Hannes Tschofenig, Henning Schulzrinne IETF 68, Prague, March 2007

1. GEOPRIV Layer 7 Location Configuration Protocol; Problem Statement and Requirements draft-ietf-geopriv-l7-lcp-ps-00.txt Hannes Tschofenig, Henning Schulzrinne IETF 68, Prague, March 2007

2. Status: Many WGLC Comments • Areas of Comments: • Editorial • Modify Document Structure • New requirements

3. ToC • 1.  Introduction2.  Terminology3.  Scenarios3.1.  Fixed Wired Environment3.2.  Moving Network3.3.  Wireless Access4.  Discovery of the Location Information Server5.  Identifier for Location Determination6.  Virtual Private Network (VPN) Considerations6.1.  VPN Tunneled Internet Traffic6.2.  VPN Client and End Point Physically Co-Located6.3.  VPN Client and End Point Physically Separated7.  Location-by-Reference and Location Subscriptions8.  Preventing Faked Location based DoS Attacks8.1.  Security Threat8.2.  Discussion about Countermeasures9.  Requirements10.  Security Considerations10.1.  Capabilities of the Adversary10.2.  Threats10.3.  Requirements11.  IANA Considerations12.  Contributors13.  Acknowledgements14.  References Delete? Moved into a separate document

4. Terminology Section • We use the term "Location Information Server (LIS)“ but we don’t define it. • We discussed this aspect in Dec. 2006 without a result. • Should we fall back to RFC3693's "Location Server (LS)"?

5. Scenario Section • Minor update based on comments. Clarifications mostly. • Scenarios are not meant to be exhaustive.

6. Requirements Section • Add a reference with regard to the discovery procedure. • New requirements: • LIS-to-LIS & On-behalf-of Both have the characteristic that they allow the location request to be able to support other (typically access technology dependent) forms of client identifier than the IP address. Input / Output parameters are not known. • Need for a Quality of Service response time parameter • Not sure whether they are LCP specific or should be moved to the Location-by-Reference requirements document.

7. Location-by-Reference • Move requirements to draft-marshall-geopriv-lbyr-requirements-00.txt ? • This would effect potentially affect the following text: • The reference MUST be valid for a limited amount of time. • The reference MUST be hard to guess, i.e., it MUST contain a cryptographically random component. • The reference MUST NOT contain any information that identifies the user, device or address of record • The Location Recipient MUST be able to resolve the reference more than once (i.e., there is no implicit limit on the number of dereferencing actions). • Possessing a reference to location information allows a Location Recipient to repeatedly obtain the latest information about the Target with the same granularity. • The Target MUST be able to resolve the reference itself.

8. Operational Considerations • Dan Romascanu:“The Internet-Draft does not include any operations or manageability considerations or requirements. At a minimum I would suggest that consideration is given to whether there is need for any prior configuration of hosts or nodes or LISs involved in the protocol, if yes how this will be done, what is the level of traffic this protocol is supposed to generate in a network, are there any dependencies or impact on other protocols, any means of monitoring the status of the entities running the protocol and any faults specific to this protocol to be reported to an operator. “ • Has never been raised before. What should we do?