Re: [Geopriv] draft-tschofenig-ecrit-trustworthy-location

From: Bernard Aboba ^lt;bernard_aboba@hotmail.com>
Date: Thu Apr 30 2009 - 06:46:00 EDT

I have read the document. Initially my intent was to write a review, but in putting some thoughts on paper, it became apparent that a more coherent and complete response was required, which may take a while to put together. So in the meantime, here are a few reactions:

1. The material on threats covers some new ground. Although my initial reaction was surprise that the threats had not been covered in earlier threat model assessments, on reviewing those previous assessments, it would appear that there is indeed threat model material in this document that does not overlap with previous work. Strange given recent events (see http://pcworld.about.com/od/hackers/Couple-swarmed-by-SWAT-team-af.htm).

2. The definition of "trustworthy" is a topic worthy of more discussion. For example, NENA i2 Section 3.7 "attempts to outline the key security concerns relating to location data". Do the authors agree or disagree with NENA's take on this? Getting clarity on that seems important since the usefulness of the proposed "solutions" will inevitably be judged according to the statement of the problem.

3. Each of the proposed "solutions" brings with it a set of operational issues which require more discussion. For example, NENA i2 Section 3.7 describes a potential certificate hierarchy developed to enable "signing". Having been involved in a number of previous efforts to design large scale public certificate infrastructures (e.g. WiMAX Forum client & server certificate hierarchies), the operational issues that can potentially be encountered are considerable. Yet they may also appear in situations where "Location by Reference" is used, since resolution will presumably require validation of the LIS certificate, in addition to provisioning of any client credentials required for de-referencing. IMHO, many of the issues involved in provisioning of certificates are also present in provisioning of other credentials (expiration, renewal, etc.) so it's not obvious that mass-scale deployment of LbyR would be a cake-walk either.

Overall, my take is that the document covers an important topic, but that more work could be done in defining the problem as well as in evaluating implications of the solutions.

> Date: Tue, 28 Apr 2009 11:12:43 +0300
> From: hannes.tschofenig@nsn.com
> To: geopriv@ietf.org
> Subject: [Geopriv] draft-tschofenig-ecrit-trustworthy-location
>
> Hi all,
>
> At the last IETF meeting Henning and I had an agenda slot for the
> presentation of draft-tschofenig-ecrit-trustworthy-location.
> Unfortunately, due to lack of time we had to skip the presentation.
>
> Here are our presentation slides:
> http://www3.ietf.org/proceedings/09mar/slides/geopriv-9.pdf
>
> We got positive feedback from NENA folks but more feedback would be
> appreciated. Please take a brief look at the slide set and/or at the
> draft itself:
> http://tools.ietf.org/id/draft-tschofenig-ecrit-trustworthy-location-01.
> txt
>
> Ciao
> Hannes
>
>
>
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
Received on Thu, 30 Apr 2009 03:46:00 -0700

This archive was generated by hypermail 2.1.8 : Thu Apr 30 2009 - 06:46:15 EDT