RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Brian Rosen ^lt;br@brianrosen.net>
Date: Wed Mar 07 2007 - 13:32:05 EST

Probably could be made to work I suppose. It has the same basic issues of
creating a PKI. The PSAP has to trust accessprovider.net, it has to know
that the URI is actually the LIS at accrssprovider.net, and then it can use
the pseudorandom credential to ask acccessprovider.net if the LO is genuine.
I'd guess we would be better off just using a location reference though.

Brian

> -----Original Message-----
> From: Marc Linsner [mailto:mlinsner@cisco.com]
> Sent: Wednesday, March 07, 2007 12:41 PM
> To: 'Brian Rosen'
> Cc: geopriv@ietf.org
> Subject: RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-
> LOdigitalsignatures)
>
> Brian,
>
> What if.......
>
> The provided-by element of pidf-lo were a psuedo-random reference that
> derived the same location value as the one presented.
>
> <PROVIDED-BY>pres:134abd34e0acb0658@accessprovider.net</PROVIDED-BY>
>
> It would be very easy to 'authenticate' the presented location value (by
> dereferencing) and traceable to the author.
>
> -Marc-
>
> > -----Original Message-----
> > From: Brian Rosen [mailto:br@brianrosen.net]
> > Sent: Wednesday, March 07, 2007 11:36 AM
> > To: 'Andrew Newton'
> > Cc: g.caron@bell.ca; geopriv@ietf.org;
> > Martin.Dawson@andrew.com; mlinsner@cisco.com
> > Subject: RE:
> > [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitals
> ignatures)
> >
> > Unless you can show that this is significantly different from
> > the current situation where you DO get suspicious data, and
> > we DO handle it satisfactorily, then I believe that we know
> > the cure won't be worse than the disease. The benefit is
> > known, and we have experience that the downside is not harmful.
> >
> > Your suggestion that only "accredited" VSPs can send calls to
> > PSAPs is unworkable, although, again, there can be some
> > suspicion associated with calls originating from an entity
> > not known to the PSAP. However, that has nothing to do with
> > the problem at hand, since the VSP doesn't supply location,
> > the access network does.
> >
> > Brian
> >
> > > -----Original Message-----
> > > From: Andrew Newton [mailto:andy@hxr.us]
> > > Sent: Wednesday, March 07, 2007 11:24 AM
> > > To: Brian Rosen
> > > Cc: g.caron@bell.ca; geopriv@ietf.org; Martin.Dawson@andrew.com;
> > > mlinsner@cisco.com
> > > Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-
> > > LOdigitalsignatures)
> > >
> > > Brian,
> > >
> > > The problem is that the cure may end up worse than the
> > disease. The
> > > benefit is unknown or negligible, and the down sides can be
> > downright
> > > harmful. Place that against the added technical complexity and the
> > > fact that the solution is patent encumbered with an unknown
> > right to
> > > use, and it is easy to see that the costs exceed the benefits.
> > >
> > > As for another way, NENA has already provided that answer: only
> > > accredited VSPs can talk to PSAPs. That puts the problem
> > on par with
> > > the current solution of the PSTN.
> > >
> > > -andy
> > >
> > > On Mar 7, 2007, at 10:50 AM, Brian Rosen wrote:
> > >
> > > > Andy
> > > >
> > > > In all of this discussion, you seem unconvinced that the
> > 9-1-1 call
> > > > taker can deal with information that is marked
> > suspicious, but may
> > > > be correct.
> > > > This happens already, they do handle it okay, and they are
> > > > comfortable with information that may or not be correct.
> > A typical
> > > > example is that the ALI screen says one thing, the caller
> > insists on
> > > > another. This is suspicious, but permitted. The response will
> > > > always go to where the caller said to go.
> > > > There will be some follow up to determine how the discrepancy
> > > > happened if it turns out the caller was right.
> > > >
> > > > Again, they do this now. It works. They want it.
> > > >
> > > > We're chasing our tail on this, and we need to figure a
> > way out. I
> > > > get that there are people who don't believe we get a sufficiently
> > > > good defense to an acknowledged threat out of signing location.
> > > > There are a group of us who think we do. Those of us who
> > think so
> > > > readily agree that unsigned location can be valid. However, we
> > > > think the mechanism will effectively deter a very large class of
> > > > not-highly-skilled and not-well-financed attackers.
> > > >
> > > > The largest problem continues to be that we are very
> > significantly
> > > > weakening the security of location as we move to the
> > geopriv way of
> > > > doing things.
> > > > What used to be locked inside a wireline/wireless
> > carrier's domain,
> > > > with no access by end users is turning into an end user
> > controlled
> > > > environment.
> > > > We're opening a huge security hole. We need some effective
> > > > strategies to minimize this hole. We can't close it as
> > securely as
> > > > it was. We think signatures are one way to significantly
> > help. You
> > > > don't agree, I get it, but it sure would help if you had a better
> > > > way. You are saying "no, no no"
> > > > and not "not that way, use this way".
> > > >
> > > > Brian
> > > >
> > > >> -----Original Message-----
> > > >> From: Andrew Newton [mailto:andy@hxr.us]
> > > >> Sent: Wednesday, March 07, 2007 10:20 AM
> > > >> To: g.caron@bell.ca
> > > >> Cc: geopriv@ietf.org; Martin.Dawson@andrew.com;
> > mlinsner@cisco.com
> > > >> Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-
> > > >> LOdigitalsignatures)
> > > >>
> > > >>
> > > >> On Feb 27, 2007, at 10:10 PM, g.caron@bell.ca wrote:
> > > >>> - If the location provided verbally matches with the
> > automated un-
> > > >>> signed/fail-signed location, be suspicious before dispatching.
> > > >>> Post- call investigation is required.
> > > >>>
> > > >>> - If the location provided verbally don't match with
> > the automated
> > > >>> signed location, process the call and report the error
> > afterward
> > > >>> to the location source (presumably the LIS operator).
> > > >>
> > > >> Guy,
> > > >>
> > > >> Here's the problem with that logic. Administrative
> > screw-ups can
> > > >> cause both of those problems, yet one type of screw up is
> > > >> considered suspicious while the other type is not. From
> > a security
> > > >> perspective, this opens up a social engineering attack... the
> > > >> caller needs no technical skill to defeat the signed
> > location. All
> > > >> they need to do is just verbally disagree with it.
> > > >>
> > > >> -andy
> > > >> _______________________________________________
> > > >> Geopriv mailing list
> > > >> Geopriv@ietf.org
> > > >> https://www1.ietf.org/mailman/listinfo/geopriv
> > > >
> > > >
> > > > _______________________________________________
> > > > Geopriv mailing list
> > > > Geopriv@ietf.org
> > > > https://www1.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Wed, 7 Mar 2007 13:32:05 -0500

This archive was generated by hypermail 2.1.8 : Wed Mar 07 2007 - 13:33:04 EST