Tuesday, August 10, 2010

Re: [Geopriv] draft-ietf-geopriv-rfc3825bis

But the conclusion is missing: if you are on a shared link then you must
not share location at the level of the individual hosts. I fear that
those who implement and deploy would not get the point and would
nevertheless reveal information and put the user at risk.

> -----Original Message-----
> From: ext Marc Linsner [mailto:mlinsner@cisco.com]
> Sent: Tuesday, August 10, 2010 3:23 PM
> To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org
> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>
> Hannes,
>
>
> On 8/10/10 3:33 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
> <hannes.tschofenig@nsn.com> wrote:
>
> > Hi all,
> >
> > during the GEOPRIV meeting I mentioned missing text in
> > draft-ietf-geopriv-rfc3825bis regarding security.
> >
> > DHCP does not provide confidentiality protection as a
> built-in feature.
> > As Marc mentioned in response to issue#23 (see
> > http://trac.tools.ietf.org/wg/geopriv/trac/ticket/23) every
> target would
> > be given the exact same location information on a shared medium.
> >
> > Unfortunately, the security consideration section does not
> mention this
> > aspect with a single word.
>
> Not true, currently in the security consideration section of
> the draft:
>
> " Since there is no privacy protection for DHCP messages, an
> eavesdropper who can monitor the link between the DHCP server and
> requesting client can discover this LCI."
>
> I don't believe more text is needed.
>
> -Marc-
>
>
>
>
>
>
> Hence, I suggest to add:
> >
> > "
> > Since there is no confidentiality protection for DHCP
> messages, an
> > eavesdropper who can monitor the link between the DHCP server and
> > requesting client can discover this LCI. In cases where multiple
> > hosts share the same link and can therefore see each others DHCP
> > messages the DHCP MUST NOT hand out location for individual hosts
> > but MUST rather provide location of the DHCP relay, DHCP server,
> > or a similar device instead. This ensures that none of the end
> > devices are able to learn exact information of the other hosts
> > on the same network.
> > "
> >
> > Ciao
> > Hannes
> >
> > _______________________________________________
> > Geopriv mailing list
> > Geopriv@ietf.org
> > https://www.ietf.org/mailman/listinfo/geopriv
>
>
>
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv

Posted by at