RE: [Geopriv] Question on client identifier in HELD (re:HELDguidance for IP address ID)

From: Marc Linsner ^lt;mlinsner@cisco.com>
Date: Fri Nov 16 2007 - 12:10:39 EST

Brian,
 

>
> I think Mary's latest is okay.
>
> I'm not sure what the additional security issues are: were
> you referring to the fact that the IP address comes
> automatically and another identifier would have to be added
> by a client? I think that such issues could be left to the
> extension document.
>
> LCP is "give me my location". If "my" is determined by some
> ID other than an IP address, it's still an LCP.

It's now an LCP that can be spoofed by someone other than "my". Large
security/privacy issues.

The identity extensions draft Mary mentioned in not a wg item, you want to
reference it?

More discussion required.

-Marc-

>
> Brian
>
> > -----Original Message-----
> > From: Marc Linsner [mailto:mlinsner@cisco.com]
> > Sent: Friday, November 16, 2007 11:33 AM
> > To: 'Brian Rosen'; 'Geopriv'
> > Subject: RE: [Geopriv] Question on client identifier in HELD
> > (re:HELDguidance for IP address ID)
> >
> > Brian,
> >
> > I would suggest to leave words around additional identifiers for
> > future documents due to the security aspects. If you are going to
> > mention it, then you should cover the security aspects, which I
> > envision will be a looooong debate.
> >
> > Remember the task at hand is LCP.
> >
> > -Marc-
> >
> >
> >
> >
> > >
> > > I had the same reaction, but the only thing I think we
> should change
> > > is to add some text that makes it more clear that the protocol is
> > > intended to be extended for other identifiers, and while
> IP address
> > > is a suitable identifier for many networks, it may not
> work well in
> > > others. Perhaps this could be tied to the text we are discussing
> > > that describes the issues with using IP address as the identifier.
> > >
> > > I have no problem with other identifiers being covered in an
> > > extension document, and do not want to hold up HELD to get other
> > > text in it that covers other identifiers.
> > >
> > > Brian
> > >
> > > ________________________________________
> > > From: Mary Barnes [mailto:mary.barnes@nortel.com]
> > > Sent: Friday, November 16, 2007 11:12 AM
> > > To: peter_blatherwick@mitel.com; Geopriv
> > > Subject: RE: [Geopriv] Question on client identifier in HELD (re:
> > > HELDguidance for IP address ID)
> > >
> > > Hi Peter,
> > >
> > > This wasn't something that was simplified out of the
> original HELD
> > > proposal
> > > - i.e, using the source IP address as the device ID was
> the premise
> > > of the original proposal.   Feedback I got from James (he
> and others
> > > will jump in if I've gotten this wrong) is that the source IP
> > > address is sufficient for many applications.
> > >
> > > Mary.
> > > ________________________________________
> > > From: peter_blatherwick@mitel.com
> > > [mailto:peter_blatherwick@mitel.com]
> > > Sent: Friday, November 09, 2007 3:01 PM
> > > To: Geopriv
> > > Subject: [Geopriv] Question on client identifier in HELD (re:
> > > HELD guidance for IP address ID)
> > >
> > > Hi all,
> > >
> > > All this chatter about IP address as device identifier made me go
> > > back and look again at how this identifier is described in HELD
> > > itself.  I was surprised to notice that HELD itself
> > > (draft-ietf-geopriv-http-location-delivery-02) does not appear to
> > > spec a device identifier internal to the encoding schema
> at all.  It
> > > appears to be the intent to use the source address of the
> message as
> > > it arrives at the LIS to derive source IP address of the
> sender (or
> > > their out-most external facing NAT really).  I also see that a
> > > format for encoding device identifier is described as an
> extension
> > > (draft-winterbottom-geopriv-held-identity-extensions-03).
> > > Did I miss something??
> > >
> > > This seems a bit odd to me, and that's probably why I
> never noticed
> > > -- just assumed it had to be there somewhere.  I am curious about
> > > the reasoning to not include device identifier in the
> base protocol.  
> > > Just weight reduction, given that not all applications
> would use it?  
> > > I'm probably fine either way, just interested to know.
> > >
> > > BTW, Since the device may have little-to-no idea about its IP
> > > address as visible to the outside world (it is generally
> behind one
> > > or more NATs), I don't think this question plays into that other
> > > debate at all.
> > >
> > > -- Peter
> > >
> > >
> > >
> > > _______________________________________________
> > > Geopriv mailing list
> > > Geopriv@ietf.org
> > > https://www1.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Fri, 16 Nov 2007 12:10:39 -0500

This archive was generated by hypermail 2.1.8 : Fri Nov 16 2007 - 12:11:14 EST