ietf
[Top] [All Lists]

RE: [paws] WG Review: Protocol to Access White Space database (paws)

2011-04-20 09:56:26

When I hear the term "device identity spoofing", IEEE 802.1ar comes to mind 
(see http://standards.ieee.org/getieee802/download/802.1AR.-2009.pdf).  

In addition to the liaisons with IEEE 802.19, 802.22 and IEEE 802.11af, is 
there a liaison contemplated to IEEE 802.1 relating to "device identity"?

From: scott(_dot_)probasco(_at_)nokia(_dot_)com
To: stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie; ietf(_at_)ietf(_dot_)org
Subject: RE: [paws] WG Review: Protocol to Access White Space database (paws)
Date: Wed, 20 Apr 2011 14:41:23 +0000
CC: paws(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org

Hi Stephen, All,

I believe the current wording
Robust security mechanisms are required to prevent:
device identity spoofing, modification of device requests, modification
of channel enablement information, ...
is acceptable because "mechanisms are required" means they should be in the 
protocol, it does not mean they cannot be optional. PAWS should support 
Regulator requirements globally, and thus I believe there will be procedures 
or capabilities which are "required" to be in the protocol but will be 
"optional" during run time. Thus different or conflicting requirements from 
different regions of the world can be supported. (Several regulatory groups 
around the world are still developing their views and requirements).

It's not the time to dig deep into proposed solutions, just my opinion is the 
current proposed wording is an acceptable definition to allow a Work Group to 
get started defining the details.

Regards,
Scott

-----Original Message-----
From: paws-bounces(_at_)ietf(_dot_)org 
[mailto:paws-bounces(_at_)ietf(_dot_)org] On Behalf Of ext Stephen Farrell
Sent: Tuesday, April 19, 2011 4:28 PM
To: IETF-Discussion
Cc: paws(_at_)ietf(_dot_)org; iesg(_at_)ietf(_dot_)org
Subject: Re: [paws] WG Review: Protocol to Access White Space database (paws)


I think this is a good and timely thing for the IETF to do.

One part of this where I think it might be useful to get
some broader input (which may have happened already, I'm not
sure) is the following:

On 19/04/11 17:56, IESG Secretary wrote:
The protocol must protect both the channel enablement process and the
privacy of users. 

That part is fine but it goes on to say:

Robust security mechanisms are required to prevent:
device identity spoofing, modification of device requests, modification
of channel enablement information, ...

I'm told (and believe) this in response to (at least) US
FCC requirements that call for a device ID and sometimes
serial number to be (securely, for some value of securely)
sent with the query.

Those appear to be real regulatory requirements in the
US, presumably so the regulator can stomp on someone who
messes about in the wrong spectrum at the wrong time.
(The link below [1] may be to the right or wrong bit of
those US regulations, I'm not at all sure, not being
from there;-)

So my questions:

Are there may be similar (or conflicting!) requirements
elsewhere?

Does this bit of the charter text need changes to work
well for other regions?

Separately, I'm not sure how to square those kinds of
regulatory requirements with protecting privacy where the
device is carried by a person and has some FCC device ID
(which lots do I guess) and the person might not want
the database operator to know who's asking. But I think
that's ok as something for the WG to figure out since
the charter already calls for respecting privacy.

I'm more concerned in case e.g. some other regional regulation
called for this protocol to be completely anonymous or
something, in which case the current charter text might
be problematic.

Cheers,
Stephen.

[1]
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfr&sid=3e9c322addf1f7e897d8c84a6c7aca78&rgn=div8&view=text&node=47:1.0.1.1.14.8.243.9&idno=47
_______________________________________________
paws mailing list
paws(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/paws
                                          
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf