Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Henning Schulzrinne ^lt;>
Date: Wed Mar 07 2007 - 21:00:30 EST

As a side note, the 'accredited' thing is a red herring, either way.
Signed location information is only meaningful if the location signer
is 'accredited', i.e., known to be reputable, to the PSAP. After all,
anybody, with a stolen credit card if necessary, can buy a
certificate, based solely on possession of a domain name, from
reputable CAs. That certificate can be used to sign any location
information. Thus, signing is only meaningful if the signer is known
and accountable.

Now, it may well be that the number of signers is lower or more
easily knowable in one or the other case, but the principle is the
same. We have gone through the 'who can sign' before, so I won't
repeat that particular discussion.

On Mar 7, 2007, at 4:35 PM, Dawson, Martin wrote:

> Actually, I don't see how the question of "accredited" VSPs is
> pertinent
> to this issue to begin with (and I mean apart from the fact that
> this is
> exactly the sort of constraint I've been told is anathema to the IETF
> and that a US policy is being quoted as a generic basis for
> decision-making - must be a goose and gander thing).
> Accredited VSPs have some linkage to the subscriber identity - they
> can
> apply whatever audit trail they can to who it is that is making the
> calls. They can do nothing about the trustability of the location
> information. Oh - unless you'd like to go down the 3GPP[2]/IMS
> route and
> say that VoIP calls can only be made from your home network or from a
> roaming partner network (forget being able to use arbitrary hot spots,
> municipal WiFi, or hotel broadband connections - that would rule out,
> say, Skype and Vonage) - so VoIP is just traditional cellular with
> an IP
> bearer for the voice?

Geopriv mailing list
Received on Wed, 7 Mar 2007 21:00:30 -0500

This archive was generated by hypermail 2.1.8 : Wed Mar 07 2007 - 20:59:21 EST