[Geopriv] Serious concerns about security of draft-ietf-geopriv-held-identity-extensions

[Cullen Jennings <fluffy at cisco.com>]

I really hope we get some discussion on this at this meeting. Take for  
example using a MAC address as an identifier. A request arrives and  
requests the location of device with a given MAC. How does  the server  
know if it should answer this or not? If it has an IP to MAC mapping,  
why did it need the MAC, and why not use use IP.

I don't think the answer can be it knows due to something that will  
described some time later. That answer seems like it would not meet  
the IETF goals of security that can be implemented (even it it is not  
used) or the general charter of this WG.

I don't understanding how the privacy part of this is protected. I  
need to understand that or I worry that this work is not appropriate  
for geopriv WG.

Cullen <in my RAI AD role>