[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Chargeable-User-Identity

To: <radiusext@ops.ietf.org>
Subject: RE: Chargeable-User-Identity
From: "Dave Nelson" <d.b.nelson@comcast.net>
Date: Tue, 11 Aug 2009 08:42:33 -0400
In-reply-to: <4A816353.60206@umk.pl>
References: <4A7FBEFA.2030702@restena.lu> <808FD6E27AD4884E94820BC333B2DB773A72364A3D@NOK-EUMSG-01.mgdnok.nokia.com> <4A7FE059.70200@restena.lu> <005c01ca1a2b$d90faec0$8b2f0c40$@net> <4A810A7E.6080100@umk.pl> <6612B18ADC444C81864933D7C87D45A8@NEWTON603> <4A816353.60206@umk.pl>

> Well, not the names of consortium members, but fact that a particular
> user is in a particular location is, of course, private and sensitive.
> Quoting from the abstract of RFC 5580:
> 
>    The distribution of location information is a privacy-sensitive task.
>    Dealing with mechanisms to preserve the user's privacy is important
>    and is addressed in this document.

Well, GEOPRIV is all about specifying the rather react location of
particular users.  Certainly some of that level of concern spills over to
the eduroam use case, but I don't see them as analogous.  Still, that's
really none of my concern.  I'm only interested in how RADIUS attributes are
re-used in this case.

> Since the visited network does not bill us for our users, we have no
> reason to know where our user is, but more importantly, we would not
> want this information to travel in the open.

OK, that sounds a bit paranoid.  If the user wants to maintain true
anonymity, they will need to use EAP methods with an anonymous outer
identity.  In that case all that can be detected is the number of users
visiting a particular university on a particular day, not their identity.
I'll admit there is *some* information there, but if you're going to perform
traffic analysis of eduroam traffic, that kind of information is going to
come out anyway.

> We want to have the Operator-Name (or equivalent) for just one reason -
> when we generate the CUI we want to do something like:
> md5(User-Name:Operator-Name:local_salt)

Sure.  You don't need it to be the actual name of an operator.  I
understand.  What I'm challenging is whether it's acceptable practice to
overload an existing RADIUS attribute to carry a new data object.  Including
a "unique but meaningless salt" in an attribute defined to hold a human
readable operator name sounds attribute overloading to me.



--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Chargeable-User-Identity
  - From: Tomasz Wolniewicz <twoln@umk.pl>
- RE: Chargeable-User-Identity
  - From: "Dave Nelson" <d.b.nelson@comcast.net>

References:
- Chargeable-User-Identity
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Chargeable-User-Identity
  - From: <Pasi.Eronen@nokia.com>
- Re: Chargeable-User-Identity
  - From: Stefan Winter <stefan.winter@restena.lu>
- RE: Chargeable-User-Identity
  - From: "Glen Zorn" <glenzorn@comcast.net>
- Re: Chargeable-User-Identity
  - From: Tomasz Wolniewicz <twoln@umk.pl>
- RE: Chargeable-User-Identity
  - From: "Dave Nelson" <d.b.nelson@comcast.net>
- Re: Chargeable-User-Identity
  - From: Tomasz Wolniewicz <twoln@umk.pl>

Prev by Date: RE: Chargeable-User-Identity
Next by Date: RE: Chargeable-User-Identity
Previous by thread: Re: Chargeable-User-Identity
Next by thread: RE: Chargeable-User-Identity
Index(es):
- Date
- Thread