Re: [Geopriv] draft-ietf-geopriv-rfc3825bis

From: Ivan Shmakov ^lt;ivan@main.uusia.org>
Date: Tue Aug 10 2010 - 08:45:56 EDT

>>>>> hannes.tschofenig@nsn.com writes:
>>>>> Marc Linsner <mlinsner@cisco.com> writes:
>>>>> hannes.tschofenig@nsn.com writes:

>>> Unfortunately, the security consideration section does not mention
>>> this aspect with a single word. Hence, I suggest to add:

>>> "

>>> Since there is no confidentiality protection for DHCP messages,
>>> an eavesdropper who can monitor the link between the DHCP server
>>> and requesting client can discover this LCI. In cases where
>>> multiple hosts share the same link and can therefore see each
>>> others DHCP messages the DHCP MUST NOT hand out location for
>>> individual hosts but MUST rather provide location of the DHCP
>>> relay, DHCP server, or a similar device instead. This ensures
>>> that none of the end devices are able to learn exact information
>>> of the other hosts on the same network.

>>> "

>> Not true, currently in the security consideration section of the
>> draft:

>> " Since there is no privacy protection for DHCP messages, an
>> eavesdropper who can monitor the link between the DHCP server and
>> requesting client can discover this LCI."

> But the conclusion is missing: if you are on a shared link then
> you must not share location at the level of the individual
> hosts. I fear that those who implement and deploy would not get
> the point and would nevertheless reveal information and put the
> user at risk.

        Somehow, I feel that this is a valid concern. However, as there
        may be “whole network is trusted” scenarios (although unlikely),
        I'd suggest “SHOULD NOT” instead of “MUST NOT”.

-- 
FSF associate member #7257

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv

Received on Tue, 10 Aug 2010 19:45:56 +0700

This archive was generated by hypermail 2.1.8 : Tue Aug 10 2010 - 08:46:21 EDT