Re: [Geopriv] draft-ietf-geopriv-rfc3825bis

From: Brian Rosen ^lt;br@brianrosen.net>
Date: Tue Aug 10 2010 - 09:11:21 EDT

But the reality is that everyone uses switched architecture and unless you have admin access to the switch you can't do that.

I personally think the existing text is quite sufficient. I really do give readers some credit for deductive reasoning. Of course we put location to the level of an individual host. We know that the value of the information far exceeds the risk of eavesdropping in the actual deployments (because of the above, the risk of eavesdropping is very low).

Brian

On Aug 10, 2010, at 8:25 AM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:

> But the conclusion is missing: if you are on a shared link then you must
> not share location at the level of the individual hosts. I fear that
> those who implement and deploy would not get the point and would
> nevertheless reveal information and put the user at risk.
>
>> -----Original Message-----
>> From: ext Marc Linsner [mailto:mlinsner@cisco.com]
>> Sent: Tuesday, August 10, 2010 3:23 PM
>> To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org
>> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>>
>> Hannes,
>>
>>
>> On 8/10/10 3:33 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
>> <hannes.tschofenig@nsn.com> wrote:
>>
>>> Hi all,
>>>
>>> during the GEOPRIV meeting I mentioned missing text in
>>> draft-ietf-geopriv-rfc3825bis regarding security.
>>>
>>> DHCP does not provide confidentiality protection as a
>> built-in feature.
>>> As Marc mentioned in response to issue#23 (see
>>> http://trac.tools.ietf.org/wg/geopriv/trac/ticket/23) every
>> target would
>>> be given the exact same location information on a shared medium.
>>>
>>> Unfortunately, the security consideration section does not
>> mention this
>>> aspect with a single word.
>>
>> Not true, currently in the security consideration section of
>> the draft:
>>
>> " Since there is no privacy protection for DHCP messages, an
>> eavesdropper who can monitor the link between the DHCP server and
>> requesting client can discover this LCI."
>>
>> I don't believe more text is needed.
>>
>> -Marc-
>>
>>
>>
>>
>>
>>
>> Hence, I suggest to add:
>>>
>>> "
>>> Since there is no confidentiality protection for DHCP
>> messages, an
>>> eavesdropper who can monitor the link between the DHCP server and
>>> requesting client can discover this LCI. In cases where multiple
>>> hosts share the same link and can therefore see each others DHCP
>>> messages the DHCP MUST NOT hand out location for individual hosts
>>> but MUST rather provide location of the DHCP relay, DHCP server,
>>> or a similar device instead. This ensures that none of the end
>>> devices are able to learn exact information of the other hosts
>>> on the same network.
>>> "
>>>
>>> Ciao
>>> Hannes
>>>
>>> _______________________________________________
>>> Geopriv mailing list
>>> Geopriv@ietf.org
>>> https://www.ietf.org/mailman/listinfo/geopriv
>>
>>
>>
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
Received on Tue, 10 Aug 2010 09:11:21 -0400

This archive was generated by hypermail 2.1.8 : Tue Aug 10 2010 - 09:11:43 EDT