Adding GPS location to IPv6 header
Jimmy Hess
mysidia at gmail.com
Tue Nov 27 01:33:02 UTC 2012
On 11/26/12, Alex <dreamwaverfx at yahoo.com> wrote:
> This would be great for troubleshooting things...I agree, but other than
> that it would create a whole new plethora of privacy concerns.
Just about every new technology, IP itself included has privacy concerns,
related to it; which is really just a fancy new name for security
confidentiality
concerns, regarding WHO is doing what things on the network. That doesn't
mean you blacklist those technologies.... In fact, in some cases
_identification_ of network nodes is a very good thing.
I would like very much for spammers to be identifiable, even at the
cost of some so-called "privacy" (not that embedding IP location data
helps with that)....
Heck, HTTPS has privacy concerns, because it requires a certificate,
containing
personal details of the server to operate. I suppose it would be
rather interesting if the certificate contained GPS details as well,
if end hosts' IP stacks were required to verify the GPS data is
either accurate or not present, and SSL clients were expected to
validate that the details in the IP packets matched, and if a list of
GPS positions was declared as a critical X509 extension.
Then a third-party hosting provider would not be able to be used to
spoof a HTTPS site (without the intruder gaining root access, in
order to spoof IP packets).
The existence of privacy concerns, does not mean you hesitate to implement a
protocol in any way, shape or form.
Privacy concerns,mean you as a user of that technology, pull out your handy
dandy risk calculator, and weight the details carefully consider,
what the probability
and impact of the various risks actually are -- what bad things can actually
happen, if the detail X is exposed, and what (if any) mitigations you
choose for
your particular scenario.
Which will for end users typically involve setting a local policy such as:
o Don't turn on the "Populate Packet headers with Location data"
Or:
o Don't stamp packets with location data, except to trusted hosts,
when stamped packets are sent with headers encrypted over VPN in tunnel mode
Or:
o Introduce sufficient error, that the GPS data does not
significantly compromise location
--
-JH
More information about the NANOG
mailing list