[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Ecrit] some observations from yesterday wg meeting

To: "James Winterbottom" <winterb at nortel.com>
Subject: RE: [Ecrit] some observations from yesterday wg meeting
From: "James M. Polk" <jmpolk at cisco.com>
Date: Thu, 04 Aug 2005 03:38:53 -0500
Cc: ecrit at ietf.org
In-reply-to: <C0FA66CBDDF5D411B82E00508BE3A722119A2490@zctwc059.asiapac. nortel.com>
List-help: <mailto:ecrit-request@ietf.org?subject=help>
List-id: ecrit.ietf.org
List-post: <mailto:ecrit@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
Sender: ecrit-bounces at ietf.org

At 07:45 PM 8/3/2005 +1000, James Winterbottom wrote:

The problem must exist in someone's charter, and GeoPriv don't seem to want it either!


<snip>

Location is today in the cellular and wireline world is the responsibility of the access provider, and this will need to remain the responsibility of the access provider in the future until telekenic-osmosis becomes a reality. ECRIT or GeoPriv pick it up until then, but stop passing the buck!!!


James - not every problem has a charter in the IETF.

The Geopriv charter is addressing Location delivery with Privacy Considerations - there is nothing about certifying the location is correct in that charter. In fact, per RFC3693 (Geopriv's base requirements doc), the location provided can be quite imprecise on purpose.

The ECRIT charter is narrowly focused on identification of emergency calls and routing of those calls to the correct PSAP of the location provided. I continue to argue validating location is outside the IETF's scope, much less ECRIT's charter.

None of the above says validating location is a bad idea, BTW.

Cheers
James
-----Original Message----- From: ecrit-bounces at ietf.org [<mailto:ecrit-bounces at ietf.org>mailto:ecrit-bounces at ietf.org] On Behalf Of Brian Rosen Sent: Wednesday, 3 August 2005 7:21 PM To: 'Andrew Newton' Cc: ecrit at ietf.org Subject: RE: [Ecrit] some observations from yesterday wg meeting

But that problem is not in our charter. If an attacker learned a PSAP's SIP URI from any mechanism, they can mount an attack.
True.
Not in our charter.
Determining that a location represents the location of the caller is within charter.

I believe identity of caller is NOT a requirement in general, but I think it's clearly not a requirement in ecrit.
Brian
-----Original Message-----
From: Andrew Newton [<mailto:andy at hxr.us>mailto:andy at hxr.us]
Sent: Wednesday, August 03, 2005 5:07 AM
To: Brian Rosen
Cc: 'James Seng'; ecrit at ietf.org
Subject: Re: [Ecrit] some observations from yesterday wg meeting
On Aug 3, 2005, at 3:23 AM, Brian Rosen wrote:
> This discussion is more or less out of charter, as the work in ecrit
> addresses the first point above.
I don't think so.  I think James has made a fairly important point:
the notion that L2 location must be signed can simply be circumvented
by an attacker contacting the PSAP's SIP server directly.
-andy
_______________________________________________ Ecrit mailing list Ecrit at ietf.org <https://www1.ietf.org/mailman/listinfo/ecrit>https://www1.ietf.org/mailman/listinfo/ecrit
_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit

cheers,
James

                                *******************
                Truth is not to be argued... it is to be presented.

_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit

Prev by Date: RE: [Ecrit] some observations from yesterday wg meeting
Next by Date: RE: [Ecrit] some observations from yesterday wg meeting
Previous by thread: RE: [Ecrit] some observations from yesterday wg meeting
Next by thread: [Ecrit] Does IDN work for the DNS proposal
Index(es):
- Date
- Thread