IETF Logo Mail Archive

Re: [cnit] CNIT Charter bashing..

"Peterson, Jon" <jon.peterson@neustar.biz> Mon, 29 June 2015 23:47 UTC

Return-Path: <jon.peterson@neustar.biz>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408D91B3624 for <cnit@ietfa.amsl.com>; Mon, 29 Jun 2015 16:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -99.567
X-Spam-Level:
X-Spam-Status: No, score=-99.567 tagged_above=-999 required=5 tests=[BAYES_50=0.8, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3olIsJ-BFHd6 for <cnit@ietfa.amsl.com>; Mon, 29 Jun 2015 16:47:36 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0a-0018ba01.pphosted.com [67.231.149.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B2C41B3622 for <cnit@ietf.org>; Mon, 29 Jun 2015 16:47:36 -0700 (PDT)
Received: from pps.filterd (m0078666.ppops.net [127.0.0.1]) by mx0a-0018ba01.pphosted.com (8.15.0.59/8.14.7) with SMTP id t5TNlJ24007922; Mon, 29 Jun 2015 19:47:34 -0400
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by mx0a-0018ba01.pphosted.com with ESMTP id 1vb5y6ru5y-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 29 Jun 2015 19:47:34 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.189]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0158.001; Mon, 29 Jun 2015 19:47:32 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Richard Shockey <richard@shockey.us>, Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>, "Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com>
Thread-Topic: [cnit] CNIT Charter bashing..
Thread-Index: AQHQpF27KGEooroT50KUThK45F2vPZ2nvtOAgAAcbYCAAAFnAIABDhMAgAA9LQCAAAZIgIAAAREAgAAZ6QCAAArCAIAAB9cAgAAPTgCAABkwgIAANESAgAGXr4CAAP2pAIAAQ9wAgAHZCwCAAAXIgIAVoFeA
Date: Mon, 29 Jun 2015 23:47:31 +0000
Message-ID: <D1B6E341.1549D9%jon.peterson@neustar.biz>
References: <D19F23AD.26CEA%richard@shockey.us> <E42CCDDA6722744CB241677169E8365603614617@MISOUT7MSGUSRDB.ITServices.sbc.com> <9588_1434045613_5579CCAD_9588_574_1_fki5dyxdmgyv92b6hugpfuoy.1434045608655@email.android.com> <E6A16181E5FD2F46B962315BB05962D07D354C94@fcc.gov> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <D1A05A04.26E84%richard@shockey.us> <E6A16181E5FD2F46B962315BB05962D07D355543@fcc.gov> <557AE9E4.5030205@cs.tcd.ie> <D1A0761F.26EE1%richard@shockey.us> <15E9AA29-E9F1-4DA6-ADA4-E201F8F07B7A@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326B72@FHDP1LUMXC7V31.us.one.verizon.com> <53A932AB-5E5D-41C0-895F-21EC1D4B17D5@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326CB7@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D3558A5@fcc.gov> <2B0F677F0B95454297753F58D4A07FA30279326E8D@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D35C213@fcc.gov> <2B0F677F0B95454297753F58D4A07FA30279326EC8@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D35E829@fcc.gov> <D1A4C8C9.2720D%richard@shockey.us>
In-Reply-To: <D1A4C8C9.2720D%richard@shockey.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-originating-ip: [192.168.128.52]
Content-Type: text/plain; charset="utf-8"
Content-ID: <3A69838A6127824F841DD1CABF6A3B2F@neustar.biz>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-06-29_05:2015-06-29,2015-06-29,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1506180000 definitions=main-1506290385
Archived-At: <http://mailarchive.ietf.org/arch/msg/cnit/1JKab7GsymK84vFW5opgOlC9N24>
Cc: "cnit@ietf.org" <cnit@ietf.org>
Subject: Re: [cnit] CNIT Charter bashing..
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cnit/>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Jun 2015 23:47:38 -0000

It's not clear to me that we need any STIR-like mechanisms to be in place
before embarking on CNIT. What I've basically written in to STIR is an
extension field that CNIT could use to hook into the signature. All it
would require is that CNIT create a specification (as currently written, a
Standards Track RFC) that designates what the field(s) that will be
signed, and then the necessary procedures and so on.

