Tuesday, August 10, 2010

Re: [Geopriv] draft-ietf-geopriv-rfc3825bis

Hannes,

What specific network type(s) are you worried about?

-Marc-


On 8/10/10 8:25 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
<hannes.tschofenig@nsn.com> wrote:

> But the conclusion is missing: if you are on a shared link then you must
> not share location at the level of the individual hosts. I fear that
> those who implement and deploy would not get the point and would
> nevertheless reveal information and put the user at risk.
>
>> -----Original Message-----
>> From: ext Marc Linsner [mailto:mlinsner@cisco.com]
>> Sent: Tuesday, August 10, 2010 3:23 PM
>> To: Tschofenig, Hannes (NSN - FI/Espoo); geopriv@ietf.org
>> Subject: Re: [Geopriv] draft-ietf-geopriv-rfc3825bis
>>
>> Hannes,
>>
>>
>> On 8/10/10 3:33 AM, "Tschofenig, Hannes (NSN - FI/Espoo)"
>> <hannes.tschofenig@nsn.com> wrote:
>>
>>> Hi all,
>>>
>>> during the GEOPRIV meeting I mentioned missing text in
>>> draft-ietf-geopriv-rfc3825bis regarding security.
>>>
>>> DHCP does not provide confidentiality protection as a
>> built-in feature.
>>> As Marc mentioned in response to issue#23 (see
>>> http://trac.tools.ietf.org/wg/geopriv/trac/ticket/23) every
>> target would
>>> be given the exact same location information on a shared medium.
>>>
>>> Unfortunately, the security consideration section does not
>> mention this
>>> aspect with a single word.
>>
>> Not true, currently in the security consideration section of
>> the draft:
>>
>> " Since there is no privacy protection for DHCP messages, an
>> eavesdropper who can monitor the link between the DHCP server and
>> requesting client can discover this LCI."
>>
>> I don't believe more text is needed.
>>
>> -Marc-
>>
>>
>>
>>
>>
>>
>> Hence, I suggest to add:
>>>
>>> "
>>> Since there is no confidentiality protection for DHCP
>> messages, an
>>> eavesdropper who can monitor the link between the DHCP server and
>>> requesting client can discover this LCI. In cases where multiple
>>> hosts share the same link and can therefore see each others DHCP
>>> messages the DHCP MUST NOT hand out location for individual hosts
>>> but MUST rather provide location of the DHCP relay, DHCP server,
>>> or a similar device instead. This ensures that none of the end
>>> devices are able to learn exact information of the other hosts
>>> on the same network.
>>> "
>>>
>>> Ciao
>>> Hannes
>>>
>>> _______________________________________________
>>> Geopriv mailing list
>>> Geopriv@ietf.org
>>> https://www.ietf.org/mailman/listinfo/geopriv
>>
>>
>>


_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www.ietf.org/mailman/listinfo/geopriv

Posted by at