So to follow up on the gen-art and sec reviews (thank you btw) ... I
tried to look at all the traffic and I put the changes into an RFC Ed
note. Please have a look at this and let me know if I did not get it
right. Thanks, Cullen
In first paragraph of section 3 change
OLD:
This document does not specify how LI is
determined.
New:
This document assumes that the Device and Access Provider have no
prior relationship other than what is necessary for the Device to
obtain network access. This document does not specify how LI is
determined.
In section 8, change
Old:
The LIS MUST NOT rely on device support for cookies [RFC2965] or use
Basic or Digest authentication [RFC2617].
New:
A Device that conforms to this specification MAY choose not to
support for HTTP authentication [RFC2617] or cookies [RFC2965].
Because the Device and the LIS may not necessarily have a prior
relationship, the LIS SHOULD NOT require a Device to authenticate,
either using the above HTTP authentication methods or TLS client
authentication. Unless all Devices that access a LIS can be expected
to be able to authenticate in a certain fashion, denying access to
location information could prevent a Device from using
location-dependent services, such as emergency calling.
Add the following paragraph to the end of Section 6.6:
New:
The LIS MUST NOT include any means of identifying the Device in
the PIDF-LO unless it is able to verify that the identifier is
correct and inclusion of identity is expressly permitted by a Rule
Maker. Therefore, PIDF parameters that contain identity are either
omitted or contain unlinked pseudonyms [RFC3693]. A unique,
unlinked presentity URI SHOULD be generated by the LIS for the
mandatory presence “entity” attribute of the PIDF document.
Optional parameters such as the “contact” element and the
“deviceID” element [RFC4479] are not used.
On May 26, 2009, at 7:29 , The IESG wrote:
The IESG has received a request from the Geographic Location/Privacy
WG
(geopriv) to consider the following document:
- 'HTTP Enabled Location Delivery (HELD) '
<draft-ietf-geopriv-http-location-delivery-14.txt> as a Proposed
Standard
The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to
the
ietf@xxxxxxxx mailing lists by 2009-06-09. Exceptionally,
comments may be sent to iesg@xxxxxxxx instead. In either case, please
retain the beginning of the Subject line to allow automated sorting.
The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-geopriv-http-location-delivery-14.txt
IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=16080&rfc_flag=0
_______________________________________________
IETF-Announce mailing list
IETF-Announce@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf-announce
_______________________________________________
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf