One of the uses for HELD is for an end device to obtain its location. The
recommendations in ecrit-phonebcp say that the end device should get its
location when it boots, periodically thereafter, and as it makes an
emergency call. The time to complete the operation doesn't matter in the
first two cases, but does at call time.
Location sent by value should be protected from eavesdropping. TLS is of
course the mechanism of choice for HELD. Unless we change our position,
we've stated that the security of the reference is the same as the value.
That means getting a reference doesn't help; you would want to protect the
transfer of the reference with TLS.
What should the recommendation be for the TLS connection between the
endpoint and the HELD server? Seems like we have two bad choices:
1. The endpoint maintains a persistent TLS connection. This seems
impossible for a LIS to maintain, and wasteful for the device
2. We incur very long time to establish the TLS session at call time. I
think this is currently something in the 1/2 second or more range for a
typical phone like embedded controller, sometimes much more. That is WAY
too long for emergency call, where we're attempting to keep call set up in
the 2 seconds from dial to ring.
I don't have an answer here. We don't use TLS with the other LCPs; we have
other mechanisms that protect the privacy to various degrees. TLS is an
excellent mechanism for this purpose. I just don't know how to deal with
the setup time.
Brian
_______________________________________________
Geopriv mailing list
Geopriv at ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
