Re: Does GEOPRIV specify crypto was RE: Notes from Non-meeting

From: Allison Mankin ^lt;mankin@isi.edu>
Date: Wed Mar 20 2002 - 12:21:40 EST

Randy wrote:
> > i suspect that the trust association(s) of the transport will not
> > be the same as the trust association(s) of the material being
> > transported. i am told that this little difference often raises
> > its head.
> >
> >
Brian answered:
> SIP needs to provide location information for a number of
> useful applications.
>
> SIP Provides a way to authenticate, and provide confidentiality
> for SIP messages between two end user devices (UAs).
> We propose to place the location object in the SIP message.
> We assert that the mechanisms in SIP (the new version recently
> approved by the IESG) are sufficient for the purpose.
>

And then Brian and Randy again :)
> >> i suspect that the trust association(s) of the transport will not
> >> be the same as the trust association(s) of the material being
> >> transported. i am told that this little difference often raises
> >> its head.
> > On the contrary, I think the trust association between the
> > two UAs that the SIP mechanism provides is exactly what
> > is appropriate to protect location information.
>
> oh, i understood that you did. security clue will be coming.
> patience.

This thread is bringing out some aspects of our chartering:

The APPS ADs expect the geopriv location object will have the
form of an embedded protocol.

Let's keep object security and transport security well separated -
it's unclear from Brian's mail if the object security (SIP's use
of S/MIME) is what is meant.

I don't think we know now whether the geopriv object will be one
that has a preexisting approach to its object security and if so
what specification might be needed for the specific geopriv functions.
Its coordination with its transporting protocol's (e.g. sip, mail,
whatever) object security would then have to be considered.

And then there is the separate point of specifying a minimum
mandatory to implement (not use) object security. The IESG will
require us to have minimum mandatory to implement features of
security for geopriv, including what the crypto would be.

Finally, I underline Randy's point about the match of trust models
with those enforced by the transporting protocol needing careful
consideration.

Allison
Received on Wed Mar 20 12:23:26 2002

This archive was generated by hypermail 2.1.8 : Thu Jan 22 2004 - 12:32:22 EST