On 11/26/12, Alex <dreamwaverfx@yahoo.com> wrote:
This would be great for troubleshooting things...I agree, but other than that it would create a whole new plethora of privacy concerns.
Just about every new technology, IP itself included has privacy concerns, related to it; which is really just a fancy new name for security confidentiality concerns, regarding WHO is doing what things on the network. That doesn't mean you blacklist those technologies.... In fact, in some cases _identification_ of network nodes is a very good thing. I would like very much for spammers to be identifiable, even at the cost of some so-called "privacy" (not that embedding IP location data helps with that).... Heck, HTTPS has privacy concerns, because it requires a certificate, containing personal details of the server to operate. I suppose it would be rather interesting if the certificate contained GPS details as well, if end hosts' IP stacks were required to verify the GPS data is either accurate or not present, and SSL clients were expected to validate that the details in the IP packets matched, and if a list of GPS positions was declared as a critical X509 extension. Then a third-party hosting provider would not be able to be used to spoof a HTTPS site (without the intruder gaining root access, in order to spoof IP packets). The existence of privacy concerns, does not mean you hesitate to implement a protocol in any way, shape or form. Privacy concerns,mean you as a user of that technology, pull out your handy dandy risk calculator, and weight the details carefully consider, what the probability and impact of the various risks actually are -- what bad things can actually happen, if the detail X is exposed, and what (if any) mitigations you choose for your particular scenario. Which will for end users typically involve setting a local policy such as: o Don't turn on the "Populate Packet headers with Location data" Or: o Don't stamp packets with location data, except to trusted hosts, when stamped packets are sent with headers encrypted over VPN in tunnel mode Or: o Introduce sufficient error, that the GPS data does not significantly compromise location -- -JH ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE