Date: Wed, 15 Nov 2006 15:27:08 -0800
From: Lakshminath Dondeti <ldondeti at qualcomm.com>
Subject: Re: [Mip6] [issue87] Comment by Sam Hartman on I-D
draft-ietf-mip6-location-privacy-ps
To: Mip6 issue tracker <tracker-mip6 at mip4.org>, mip6 at ietf.org
I reviewed the document as part of a sec-dir assignment and thought
that it can use some editing to make the problem statement more
crisp, but overall looks ok. It appears that there are some
inconsistencies as Sam points out that need to be fixed.
In the interest of making things clearer, would the following be
baseline requirements (let's park the solution discussion for a little
while)?
1. Hiding the home domain information of a roaming user from
eavesdroppers in a visited network
2. Make it difficult, if not impossible for someone in the visited
network to be able to track a roaming user in so far as mobility
protocols are concerned
3. Make it difficult, if not impossible for a correspondent node from
knowing the current location of a roaming user
In the solution space, yes there are some solutions that allude to
addressing privacy considerations, but I don't know whether all of
the above requirements are possible to achieve simultaneously. It
would be good to achieve that or at least make it difficult to track
a roaming user even if an eavesdropper and a CN are colluding.
If indeed we can conclude that everything that can be solved in mip6
location privacy has been solved, well, that'd be cool. One less
thing to do. :)
regards,
Lakshminath
At 01:09 PM 11/15/2006, admin wrote:
New submission from admin <roundup-admin at mip4.org>:
Discuss:
>Even when the binding between a user
> identifier and the Home Address is unavailable, freely available
> tools on the Internet can map the Home Address to the owner of the
> Home Prefix, which can reveal that a user from a particular ISP
> has roamed.
If the above is in scope, then the discussion of the problem is
incomplete. Sending an esp packet from ISP B to one of ISP A's HAs
really discloses as much information as the above paragraph implies.
I think this draft does a bad job of explaining its scope and
convincing me that the problem being solved is important to solve.
For example why are IIDs out of scope? Why is the ESP corrilation I
discuss above out of scope? If those attacks are out of scope, what
real benefit remains to hiding roaming from onlookers?
Finally, I do not understand what work is left to do in this space.
This draft describes the problem and points out that encrypted tunnels
and not using RO are a solution. What additional problems are being
solved beyond that? What work is there for the IETF to do in this
space? A problem statement should clearly articulate these points.
Comment:
I agree with Lisa that this document is unclear--not quite
to the point of earning a discuss for lack of clarity--but unclear
enough that if you haven't been reading mip6 documents for a while,
you won't understand what is going on. It conflates profiling and
location privacy, and describes more than supports its conclusions.
----------
category: Editorial
draft: draft-ietf-mip6-location-privacy-ps
messages: 275
nosy: admin
priority: Should fix
status: Pending
title: Comment by Sam Hartman on I-D draft-ietf-mip6-location-privacy-ps
