Re: [Geopriv] Location in SIP and "retransmission-allowed"

From: Ted Hardie ^lt;hardie@qualcomm.com>
Date: Tue May 01 2007 - 15:28:59 EDT

At 1:55 PM -0400 5/1/07, Henning Schulzrinne wrote:
>I think what got lost in the long message is the crucial distinction that the LoST request contains no personally identifiable information about the querier (except maybe the IP address of the proxy server), unlike a normal PIDF-LO.

It wasn't lost on me. The proxy gets a PIDF-LO and it acts on it; that acting on
it includes removing some of the identifying information before sending it
as a LoST query, but that does not change the fact that it is acting as a recipient
by routing based on the location. I believe it should not do so unless it
is authorized to do so. That fits with the overall privacy aims of this
group, which are clear in its charter. Sorry if you think that is lawyering,
but I think this isn't the place to object to it. Feel free to argue for
a recharter with Robert; it's always a nice way to be greeted as a new chair.

There are two ways forward: agree that we add a state for routing queries,
which handles this fairly cleanly, or add a state that says "Absolutely no" that
forbids even routing queries, since we have re-written "no" to mean
"no, except for routing queries". There MUST be some way for a user
agent to say "no" to redistribution and mean it. GEOPRIV is nonsense
with that.

>(4) It's an emergency call; no retransmission allowed. No LoST query?

For emergency calls, we can talk in ECRIT's PhoneBCP about when violating the
geopriv privacy rules is justified. The example given was Pizza delivery,
though, not a 911 call.

I am also frankly tired of emergency calling being used a spectre for
weakening the privacy infrastructure. The chartered baseline for the
group is private information (see the default "no" to redistribution in
4119) and control by the user. It can be relaxed, but that is the baseline.
If you'd like to change that, feel free to propose an update to 4119
that changes the defaults.

                        regards,
                                Ted

>We're getting into heavy-duty protocol lawyering here, out of touch with reality as perceived by the rest of the world.
>
>Henning
>
>
>On May 1, 2007, at 1:35 PM, Ted Hardie wrote:
>
>>
>>>3. Does the current definition of retransmission-allowed=no permit a sip
>>>proxy server to send Location Information to a LoST server (without
>>>identity)?
>>
>>No, I don't think so. Whether you consider the proxy or the Lost server
>>to be a recipient in that case, I believe one of the two is. I think
>>the routing-query-allowed solution is better than allowing retransmission=no
>>to be weakened for this in the Pizza case. If retransmission=no is
>>allowed to include this case, I see no way for an end user which did not
>>want to to allow routing queries to be performed to express that; so
>>the choices appear to be to create an explicit permission or add a
>>"no, really, even including routing queries" entry. The explicit permission
>>seems cleaner and clearer.
>>
>
>
>_______________________________________________
>Geopriv mailing list
>Geopriv@ietf.org
>https://www1.ietf.org/mailman/listinfo/geopriv

_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Tue, 1 May 2007 12:28:59 -0700

This archive was generated by hypermail 2.1.8 : Tue May 01 2007 - 15:29:18 EDT