On 8/20/14 3:31 PM, Kathleen Moriarty wrote:
---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- [...] Can clients query any database entries or is the interface restricted to the list of supported interactions? I assume the answer is that it is limited to the set of database interactions defined, but could not find any statement saying that in this draft or the prior requirements in RFC6953.
I'm not sure exactly what you mean here. Are you asking whether the client or server ask for/send back more than the minimum data? Sure, that's what the "*other" business is about. Or are you asking whether additional queries/responses can be defined? I suppose they could. But I'm not sure what you're asking, or what the concern is. Can you elaborate?
Authentication is only a MAY in the Security Considerations Section, which raises another possible concern for me. Since clients can get back pretty much all of the defined datatypes (DeviceDescriptor is one example)
The client only gets back the DeviceDescriptor that it sent to the server in the request so that the client can match the response to the query.
and authentication is not required, there should be a discussion on the risks of revealing this information for both the privacy reasons Stephen and Alissa outlined as well as possible security concerns. I think this should be on a field basis in terms of sensitive elements where relevant.
The rest of the responses are the publicly available spectrum information. I'm not seeing sensitive data there.
I could see how you might want/need the types of information gathered within an administrative domain or accessed by a restricted set of users, but revealing data like what is contained in deviceDescriptor (includes model) as well as sensitive fields in other classes (AntennaCharacteristics) seems like a risk as it could be used in targeted attacks if there are known vulnerabilities to those devices. The attacks could target specific regions at specific times to effect events or to be used as part of some larger attack (could include physical). This may sound crazy, but layered attacks are very real.
This seems like it would be a problem for sniffing unencrypted data *from* another client, but I'm not getting how this sort of attack works by a client owned by the attacker querying the database.
Before I get back to the rest of your query, help me understand this far. pr -- Pete Resnick<http://www.qualcomm.com/~presnick/> Qualcomm Technologies, Inc. - +1 (858)651-4478 _______________________________________________ paws mailing list [email protected] https://www.ietf.org/mailman/listinfo/paws
