A valid concern. All "SHOULD"s MUST be explained.
For the most part, your question is answered by the following paragraph. Some devices are unaware of the existence of a VPN tunnel. Thus, sometimes its unavoidable that discovery is attempted on these interfaces.
Also, as implied by the second sentence, there's no inherent reason why a LIS on the remote side of a tunnel couldn't provide valid location (it requires that the LIS has some knowledge, but I can imagine cases where that might be possible).
Do you think that it would be clearer if this were in "MUST-unless" form?
A Device MUST avoid performing LIS discovery over a VPN network
interface unless discovery on other interfaces is unsuccessful. A LIS
discovered in this way is unlikely to have the information necessary
to determine an accurate location.
Not all interfaces connected to a VPN can be detected by devices or
the software running on them. In these cases, it might be that a LIS on
the remote side of a VPN is inadvertently discovered. A LIS MUST NOT
provide location...
--Martin
> -----Original Message-----
> From: Spencer Dawkins [mailto:spencer@wonderhamster.org]
> Sent: Thursday, 22 October 2009 7:29 AM
> To: draft-ietf-geopriv-lis-discovery@tools.ietf.org
> Cc: ietf@ietf.org
> Subject: Gen-ART review of draft-ietf-geopriv-lis-discovery-11
>
> I have been selected as the General Area Review Team (Gen-ART)reviewer
> for
> this draft (for background on Gen-ART, please
> seehttp://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html).Please
> resolve
> these comments along with any other Last Call commentsyou may
> receive.Document: draft-ietf-geopriv-lis-discovery-11Reviewer: Spencer
> Dawkins
> Review Date: 2009-10-21
> IETF LC End Date: 2009-10-29
> IESG Telechat date: (not known)
>
> Summary: This document is almost ready for publication as a Proposed
> Standard.
>
> I have one minor question, as follows:
>
> 2.2. Virtual Private Networks (VPNs)
>
> LIS discovery over a VPN network interface SHOULD NOT be performed.
> A LIS discovered in this way is unlikely to have the information
> necessary to determine an accurate location.
>
> Spencer (minor): I'm having a difficult time imagining why this is a
> SHOULD
> and not a MUST. When is LIS discovery over a VPN would be the *right*
> thing
> to do? I note that the related text in the following paragraph is "MUST
> NOT
> unless" - I'd be more comfortable seeing similar text here.
>
> Not all interfaces connected to a VPN can be detected by devices or
> the software running on them. A LIS MUST NOT provide location
> information in response to requests that it can identify as
> originating from a device on the remote end of a VPN tunnel, unless
> it is able to accurately determine location. The "notLocatable"
> HELD
> error code can be used to indicate to a device that discovery has
> revealed an unsuitable LIS. This ensures that even if a device
> discovers a LIS over the VPN, it does not rely on a LIS that is
> unable to provide accurate location information.
>
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
