---------------------------------------+------------------------------------
Reporter: Hannes.Tschofenig@… | Owner: Hannes.Tschofenig@…
Type: enhancement | Status: closed
Priority: major | Milestone: draft-ietf-geopriv-3825bis
Component: rfc3825bis | Version:
Severity: Active WG Document | Resolution: fixed
Keywords: |
---------------------------------------+------------------------------------
Changes (by bernard_aboba@…):
* status: new => closed
* resolution: => fixed
* severity: - => Active WG Document
Comment:
The current text of the security considerations section addresses
potential disclosure risks as well as modification attacks. I will add
some advice on use of link level encryption in -06.
"Where critical decisions might be based on the value of this GeoConf
option, DHCP authentication as defined in "Authentication for DHCP
Messages" [RFC3118] and "Dynamic Host Configuration Protocol for IPv6
(DHCPv6)" [RFC3315] SHOULD be used to protect the integrity of the DHCP
options.
Since there is no privacy protection for DHCP messages, an
eavesdropper who can monitor the link between the DHCP server and
requesting client can discover this LCI.
To minimize the unintended exposure of location information, the LCI
option SHOULD be returned by DHCP servers only when the DHCP client
has included this option in its 'parameter request list' (section 3.5
[RFC2131]).
When implementing a DHCP server that will serve clients across an
uncontrolled network, one should consider the potential security
risks."
--
Ticket URL: <http://wiki.tools.ietf.org/wg/geopriv/trac/ticket/23#comment:3>
geopriv <http://tools.ietf.org/geopriv/>
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv
