RE: [Geopriv] [secdir] Review ofdraft-ietf-geopriv-http-location-delivery-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 
>What the document is trying to say is that because HELD uses 
>the requestor's IP address as a location identifier, if the 
>LIS is trying to assure that location is actually only 
>provided to the host that originates a request, then it must 
>have assurance that the source IP address of the request is 
>that of the originator, i.e., that the source address of the 
>request has not been spoofed.  If there is no requirement for 
>that level of assurance, then there is no requirement for 
>anti-spoofing.
>
>On the other hand, given that the LIS is notionally operated 
>by the access network operator, this is actually a local 
>requirement: If you, the network/LIS operator, require this 
>degree of assurance then you MUST implement measures to 
>prevent IP address spoofing.  (Note, however, the
>conditionality.)
>
>--Richard

I think it is also important to mention that IP address spoofing itself
is not sufficient. As an adversary you also need to see the response in
order to actually see the provided location information.

Ciao
Hannes
_______________________________________________
IETF mailing list
IETF@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]