The IETF emergency services architecture depends on the ability to determine user location so that it can be transmitted to the Public Service Access Point (PSAP). In a number of situations, user location is determined based on information provided by network access infrastructure. For example, the Location Information Server (LIS) might determine the user location based on information provided by the NAS, such as the NAS-IP-Address/NAS-IPv6-Address/NAS-Identifier attributes. In such situations, the consequences of a "Lying" or misconfigured NAS may be quite serious. For example, a NAS which is misconfigured or falsifying its identity within an Access-Request could lead to the PSAP sending emergency services personnel to the wrong location. In situations where NAS attributes are being used for emergency service dispatch, checking the validity of those attributes seems like it would be quite important. For example, it would be useful not only to determine whether: a. The NAS identification attributes sent in the Access-Request corresponds to the AAA credentials provided by the NAS; b. The NAS is advertising the same identity to the user as to the AAA infrastructure; c. The actual NAS location is consistent with the location assumed by the LIS; Issue a) should be detectable by a first hop AAA server checking the NAS identification attributes against the source address of the AAA Request. Issue b) can be detected by checking the channel binding info provided by the peer against the info provided by the AAA server Issue c) can be detected by looking at accounting records to determine whether the NAS location data is consistent with the observed handoff patterns. For example, one would not expect handoffs to occur regularly between a NAS located in New York and one located in Pennsylvania.
_______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
