RE: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures)

From: Dawson, Martin ^lt;Martin.Dawson@andrew.com>
Date: Mon Feb 26 2007 - 22:10:21 EST

-----Original Message----- From: Andrew Newton [mailto:andy@hxr.us] Sent: Tuesday, 27 February 2007 12:43 PM To: Dawson, Martin Cc: Marc Linsner; Brian Rosen; GEOPRIV Subject: Re: [Geopriv]WGLCondraft-ietf-geopriv-l7-lcp-ps-00(PIDF-LOdigitalsignatures) On Feb 26, 2007, at 7:16 PM, Dawson, Martin wrote: > I believe that if we didn't > introduce the location integrity mechanism now, we would need to > add it > at some point in the near future at which point the cost of doing so > will be considerably higher. Given that ALIs, etc... are all spoofable on the PSTN today and we see not real outcry about it, musing that it will cost us more to add security we know we will need later is speculative, especially when the security we spec today based on what we think we need maybe too burdensome, insecure, or both. [[MCD]] Sorry? My company provides a GMLC product, and we do have measures in place to authenticate/authorize the ALI before location requests are permitted from it. Our customers require this. Your argument, then, is that they simply shouldn't bother and let any Internet based host query the GMLC for location? The use case, of course, is quite different but I guess that never stopped a good piece of rhetoric. As a matter of general principle, it is more cost-effective to include mechanisms when initially deploying a system rather than trying to retrofit them later. Maybe it's speculation, but it's certainly not unreasonable. > If bot nets are the convenient source of compromised machines - then a > federal law enforcement agency would be able to hire that same net to > mount a DOS on their own honey-pot service. Which mythical federal law enforcement agency are you referencing? [[MCD]] Nice. I think the correct word would be "hypothetical". The operators of bot-nets have their own economies - they have to have customers to feed their business, so why couldn't a law enforcement agency become a customer? A DOS from a set of zombie machines that provided certified location information would thus be providing their precise location. Is there something untrue about that? -andy ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2]

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Mon, 26 Feb 2007 21:10:21 -0600

This archive was generated by hypermail 2.1.8 : Mon Feb 26 2007 - 22:10:05 EST