Last Call Review of draft-ietf-geopriv-arch-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
The document sets out architectural considerations for location and
location privacy systems. As such it is essentially an extended set of
The document is very thorough and describes both the problem and
generalized approaches addressing requirements that arise. In my
opinion it is suitable for publication in its current form.
I have no particular issues with the document except to note the following:
1) Legal risks of collecting location information.
You can't lose what you don't have. Sites that collect and store
credit card numbers expose themselves to the risk of penalties should
they be compromised. Sites that collect location information they
don't need may be opening themselves to unnecessary liability.
Implementing privacy architectures is thus not merely a matter of
compliance, it is potentially a means of mitigating liability risk.
2) Unintended location information
GPS and similar devices are designed to collect location information,
but many Internet technologies leak information that has a high
correlation with position. Even an IP address can be tracked down to a
street level address in many instances. The issues raised in this
document are thus of wider application than technologies intended to
provide location information.