One of my major objections to previous versions of this idea centers around
the security and privacy aspects of LCP mechanisms vs. RuleMaker mechanisms.
I think this version of the draft makes headway in comparing the semantics
around each of these mechanisms. But I think more changes are in order and
would help.
The semantics of LCP we've worked under calls for the protection of LCI to
take place at the communication protocol level. All of the accepted
mechanisms to date do such. Once you go past the communication protocol
security model, you now have policy and backend algorithms performing
security checks, i.e. verifying the requester is the target (or authorized
to receive the target's location). This is the 'RuleMaker' model of
security.
It's fine to explain the semantics of LCP security within this document, but
that should be done for comparison the to RuleMaker model only.
I think the document needs to clearly state that this is NOT a mechanism for
LCP even though a target might use this mechanism to discover it's own
location. Hence, this mechanism can support LCP-like use cases with the
additional baggage of RuleMaker security semantics.
In additions to the above changes, I think the document title should change
to 'Location Discovery by Third Parties' as this is the major use case,
especially from a security pov.
-Marc-
On 9/2/09 8:51 PM, "Richard Barnes" <rbarnes@bbn.com> wrote:
> This is a call for consensus to adopt the HELD identity extension
> document (draft-winterbottom-geopriv-held-identity-extensions-10) as a
> GEOPRIV work item. At IETF 71, there was consensus in the room to adopt
> this draft, and IETF 75, there was continued interest in the topic.
> This call is to confirm that consensus.
>
> Given the prior agreement on this question, this is an abbreviated
> consensus call. Please send your response to the list no later than
> Friday, 4 September, 2009.
>
> Thanks,
> --Richard
> _______________________________________________
> Geopriv mailing list
> Geopriv@ietf.org
> https://www.ietf.org/mailman/listinfo/geopriv
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
