 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
I believe the discussion we should have is* do we want to define the term "Using Protocol" in a way that it is more precise OR
* we get rid of it.We had many discussions around this "Using Protocol" term already and many of us just got confused by the terminology created by RFC 3693. Maybe the work on draft-barnes-geopriv-lo-sec <http://tools.ietf.org/id/draft-barnes-geopriv-lo-sec-03.txt> is a good opportunity to finally clean some things up.
Ciao HannesPS: Note that this has nothing todo specifically with the documents James submitted recently. This is a more generic aspect.
James M. Polk wrote:
At 04:11 PM 7/17/2008, Richard Barnes wrote:I think where Hannes was going is that this document does make a meaningful change to the SIP presence system. It does so by including a new type of information, which could introduce different privacy risks.This extension is analogous to the transition between PIDF and PIDF-LO: You're still just putting a PIDF in SUB/NOT. There are two separate RFCs to deal with that extension (3693/3694). So even though you're just adding something to a PIDF (or PIDF-LO), there might still be cause for some security and privacy discussions.ok, so let me get this straight - and this goes directly to the firm comment you made on the WiMAX call Monday -- you claimed then that every single change in PIDF forces PIDF-LO to go back through the gauntlet of re-qualifying SIP as a "Using Protocol". Are you serious?Where's the requirement for the snapshot of PIDF information that marks the point in time that Presence achieved this status (as a "Using Protocol"), with the understanding that for EVERY single extension to Presence from that moment forward it rescinds that status until some magical requalification takes place (from a new snapshot of Presence)?You're proposing that any extension to PIDF, regardless of what SIP or SIPPING or SIMPLE does int he future - MUST require a new re-qualification of SIP to carry this PIDF as a message body.How many others on this list agree with this undertaking?I think we're making this out to be a bigger deal than it really is. I think the "sniff test" should be all that's required, with things that smell odd getting a more thorough look at.James--Richard James M. Polk wrote:At 02:03 PM 7/17/2008, Tschofenig, Hannes (NSN - FI/Espoo) wrote:Hannes PS: You write "poses zero new security or privacy concerns relative to Conveyance." Let me give you something to think about: When you change one protocolname against another one then do you think that the fundamental privacy& security aspects are suddenly different?"one protocol against another" huh? Conveyance already has PIDF-LO within SIP SUBSCRIBE and NOTIFY.There is nothing new in either of these IDs relative putting a PIDF-LO in SUBSCRIBE or NOTIFY.What do you see that's fundamentally different? _______________________________________________ Geopriv mailing list Geopriv at ietf.org https://www.ietf.org/mailman/listinfo/geopriv_______________________________________________ Geopriv mailing list Geopriv at ietf.org https://www.ietf.org/mailman/listinfo/geopriv
_______________________________________________ Geopriv mailing list Geopriv at ietf.org https://www.ietf.org/mailman/listinfo/geopriv