Skip to main content

Threat Analysis of the Geopriv Protocol
RFC 3694


(Steven Bellovin)
(Ted Hardie)

No Objection

Note: This ballot was opened for revision 01 and is now closed.

Steven Bellovin Former IESG member
Yes () Unknown

Ted Hardie Former IESG member
Yes () Unknown

Ned Freed Former IESG member
No Objection
No Objection (2003-10-25) Unknown

   No IPR boilerplate in any of the documents
   References not split into normative and informative groups
     in dhcp-lci-option

I'll leave it to the security folks to register any actual discuss
votes here, but I'm concerned about the security considerations given
in draft-ietf-geopriv-dhcp-lci-option-02.txt aren't adequate. In particular
while the possibility of eavesdropping on LCI information returned to clients
is mentioned, there's no reference given to the discussion of the possible
threats such exposure causes given in draft-ietf-geopriv-threat-analysis-01.txt.

The security considerations section also doesn't discuss the fact that it
provides information about the "last plug" but nothing beyond that. I often
see wireless equipment attached to those plugs, which can make an LCI that says
"she's at her desk" pretty much a lie. For example, I sometimes use my laptop
in my dentist's office, which as it happens is one floor above me and manages
to be able to see the wireless base station next to my desk.