Subject: NOTES FROM ES-ECSG Security discussion (Wed AM) From: Geoff Thompson Date: Thu, 14 Jan 2010 08:07:59 -0800 To: Geoff Thompson , Scott Henderson , Karen Randall , Bob Moskowitz We need to determine what layer will actually be responsible for any security. Moskowitz says that he doesn't think ECRIT is doing anything for security beyond what is normal for VoIP. The most apparent security problem can be succinctly described as the "Hollywood Papparazzi Problem" (expand this discussion) e.g. a) Threat to life in a hostage situation (not show up on live television) b) Usurping the location information for commercial purposes Exposure through the risk of access to network cabling is not considered to be a security risk for the purposes of this standard. The standard should be designed to minimize the external dependencies (i.e. limit security exposure traffic to just links between the STA and the PSAP. We need to document the requirements to secure the first link. In particular, we should differentiate any particular requirements or challenges associated with: - Implementation dependencies (i.e. different MACs) - Unauthenticated users RFC 5069 is supposed to be a security requirements and risk analysis. A1) Not Our Problem A2) This is above our layer A3) Allowing unauthorized user will (we suspect) create a new vulnerability. Can this be limited? Further discussion and explanantion. A4) This can be fixed with encryption. Moskowitz claims it can be done but this is not obvious to the others A5) See A4 A6 We can't do anything in this case for wireless systems A7) This is above our layer A8) End link encryption is required The group is relatively satisfied with this review.