Re: [Geopriv] Location in SIP and "retransmission-allowed"

From: Henning Schulzrinne ^lt;>
Date: Tue May 01 2007 - 15:38:55 EDT

I fail to see the privacy aims that are met by this restriction. You
did not in any way my technical argument, just argued by appeal to
authority. It's the usual "we can't answer you technically, but just
imagine the wasted time you go through trying to argue it, so you'll
see why it's best if you don't even try".

My prediction: We'll end up with some meaningless token that
everybody always inserts or ignores, depending on the circumstances,
since nobody outside a small group of people will understand as to
why a LoST query has GEOPRIV privacy implications when Google Maps
does not.

On May 1, 2007, at 3:28 PM, Ted Hardie wrote:

> At 1:55 PM -0400 5/1/07, Henning Schulzrinne wrote:
>> I think what got lost in the long message is the crucial
>> distinction that the LoST request contains no personally
>> identifiable information about the querier (except maybe the IP
>> address of the proxy server), unlike a normal PIDF-LO.
> It wasn't lost on me. The proxy gets a PIDF-LO and it acts on it;
> that acting on
> it includes removing some of the identifying information before
> sending it
> as a LoST query, but that does not change the fact that it is
> acting as a recipient
> by routing based on the location. I believe it should not do so
> unless it
> is authorized to do so. That fits with the overall privacy aims of
> this
> group, which are clear in its charter. Sorry if you think that
> is lawyering,
> but I think this isn't the place to object to it. Feel free to
> argue for
> a recharter with Robert; it's always a nice way to be greeted as a
> new chair.
> There are two ways forward: agree that we add a state for routing
> queries,
> which handles this fairly cleanly, or add a state that says
> "Absolutely no" that
> forbids even routing queries, since we have re-written "no" to mean
> "no, except for routing queries". There MUST be some way for a user
> agent to say "no" to redistribution and mean it. GEOPRIV is nonsense
> with that.
>> (4) It's an emergency call; no retransmission allowed. No LoST query?
> For emergency calls, we can talk in ECRIT's PhoneBCP about when
> violating the
> geopriv privacy rules is justified. The example given was Pizza
> delivery,
> though, not a 911 call.
> I am also frankly tired of emergency calling being used a spectre for
> weakening the privacy infrastructure. The chartered baseline for the
> group is private information (see the default "no" to
> redistribution in
> 4119) and control by the user. It can be relaxed, but that is the
> baseline.
> If you'd like to change that, feel free to propose an update to 4119
> that changes the defaults.
> regards,
> Ted
>> We're getting into heavy-duty protocol lawyering here, out of
>> touch with reality as perceived by the rest of the world.
>> Henning
>> On May 1, 2007, at 1:35 PM, Ted Hardie wrote:
>>>> 3. Does the current definition of retransmission-allowed=no
>>>> permit a sip
>>>> proxy server to send Location Information to a LoST server (without
>>>> identity)?
>>> No, I don't think so. Whether you consider the proxy or the Lost
>>> server
>>> to be a recipient in that case, I believe one of the two is. I
>>> think
>>> the routing-query-allowed solution is better than allowing
>>> retransmission=no
>>> to be weakened for this in the Pizza case. If retransmission=no is
>>> allowed to include this case, I see no way for an end user which
>>> did not
>>> want to to allow routing queries to be performed to express that; so
>>> the choices appear to be to create an explicit permission or add a
>>> "no, really, even including routing queries" entry. The explicit
>>> permission
>>> seems cleaner and clearer.
>> _______________________________________________
>> Geopriv mailing list

Geopriv mailing list
Received on Tue, 1 May 2007 15:38:55 -0400

This archive was generated by hypermail 2.1.8 : Tue May 01 2007 - 15:37:34 EDT