Note: This ballot was opened for revision 04 and is now closed.
(Steven Bellovin) Yes
There's another threat that bears mentioning. If, for a fixed LI, the sender repeatedly sends out the location plus some differing random offset each time, an attacker can use multiple observations to zero in on the precise location, by averaging them.
(Ted Hardie) Yes
(Ned Freed) No Objection
Nits: No IPR boilerplate in any of the documents References not split into normative and informative groups in dhcp-lci-option I'll leave it to the security folks to register any actual discuss votes here, but I'm concerned about the security considerations given in draft-ietf-geopriv-dhcp-lci-option-02.txt aren't adequate. In particular while the possibility of eavesdropping on LCI information returned to clients is mentioned, there's no reference given to the discussion of the possible threats such exposure causes given in draft-ietf-geopriv-threat-analysis-01.txt. The security considerations section also doesn't discuss the fact that it provides information about the "last plug" but nothing beyond that. I often see wireless equipment attached to those plugs, which can make an LCI that says "she's at her desk" pretty much a lie. For example, I sometimes use my laptop in my dentist's office, which as it happens is one floor above me and manages to be able to see the wireless base station next to my desk.