 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
At 02:16 PM 7/20/2008, Hannes Tschofenig wrote:
I believe the discussion we should have is* do we want to define the term "Using Protocol" in a way that it is more precise OR* we get rid of it.
I think a more concise definition is warranted, given Richard's comments that *any* change to any existing protocol that introduces new information requires a re-confirmation that this existing protocol has to run the gauntlet again (to being validated as a "Using Protocol").
That's a reeeeally high bar, and is absolutely not planned for in practice (i.e., in any charter). For example, where's the snapshot of SIP and SIMPLE that Location Conveyance will be judged against? What happens when SIP or SIMPLE extend themselves with a new PS RFC? Does that mean the snapshot Conveyance was determined against is no longer valid? This is consisted with what Richard said to WiMAX last week.
(I understand few others heard that call, which is why I brought that discussion to this list)
I do believe we agree that DHCP and LLDP-MED are not Using Protocols, because of the lack of identifying information in the payload of the message.
At the same time, I currently don't trust any consensus reached by this WG, as it doesn't seem to matter to anyone (or enough folks)...
We had many discussions around this "Using Protocol" term already and many of us just got confused by the terminology created by RFC 3693. Maybe the work on draft-barnes-geopriv-lo-sec <http://tools.ietf.org/id/draft-barnes-geopriv-lo-sec-03.txt> is a good opportunity to finally clean some things up.Ciao HannesPS: Note that this has nothing todo specifically with the documents James submitted recently. This is a more generic aspect.James M. Polk wrote:At 04:11 PM 7/17/2008, Richard Barnes wrote:I think where Hannes was going is that this document does make a meaningful change to the SIP presence system. It does so by including a new type of information, which could introduce different privacy risks.This extension is analogous to the transition between PIDF and PIDF-LO: You're still just putting a PIDF in SUB/NOT. There are two separate RFCs to deal with that extension (3693/3694). So even though you're just adding something to a PIDF (or PIDF-LO), there might still be cause for some security and privacy discussions.ok, so let me get this straight - and this goes directly to the firm comment you made on the WiMAX call Monday -- you claimed then that every single change in PIDF forces PIDF-LO to go back through the gauntlet of re-qualifying SIP as a "Using Protocol". Are you serious?Where's the requirement for the snapshot of PIDF information that marks the point in time that Presence achieved this status (as a "Using Protocol"), with the understanding that for EVERY single extension to Presence from that moment forward it rescinds that status until some magical requalification takes place (from a new snapshot of Presence)?You're proposing that any extension to PIDF, regardless of what SIP or SIPPING or SIMPLE does int he future - MUST require a new re-qualification of SIP to carry this PIDF as a message body.How many others on this list agree with this undertaking? I think we're making this out to be a bigger deal than it really is.I think the "sniff test" should be all that's required, with things that smell odd getting a more thorough look at.James--Richard James M. Polk wrote:At 02:03 PM 7/17/2008, Tschofenig, Hannes (NSN - FI/Espoo) wrote:Hannes PS: You write "poses zero new security or privacy concerns relative to Conveyance." Let me give you something to think about: When you change one protocol name against another one then do you think that the fundamental privacy & security aspects are suddenly different?"one protocol against another" huh? Conveyance already has PIDF-LO within SIP SUBSCRIBE and NOTIFY.There is nothing new in either of these IDs relative putting a PIDF-LO in SUBSCRIBE or NOTIFY.What do you see that's fundamentally different? _______________________________________________ Geopriv mailing list Geopriv at ietf.org https://www.ietf.org/mailman/listinfo/geopriv_______________________________________________ Geopriv mailing list Geopriv at ietf.org https://www.ietf.org/mailman/listinfo/geopriv
_______________________________________________ Geopriv mailing list Geopriv at ietf.org https://www.ietf.org/mailman/listinfo/geopriv