There will be some follow up to determine how the discrepancy happened if it
turns out the caller was right.

Again, they do this now. It works. They want it.

We're chasing our tail on this, and we need to figure a way out. I get that
there are people who don't believe we get a sufficiently good defense to an
acknowledged threat out of signing location. There are a group of us who
think we do. Those of us who think so readily agree that unsigned location
can be valid. However, we think the mechanism will effectively deter a very
large class of not-highly-skilled and not-well-financed attackers.

The largest problem continues to be that we are very significantly weakening
the security of location as we move to the geopriv way of doing things.
What used to be locked inside a wireline/wireless carrier's domain, with no
access by end users is turning into an end user controlled environment.
We're opening a huge security hole. We need some effective strategies to
minimize this hole. We can't close it as securely as it was. We think
signatures are one way to significantly help. You don't agree, I get it,
but it sure would help if you had a better way. You are saying "no, no no"
and not "not that way, use this way".

Brian

> -----Original Message-----
> From: Andrew Newton [mailto:andy@hxr.us]
> Sent: Wednesday, March 07, 2007 10:20 AM
> To: g.caron@bell.ca
> Cc: geopriv@ietf.org; Martin.Dawson@andrew.com; mlinsner@cisco.com
> Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-
> LOdigitalsignatures)
>
>
> On Feb 27, 2007, at 10:10 PM, g.caron@bell.ca wrote:
> > - If the location provided verbally matches with the automated un-
> > signed/fail-signed location, be suspicious before dispatching. Post-
> > call investigation is required.
> >
> > - If the location provided verbally don't match with the automated
> > signed location, process the call and report the error afterward to
> > the location source (presumably the LIS operator).
>
> Guy,
>
> Here's the problem with that logic. Administrative screw-ups can
> cause both of those problems, yet one type of screw up is considered
> suspicious while the other type is not. From a security perspective,
> this opens up a social engineering attack... the caller needs no
> technical skill to defeat the signed location. All they need to do
> is just verbally disagree with it.
>
> -andy
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www1.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Wed, 7 Mar 2007 10:50:13 -0500