Fundamentally I agree that hooking CNIT into STIR will only provide part
of a solution. There are going to be cases when the entity that originates
(or signs) SIP signaling is not going to be the right party to attest to
the proper display name for a user.

Architecturally, what I'd probably prefer is to think about this work as
designing a small, but somewhat extensible block of information which
someone could sign. Small enough that it could fit in a SIP message, and
be signed there by hooking into the STIR extension field. But also
something that could be carried by an external protocol for those cases
when the STIR signer might not be the authority on the display name. Maybe
the STIR signer would fetch it via that external protocol, and then pass
along the signature of the authority from whom they acquired it, in
addition to signing it themselves. Or maybe the recipient would use the
external protocol if there is no STIR hook. If we build a system with
roughly those qualities, and focus more on the info block than on how it
gets transported necessarily, I think we'll do some valuable work.

Jon Peterson
Neustar, Inc.

On 6/15/15, 3:32 PM, "Richard Shockey" <richard@shockey.us> wrote:

>
>Tim Henning .. This is uniquely timely and important because the SIP Forum
>is at this moment attempting to revise its SIPConnect Recommendation for
>PBX / hosted to SSP interface where the data may be originated by the
>enterprise and it needs to be treated in some way by the NNI. (hopefully
>maybe not stripped if its seen in the FROM or P-AI)
>
>Its a complication but not insurmountable. It clearly shows we need to
>rethink the charter and look at some baby steps vs demanding that all the
>STIR like mechanisms be in place before there is progress.
>
>
>
>‹ 
>Richard Shockey
>Shockey Consulting LLC
>Chairman of the Board SIP Forum
>www.shockey.us
>www.sipforum.org
>richard<at>shockey.us
>Skype-Linkedin-Facebook rshockey101
>PSTN +1 703-593-2683
>
>
>
>
>
>On 6/15/15, 6:11 PM, "Henning Schulzrinne" <Henning.Schulzrinne@fcc.gov>
>wrote:
>
>>Agreed that the terminating carrier can provide added value, e.g., by
>>linking to other information. You could imagine mapping numbers to BBB
>>information, or databases or registered charities, or Yelp... I am
>>somewhat surprised that this isn't happening already more broadly.
>>
>>________________________________________
>>From: Dwight, Timothy M (Tim) [timothy.dwight@verizon.com]
>>Sent: Sunday, June 14, 2015 1:58 PM
>>To: Henning Schulzrinne
>>Cc: cnit@ietf.org
>>Subject: RE: [cnit] CNIT Charter bashing..
>>
>>Henning,
>>
>>I'm not sure 'carrier B' would in the "in-band case" have no incentive to
>>use a 3rd party service.  It might be that the 3rd party service provides
>>additional information and/or is considered more trustworthy than whoever
>>provided the in-band information.  We can (and I hope will) change the
>>incentives.  I think it would be a reasonable objective to carry whatever
>>content is deemed "necessary" to serve the public, in-band.  If people
>>want to operate databases full of calling party's cat pictures, and
>>Carrier B wants to provide this to their customer (or allow their
>>customer to obtain it themselves, e.g., provide them a link to it) that's
>>all OK with me.
>>
>>I agree with you about the importance of being able to know
>>unambiguously, who inserted the information.
>>
>>Tim
>>
>>_______________________________________________
>>cnit mailing list
>>cnit@ietf.org
>>https://www.ietf.org/mailman/listinfo/cnit
>
>
>_______________________________________________
>cnit mailing list
>cnit@ietf.org
>https://www.ietf.org/mailman/listinfo/cnit

v2.23.0 | Report a Bug | By Email