[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ecrit] Solution Approaches

To: Hannes Tschofenig <Hannes.Tschofenig at gmx.net>
Subject: Re: [Ecrit] Solution Approaches
From: Henning Schulzrinne <hgs at cs.columbia.edu>
Date: Tue, 17 Apr 2007 12:02:09 -0400
Cc: ECRIT <ecrit at ietf.org>
In-reply-to: <4624C6C0.50406@gmx.net>
List-help: <mailto:ecrit-request@ietf.org?subject=help>
List-id: ecrit.ietf.org
List-post: <mailto:ecrit@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
References: <46248F45.6030807@gmx.net> <218EBEE4-8857-40DE-A774-4CFED54DA2F7@cs.columbia.edu> <4624C6C0.50406@gmx.net>

No. Item (2) just assumes that we ignore the security vulnerability (fraud) because we believe it is not a real problem. For item (3) we believe it is a problem and provide a solution to it.


I'd like to keep these two issues separate.

Fraud impacts the VSP, not the ISP (unless you're talking about unauthenticated network access).

Location hiding impacts the ISP, but not the VSP.

4) Provide LbyR + Dial String + PSAP URI to the end host. VSP verifies the PSAP URI with the PSAP URIs being flooded (using the LoST synchronization mechanism). This mechanism is potentially similar to (3) -- details might vary. (3) might use a distributed approach whereas this is brute force.

CONSEQUENCE: Solution needs to be developed.
Again, I'd like to separate the verify-URL-is-PSAP problem from the location problem. These are completely separate issues, as the verification problem only affects the VSP, as it charges for calls.
There are many aspects that play an important role for the solution:
* location
* verification
* authentication
* deployment considerations
* callback aspects
All these issues have to be considered and cannot be treated independently. For some of the solutions we solve the PSAP URI verification with call routing through a SIP proxy in the access. This also addresses the location aspect.

I agree that some solutions don't need to worry about URL verification, namely if the mapping and routing are done by parties trusted by the VSP (or ISP). Also, if you have an ESP, you might insert location there, thus avoiding the location hiding problem. But these are two special cases.

However, in general, they are independent problems and they don't always appear in the same system. For example, DT seems to care about not revealing location data, but they don't care if a VSP gets cheated.

Ciao
Hannes
Henning

_______________________________________________
Ecrit mailing list
Ecrit at ietf.org
https://www1.ietf.org/mailman/listinfo/ecrit

References:
- [Ecrit] Solution Approaches
  - From: Hannes Tschofenig
- Re: [Ecrit] Solution Approaches
  - From: Henning Schulzrinne
- Re: [Ecrit] Solution Approaches
  - From: Hannes Tschofenig

Prev by Date: AW: [Ecrit] Solution Approaches
Next by Date: Re: AW: [Ecrit] Solution Approaches
Previous by thread: Re: [Ecrit] Solution Approaches
Next by thread: AW: [Ecrit] Solution Approaches
Index(es):
- Date
- Thread