RE: full integrity?

Yes, I see this now. Thanks for the clarification.

So if bogus (or self-naming) is allowed, then we need to put safeguards
in place, just as are in place today for email (open-relay rejection,
intermediate node signing/tracking and so forth, and signed original
messages).

To me this is less an issue of a person managing his/her own list of
aliases, or selectively sending out bogus information, and more pointing
out the need to localize or control obfuscation in an environment of
distributed identity.

In short, we want a distributed environment for scalability. In a
distributed environment, people can self-inject presence and location.
Geopriv (actually I think this is likely a responsibility of something
like Mobile Location Protocol) should have a requirement that says we
can track and authenticate intermediaries, if they sign messages. This
allows people to say "I won't accept unreliable presence information" or
even blackball sites that accept unsigned presence information, just as
many mail servers blackball open-relay mail servers.

Dan Greening, Ph.D. CEO, BigTribe Corporation
              330 Townsend Street, Suite 209, San Francisco, CA
94107-1662
              greening@bigtribe.com +1(415)995-7151 fax 995-7155

-----Original Message-----
From: Zmolek, Andrew (Andrew) [mailto:zmolek@avaya.com]
Sent: Wednesday, May 22, 2002 7:11 AM
To: Dan Greening; James M. Polk; Randall Gellens; Aleksandar Gogic;
Richard Shockey; ietf-geopriv@mail.apps.ietf.org
Subject: RE: full integrity? (was: RE: Geopriv WG - meeting 5-6 Jun,
other news)

Dan Greening wrote:

> This stuff about bogus locations sounds like something that won't get
> market usage by many people (like less than 1%), and possibly no
> carriers. It seems like "requirements" should be serious market
> requirements, otherwise the IETF Geopriv requirements could
> end up stuck in the "academically interesting" category and ignored.

This depends on how closed the systems are for passing this information.
If we're only talking about carrier systems than I might agree with you.
But if enterprises and individuals will have the means to inject
presence and location information into these tracking networks (and I
believe they will over time) then this is hardly academic.

--Andy Zmolek
    Technology & Standards Engineer
      CTO Standards
        Avaya Inc.

            zmolek@avaya.com
              +1 720 444 4001
                sip:zmolek@avaya.com
Received on Wed May 22 11:12:30 2002