>What the document is trying to say is that because HELD uses >the requestor's IP address as a location identifier, if the >LIS is trying to assure that location is actually only >provided to the host that originates a request, then it must >have assurance that the source IP address of the request is >that of the originator, i.e., that the source address of the >request has not been spoofed. If there is no requirement for >that level of assurance, then there is no requirement for >anti-spoofing. > >On the other hand, given that the LIS is notionally operated >by the access network operator, this is actually a local >requirement: If you, the network/LIS operator, require this >degree of assurance then you MUST implement measures to >prevent IP address spoofing. (Note, however, the >conditionality.) > >--Richard I think it is also important to mention that IP address spoofing itself is not sufficient. As an adversary you also need to see the response in order to actually see the provided location information. Ciao Hannes _______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf