Re: [Geopriv] draft-ietf-geopriv-rfc3825bis

From: Tschofenig, Hannes (NSN - FI/Espoo) ^lt;hannes.tschofenig@nsn.com>
Date: Tue Aug 10 2010 - 11:31:30 EDT

Unfortunately not only the specification is weak on privacy but also the
implementations that followed afterwards. A Berkeley report nicely
summarizes the situation:
http://dret.net/biblio/reference/dot10a

Unfortunately, there is no indication that either the Geolocation API
nor the new work on the Device API will provide better privacy
protection.

Ciao
Hannes

> -----Original Message-----
> From: ext Carl Reed [mailto:creed@opengeospatial.org]
> Sent: Tuesday, August 10, 2010 5:42 PM
> To: Hannes Tschofenig; Henning Schulzrinne
> Cc: geopriv@ietf.org; mlinsner@cisco.com; Tschofenig, Hannes
> (NSN - FI/Espoo)
> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>
> Hannes -
>
> Very interesting. Back in Dec 2008, the Geolocation API
> document simply
> stated "TBD" for the privacy section. I asked the editors
> about this and
> they said that they were in discussions with the IETF GeoPRIV
> community.
> Interesting as the current version of the API is still pretty
> light on
> privacy - and is not even aligned well with the OMA privacy guidance.
>
> Cheers
>
> Carl
>
> ----- Original Message -----
> From: "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
> To: "Henning Schulzrinne" <hgs@cs.columbia.edu>
> Cc: <geopriv@ietf.org>; <mlinsner@cisco.com>;
> <hannes.tschofenig@nsn.com>
> Sent: Tuesday, August 10, 2010 7:25 AM
> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>
>
> >I recently attend the "W3C Workshop on Privacy for Advanced
> Web APIs" and
> >you wouldn't imagine how browser vendors messed up their geolocation
> >implementation (at least the privacy part).
> >
> > The same guys who previously said that they do not need any
> guidance about
> > user interface aspects or other recommendations claimed at
> the workshop
> > that they should have had them in the spec.
> >
> > This is probably the most useful advice we can give
> regarding privacy in
> > the entire document. I would rather replace the text about the DHCP
> > authentication option, which isn't deployable.
> >
> > -------- Original-Nachricht --------
> >> Datum: Tue, 10 Aug 2010 09:18:59 -0400
> >> Von: Henning Schulzrinne <hgs@cs.columbia.edu>
> >> An: "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
> >> CC: Marc Linsner begin_of_the_skype_highlighting
> >> end_of_the_skype_highlighting <mlinsner@cisco.com>,
> geopriv@ietf.org,
> >> hannes.tschofenig@nsn.com
> >> Betreff: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
> >
> >> We seem to be more in danger of replicating
> >>
> >> http://www.rinkworks.com/said/warnings.shtml
> >>
> >> On Aug 10, 2010, at 9:17 AM, Hannes Tschofenig wrote:
> >>
> >> > The security consideration section in the draft is there
> to indicate
> >> what the potential risks are and what should be done about them.
> >> >
> >> > I have heard someone saying that "64kb ought to be enough for
> >> everyone"...
> >> >
> > _______________________________________________
> > Geopriv mailing list
> > Geopriv@ietf.org
> > https://www.ietf.org/mailman/listinfo/geopriv
> >
> >
>
>
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
Received on Tue, 10 Aug 2010 18:31:30 +0300

This archive was generated by hypermail 2.1.8 : Tue Aug 10 2010 - 11:32:23 EDT