In the long set of discussions that have lead to HELD, one of the biggest
concerns a few of us have had is the problem than an IP address may not be a
good identifier for determining the location of the client. There is a
draft that describes alternate identifiers. However, there is no discussion
in the present draft of the base protocol on these issues.
I would like to propose that we add text something like:
Use of HELD is subject to the viability of the identifier used by the LIS to
determine location. This document describes the use of the IP address of
the client as the identifier. When a NAT, VPN or other forms of address
modification occur between the client and the server, the location returned
may be inaccurate. This is not always the case. For example, a NAT used in
a residential local area network is typically not a problem, because the
external IP address used on the WAN side of the NAT is in fact the right
identifier for all of the devices in the residence. On the other hand, if
there is a VPN between the client and the server, for example for a
teleworker, then the address seen by the server may not be the right address
to identify the location of the client. Where a VPN is deployed, clients
often have the ability to bypass the VPN for a transaction like HELD.
HELD Clients MUST NOT send HELD requests where IP address is the identifier
and a VPN, NAT or other IP address modification exists between the client
and the server which could produce incorrect location. HELD MUST NOT be
deployed in networks where the client cannot comply reasonably reliably with
that requirement.
_______________________________________________
Geopriv mailing list
Geopriv@ietf.org
https://www1.ietf.org/mailman/listinfo/geopriv
Received on Wed, 31 Oct 2007 08:50:39 -0400
This archive was generated by hypermail 2.1.8 : Wed Oct 31 2007 - 08:51:32 EDT