Just to test the water by analogy... if there's a web page wherein you
type in your home address and it gives you the location of the
nearest... say... Ikea, is it a security problem that the web site
doesn't really know if that's your address?
Maybe that's a bad example because it involves "location"; that's not
the salient point. If it's a web page where I can type in my age,
weight, dietary habits etc and obtain an estimate of the probability of
having a heart attack; is it a security problem if the web site doesn't
really know if I'm typing in details that are applicable to me?
Cheers,
Martin
-----Original Message-----
From: geopriv-bounces@ietf.org [mailto:geopriv-bounces@ietf.org] On
Behalf Of Ted Hardie
Sent: Wednesday, 16 September 2009 2:29 PM
To: Alissa Cooper; GEOPRIV
Subject: Re: [Geopriv] WG2LC:
draft-ietf-geopriv-held-identity-extensions-00.txt
Howdy,
I've tried to catch up with the mailing list today, despite knowing that
I wasn't going to make the interim; I probably failed, so please forgive
me if this is answered (sorry, being the new guy at work is taking more
than all of my time). Has this draft been circulated either to the
security
area's advisory group or to apps-discuss? My guess would be that both
groups would have significant insight/comments to make, and that by
soliciting their comments now, we might avoid getting this all the way
to IETF Last call before getting a chance to consider them.
For what it's worth, I remain in the "you have the wrong box" minority
on this draft. I remain personally convinced that the model of allowing
"raw" location information to be delivered using an IP address as
identifier
(using return routability as a check) was and should remain a special
case.
Extending that model with other identities, rather than presuming that
those identities should be applied as credentials for the receipt of a
full-on
location object, is, in my opinion, just the wrong way to go about the
whole
process. I've said this at the mic many times, but without persuading
anyone much. Call my intractable, but I still believe that if we
wouldn't
buy most of these identifiers as valid credentials for the release of
data in a common security context, then their use here is symptomatic
of the application of a model that doesn't actually fit here.
Since I am currently catching up with the mailing list only a weekly
basis,
I'll try to follow any discussion folks want to engage in, but please
expect
my responses to be sporadic. I also think it would be more valuable to
get the security area and general apps area feedback here earlier than
it
is to further trying to see whether I'm an outlier in the group on this
one.
I think that has been asked and answered.
regards,
Ted
At 11:58 AM -0400 9/15/09, Alissa Cooper wrote:
>All,
>
>In an effort to generate discussion and progress a bit more efficiently
in the WG, Richard and I would like to experiment with something we're
calling "working group second-to-last call" (WG2LC). We think the
existing structures that set deadlines for comment (WGLC, IETF LC, etc.)
are rather effective at motivating people to take a look at documents of
interest, so we'd like to extend that concept a bit further. WG2LC is
what it sounds like: an informal call for comments with a deadline,
preceding the issuance of an official WGLC. The idea is to air some
discussion about a document before it reaches the point of being ready
for WGLC.
>
>As a first experiment for WG2LC, consider this a working group
second-to-last call for comments on
>
>draft-ietf-geopriv-held-identity-extensions-00.txt
>
>Please send your comments about this document to the list by 23
September 2009.
>
>Alissa
>
>
>
>
>
>
>
>_______________________________________________
>Geopriv mailing list
>Geopriv@ietf.org
>https://www.ietf.org/mailman/listinfo/geopriv
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender
immediately and delete the original. Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
