[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Ecrit] some observations from yesterday wg meeting

Title: RE: [Ecrit] some observations from yesterday wg meeting

I think that we should provide some mechanisms to foster integrity and authentication of source of location.  I think that such mechanisms should be widely deployed.  I believe there are use cases where such information is useful.  I think ONE of those use cases is emergency calls.  I think it is not possible to provide assurances that are equivalent to current wireline location for emergency calls.  I think location integrity and source authentication is work in geopriv, and not ecrit.

 

Brian

 

From: James Winterbottom [mailto:winterb at nortel.com]
Sent: Wednesday, August 03, 2005 6:31 AM
To: Brian Rosen; 'Andrew Newton'
Cc: ecrit at ietf.org
Subject: RE: [Ecrit] some observations from yesterday wg meeting

 

Brian,

Let me make sure that I have a clear understanding of your point here.
I as a recipient of location information, that provide a service in good faith, have no right or come back, if the location provided to me is incorrect?

Please explain to me how this is a step in a positive direction, and how this will bolster adoption of IP telephony?

I think that people will accept "near-equivalency", but that they will not accept out and out lack of equivalent service.

Cheers
James

 

-----Original Message-----
From: Brian Rosen [mailto:br at brianrosen.net]
Sent: Wednesday, 3 August 2005 8:10 PM
To: Winterbottom, James [WOLL:5500:EXCH]; 'Andrew Newton'
Cc: ecrit at ietf.org
Subject: RE: [Ecrit] some observations from yesterday wg meeting

 

Chairs?

I was not a fan of the narrow focus of the charter.  It is what it is.

Each change in technology changes the situation for emergency call systems. It takes away things, and provides new things.  When mobile phones came, they removed accurate location and substituted inaccurate location in a totally different, and difficult-for-psap-to-use form.  They even took away call back number in the case of un-initialized phones. They gave the possibility of tracking a moving caller, and they gave the ability to get calls immediately from the scene of common events like car crashes.  On balance, it's a good thing.

VoIP is the same; some things are being taken away, some things are being added.  It's different, get over it.

Brian

________________________________________
From: James Winterbottom [mailto:winterb at nortel.com]
Sent: Wednesday, August 03, 2005 5:46 AM
To: Brian Rosen; 'Andrew Newton'
Cc: ecrit at ietf.org
Subject: RE: [Ecrit] some observations from yesterday wg meeting

Bah!!!
The problem must exist in someone's charter, and GeoPriv don't seem to want it either!
It is not easy, without having relatively substantial local foot print, to spoof emergency calls with in the USA today. In a IP world, that is simply not true any longer with the currently proposed mechanisms of user created location documents, no matter where the source data came from. That is consumers of location (location recipients LRs) have absolutely NO means of assuring that this correct. The same is absolutely not true for 99.999% of PSTN calls.

Location is today in the cellular and wireline world is the responsibility of the access provider, and this will need to remain the responsibility of the access provider in the future until telekenic-osmosis becomes a reality. ECRIT or GeoPriv pick it up until then, but stop passing the buck!!!

Cheers
James

-----Original Message-----
From: ecrit-bounces at ietf.org [mailto:ecrit-bounces at ietf.org] On Behalf Of Brian Rosen
Sent: Wednesday, 3 August 2005 7:21 PM
To: 'Andrew Newton'
Cc: ecrit at ietf.org
Subject: RE: [Ecrit] some observations from yesterday wg meeting

But that problem is not in our charter.  If an attacker learned a PSAP's SIP URI from any mechanism, they can mount an attack. True.

Not in our charter.
Determining that a location represents the location of the caller is within charter.
I believe identity of caller is NOT a requirement in general, but I think it's clearly not a requirement in ecrit.
Brian
-----Original Message-----
From: Andrew Newton [mailto:andy at hxr.us]
Sent: Wednesday, August 03, 2005 5:07 AM
To: Brian Rosen
Cc: 'James Seng'; ecrit at ietf.org
Subject: Re: [Ecrit] some observations from yesterday wg meeting

On Aug 3, 2005, at 3:23 AM, Brian Rosen wrote:
> This discussion is more or less out of charter, as the work in ecrit
> addresses the first point above.
I don't think so.  I think James has made a fairly important point: 
the notion that L2 location must be signed can simply be circumvented 
by an attacker contacting the PSAP's SIP server directly.
-andy

_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit 

_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit