GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne.

Slides:

Advertisements

Similar presentations

Security Issues In Mobile IP

Advertisements

Ecrit-unauthenticated-access IETF 75, Stockholm July 29, 2009 Hannes Tschofenig (attending virtually) Dirk Kroeselberg.

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

DOIC Restructuring. Restructuring Purpose Improve readability Separate informative from normative text Isolate loss abatement algorithm behavior into.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

IPv6 Privacy Hannes Tschofenig, Tara Whalen. Agenda Privacy Threats Layering Addressing Policy Questionnaire.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

CSIT 320 (Blum) 1 DHCP. CSIT 320 (Blum) 2 Dynamic Host Configuration Protocol does not require an administrator to add an entry for a computer into the.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Emergency Services IAB Tech Chat 28 th February 2007 Hannes Tschofenig.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

Security Awareness: Applying Practical Security in Your World

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

WG RAQMON Internet-Drafts RMON MIB WG Meeting Washington, Nov. 11, 2004.

Draft-campbell-dime-load- considerations-01 IETF 92 DIME Working Group Meeting Dallas, Texas.

IEEE R lmap 23 Feb 2015.

Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.

draft-ietf-netconf-call-home-01

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Dynamic Host Configuration Protocol Engr. Mehran Mamonai.

NETCONF WG IETF 92 - Dallas TUESDAY, March 24, CDT Mehmet Ersue Mahesh Jethanandani 3/24/ IETF #92- NETCONF WG session.

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning.

New perfSonar Dashboard Andy Lake, Tom Wlodek. What is the dashboard? I assume that everybody is familiar with the “old dashboard”:

0 NAT/Firewall NSLP Activities IETF 60th - August 2nd 2004 Cedric Aoun, Martin Stiemerling, Hannes Tschofenig.

Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.

TSVWG IETF-76 (Hiroshima) James Polk Gorry Fairhurst With an assist for this meeting from **Magnus Westerlund**

Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.

November 2006IETF67 - GEOPRIV1 A Location Reference Event Package for the Session Initiation Protocol (SIP) draft-schulzrinne-geopriv-locationref-00 Henning.

IETF GEOPRIV Status Richard L. Barnes BBN Technologies GEOPRIV Secretary Emergency Services Workshop October 2008.

ATOCA IETF 79, Beijing Martin Thomson; Scott Bradner.

Draft-barnes-geopriv-policy-uri. -03 (err… -02) We updated the draft (-02) in early September – … and forgot to post it We updated it again (-03) right.

ECRIT Virtual Interim Meeting 3rd June 2009, 1PM EDT (New York) Marc Linsner Hannes Tschofenig.

WG Document Status 192nd IETF TEAS Working Group.

NEA Working Group IETF meeting July 27, Co-chairs: Steve Hanna

Interactive Connectivity Establishment : ICE

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Doc.: IEEE /0xxxr0 Submission March, 2007 Gabor/SriniSlide 1 Joint TGu : Location Configuration for Emergency Services Notice: This document.

ECRIT IETF 70 December 2007 Vancouver Hannes Tschofenig Marc Linsner Roger Marshall.

IETF #65 Network Discovery and Selection Problem draft-ietf-eap-netsel-problem-04 Farooq Bari Jouni Korhonen.

OAuth WG Blaine Cook, Hannes Tschofenig. Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft.

Security Threats and Requirements for Emergency Calling draft-tschofenig-ecrit-security-threats-01.txt Hannes Tschofenig, Henning Schulzrinne, Murugaraj.

Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.

7/11/2005ECRIT Security Considerations1 ECRIT Security Considerations draft-taylor-ecrit-security-threats-00.txt Henning Schulzrinne, Raj Shanmugam, Hannes.

1 cellhost-ipv6-52.ppt/ December 13, 2001 / John A. Loughney Minimum IPv6 Functionality for a Cellular Host John Loughney, Pertti Suomela, Juha Wiljakka,

IS3220 Information Technology Infrastructure Security

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-tschofenig-geopriv-l7-lcp-ps-03.txt Hannes Tschofenig, Henning.

Multiple Interfaces (MIF) WG documents status MIF WG IETF 80, Prague Problem statement and current practices documents.

Digital Planet: Tomorrow’s Technology and You Chapter 8 Networking and Digital Communication Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials draft-bajko-nsis-fw-reqs-01 Gábor Bajkó IETF Interim May 2005.

Topic 11 Network Management. SNMPv1 This information is specific to SNMPv1. When using SNMPv1, the snmpd agent uses a simple authentication scheme to.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Lab A: Planning an Installation

Jamming for good: a fresh approach to authentic communication in WSNs

NET 536 Network Security Firewalls and VPN

Microsoft Windows NT 4.0 Authentication Protocols

Joint TGu : Location Configuration for Emergency Services

Set up your own Cloud The search for a secure and acceptable means of gaining access to your files stored at the office from a remote location.

P2P Streaming for Mobile Nodes: Scenarios and Related Issues

Hannes Tschofenig, Henning Schulzrinne, Bernard Aboba

draft-ietf-geopriv-lbyr-requirements-02 status update

Configuration Framework draft-ietf-sipping-config-framework-06

draft-ipdvb-sec-01.txt ULE Security Requirements

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

Topic 5: Communication and the Internet

Presentation transcript:

GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne IETF 68, Prague, March 2007

Status: Many WGLC Comments  Areas of Comments:  Editorial  Modify Document Structure  New requirements

ToC  1. Introduction 2. Terminology 3. Scenarios 3.1. Fixed Wired Environment 3.2. Moving Network 3.3. Wireless Access 4. Discovery of the Location Information Server 5. Identifier for Location Determination 6. Virtual Private Network (VPN) Considerations 6.1. VPN Tunneled Internet Traffic 6.2. VPN Client and End Point Physically Co-Located 6.3. VPN Client and End Point Physically Separated 7. Location-by-Reference and Location Subscriptions 8. Preventing Faked Location based DoS Attacks 8.1. Security Threat 8.2. Discussion about Countermeasures 9. Requirements 10. Security Considerations Capabilities of the Adversary Threats Requirements 11. IANA Considerations 12. Contributors 13. Acknowledgements 14. References Delete? Moved into a separate document

Terminology Section  We use the term "Location Information Server (LIS)“ but we don’t define it.  We discussed this aspect in Dec without a result.  Should we fall back to RFC3693's "Location Server (LS)"?

Scenario Section  Minor update based on comments. Clarifications mostly.  Scenarios are not meant to be exhaustive.

Requirements Section  Add a reference with regard to the discovery procedure.  New requirements:  LIS-to-LIS & On-behalf-of Both have the characteristic that they allow the location request to be able to support other (typically access technology dependent) forms of client identifier than the IP address. Input / Output parameters are not known.  Need for a Quality of Service response time parameter  Not sure whether they are LCP specific or should be moved to the Location-by-Reference requirements document.

Location-by-Reference  Move requirements to draft-marshall-geopriv-lbyr-requirements- 00.txt ?  This would effect potentially affect the following text:  The reference MUST be valid for a limited amount of time.  The reference MUST be hard to guess, i.e., it MUST contain a cryptographically random component.  The reference MUST NOT contain any information that identifies the user, device or address of record  The Location Recipient MUST be able to resolve the reference more than once (i.e., there is no implicit limit on the number of dereferencing actions).  Possessing a reference to location information allows a Location Recipient to repeatedly obtain the latest information about the Target with the same granularity.  The Target MUST be able to resolve the reference itself.

Operational Considerations  Dan Romascanu: “ The Internet-Draft does not include any operations or manageability considerations or requirements. At a minimum I would suggest that consideration is given to whether there is need for any prior configuration of hosts or nodes or LISs involved in the protocol, if yes how this will be done, what is the level of traffic this protocol is supposed to generate in a network, are there any dependencies or impact on other protocols, any means of monitoring the status of the entities running the protocol and any faults specific to this protocol to be reported to an operator. “  Has never been raised before. What should we do?