RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

NENA identified the Valid Emergency Services Authority (VESA) agency as part of the i2 architecture. It was already acknowledged that NENA was one candidate for providing the VESA function - there are numerous other possibilities including authorized commercial enterprise. At the TDC/ODC in Nashville in January, I explicitly asked the chair of the "certification committee" whether there was a possibility that they could form the basis for VESA - they acknowledged that they could, though it's not decided by any means. The main goal of the certification/accreditation committee is to provide a set of processes and standards by which the various entities in the emergency architecture (access providers, VoIP providers, VPC operators, ESGW operators, ALI operators, PSAPs....) can be assessed for satisfactory compliance to the requirements of the emergency industry. It's an independent audit of capabilities including infrastructure and processes. There is no decision about what the implications of being "accredited" are yet. It establishes a benchmark for capabilities - the implications may eventually be defined by regulatory bodies or through individual industry body policy - or maybe it'll be left to the market to decide whether they want to sign up with "NENA preferred" providers or not. The intent of i2 is that the LIS certificate used for signing location is, in turn, signed by VESA. Getting a certificate from VESA is not just a case of whacking down a credit card. Cheers, Martin ________________________________ From: Andrew Newton [mailto:andy@hxr.us] Sent: Thursday, 8 March 2007 3:39 PM To: Henning Schulzrinne Cc: Dawson, Martin; GEOPRIV Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures) On Mar 7, 2007, at 9:00 PM, Henning Schulzrinne wrote: As a side note, the 'accredited' thing is a red herring, either way. Signed location information is only meaningful if the location signer is 'accredited', i.e., known to be reputable, to the PSAP. After all, anybody, with a stolen credit card if necessary, can buy a certificate, based solely on possession of a domain name, from reputable CAs. That certificate can be used to sign any location information. Thus, signing is only meaningful if the signer is known and accountable. Now, it may well be that the number of signers is lower or more easily knowable in one or the other case, but the principle is the same. We have gone through the 'who can sign' before, so I won't repeat that particular discussion. As you have described it, I agree. However, what I've heard in NENA meetings is that accreditation would be more than just a public cert. I suspect that there are a lot more mechanics around that than have been uncovered, and NENA will find out that they will need to be their own CA -- which I do not think they intend. -andy ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Wed, 7 Mar 2007 23:22:17 -0600