Closed
Bug 1097217
Opened 8 years ago
Closed 8 years ago
Implement the Thomson Geolocation Fuzzer
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: huseby, Assigned: huseby)
References
()
Details
Sections 13.2 and 13.3 of RFC 6772 describe the sorts of trivial attacks that are possible against this method: https://tools.ietf.org/html/rfc6772#section-13.2 This document also describes how a motivated attacker can use side channel information to recover geolocation. I'd further recommend reading Matt Duckham's papers on the subject, which outline the complexity of a genuinely good solution in this space. For instance: http://dl.acm.org/citation.cfm?id=1868472 And here's what I believe is the minimum it takes to obscure the location of someone in the absence of side channels: https://tools.ietf.org/html/draft-thomson-geopriv-location-obscuring The proposed method does not do that. I'm sensitive to potential need for a fixed geolocation for some use cases (TOR); that's a separate issue. Before you try to land code, I think that it's important to articulate what you think the threat model is and what you intend to achieve.
Assignee | ||
Updated•8 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•8 years ago
|
||
we're not going to continue working on fuzzing geolocation.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•