Re: [Geopriv] draft-ietf-geopriv-rfc3825bis

From: Marc Linsner ^lt;mlinsner@cisco.com>
Date: Tue Aug 10 2010 - 09:22:59 EDT

On 8/10/10 9:17 AM, "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> wrote:

> The security consideration section in the draft is there to indicate what the
> potential risks are and what should be done about them.

And I'm claiming that the risk is zero, hence we don't need any extra
guidance.

-Marc-

>
> I have heard someone saying that "64kb ought to be enough for everyone"...
>
>
> -------- Original-Nachricht --------
>> Datum: Tue, 10 Aug 2010 09:14:11 -0400
>> Von: Marc Linsner
>> begin_of_the_skype_highlighting     end_of_the_skype_highlighting
>> <mlinsner@cisco.com>
>> An: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>,
>> geopriv@ietf.org
>> Betreff: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>
>> Hannes,
>>
>> Think about what you are saying.
>>
>> The only medium currently in use that works as you posit is 802.11. How
>> practical (or even possible) is it to use DHCP to provide device level
>> location values on a wireless network? Think thru how one might implement
>> such a mechanism and you'll realize it ain't gonna happen!
>>
>> -Marc-
>>
>>
>>
>> On 8/10/10 9:09 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
>> <hannes.tschofenig@nsn.com> wrote:
>>
>>> Think about a regular hotel network.
>>>
>>>> -----Original Message-----
>>>> From: ext Marc Linsner [mailto:mlinsner@cisco.com]
>>>> Sent: Tuesday, August 10, 2010 3:59 PM
>>>> To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org
>>>> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>>>>
>>>> Hannes,
>>>>
>>>> What specific network type(s) are you worried about?
>>>>
>>>> -Marc-
>>>>
>>>>
>>>> On 8/10/10 8:25 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
>>>> <hannes.tschofenig@nsn.com> wrote:
>>>>
>>>>> But the conclusion is missing: if you are on a shared link
>>>> then you must
>>>>> not share location at the level of the individual hosts. I fear that
>>>>> those who implement and deploy would not get the point and would
>>>>> nevertheless reveal information and put the user at risk.
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: ext Marc Linsner [mailto:mlinsner@cisco.com]
>>>>>> Sent: Tuesday, August 10, 2010 3:23 PM
>>>>>> To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org
>>>>>> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>>>>>>
>>>>>> Hannes,
>>>>>>
>>>>>>
>>>>>> On 8/10/10 3:33 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
>>>>>> <hannes.tschofenig@nsn.com> wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> during the GEOPRIV meeting I mentioned missing text in
>>>>>>> draft-ietf-geopriv-rfc3825bis regarding security.
>>>>>>>
>>>>>>> DHCP does not provide confidentiality protection as a
>>>>>> built-in feature.
>>>>>>> As Marc mentioned in response to issue#23 (see
>>>>>>> http://trac.tools.ietf.org/wg/geopriv/trac/ticket/23) every
>>>>>> target would
>>>>>>> be given the exact same location information on a shared medium.
>>>>>>>
>>>>>>> Unfortunately, the security consideration section does not
>>>>>> mention this
>>>>>>> aspect with a single word.
>>>>>>
>>>>>> Not true, currently in the security consideration section of
>>>>>> the draft:
>>>>>>
>>>>>> " Since there is no privacy protection for DHCP messages, an
>>>>>> eavesdropper who can monitor the link between the DHCP
>>>> server and
>>>>>> requesting client can discover this LCI."
>>>>>>
>>>>>> I don't believe more text is needed.
>>>>>>
>>>>>> -Marc-
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hence, I suggest to add:
>>>>>>>
>>>>>>> "
>>>>>>> Since there is no confidentiality protection for DHCP
>>>>>> messages, an
>>>>>>> eavesdropper who can monitor the link between the DHCP
>>>> server and
>>>>>>> requesting client can discover this LCI. In cases
>>>> where multiple
>>>>>>> hosts share the same link and can therefore see each
>>>> others DHCP
>>>>>>> messages the DHCP MUST NOT hand out location for
>>>> individual hosts
>>>>>>> but MUST rather provide location of the DHCP relay,
>>>> DHCP server,
>>>>>>> or a similar device instead. This ensures that none of the end
>>>>>>> devices are able to learn exact information of the other hosts
>>>>>>> on the same network.
>>>>>>> "
>>>>>>>
>>>>>>> Ciao
>>>>>>> Hannes
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Geopriv mailing list
>>>>>>> Geopriv@ietf.org
>>>>>>> https://www.ietf.org/mailman/listinfo/geopriv
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>>
>>>>
>>
>>
>> _______________________________________________
>> Geopriv mailing list
>> Geopriv@ietf.org
>> https://www.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
Received on Tue, 10 Aug 2010 09:22:59 -0400

This archive was generated by hypermail 2.1.8 : Tue Aug 10 2010 - 09:23:29 EDT