Re: [cnit] CNIT Charter bashing..
"Peterson, Jon" <jon.peterson@neustar.biz> Tue, 30 June 2015 04:45 UTC
Return-Path: <jon.peterson@neustar.biz>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22DDD1B30B8 for <cnit@ietfa.amsl.com>; Mon, 29 Jun 2015 21:45:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.267
X-Spam-Level:
X-Spam-Status: No, score=-102.267 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vRtqM7GmsIKB for <cnit@ietfa.amsl.com>; Mon, 29 Jun 2015 21:45:32 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A72341B30B3 for <cnit@ietf.org>; Mon, 29 Jun 2015 21:45:31 -0700 (PDT)
Received: from pps.filterd (m0078668.ppops.net [127.0.0.1]) by mx0b-0018ba01.pphosted.com (8.15.0.59/8.14.7) with SMTP id t5U4ie25026449; Tue, 30 Jun 2015 00:45:30 -0400
Received: from stntexhc12.cis.neustar.com ([156.154.17.216]) by mx0b-0018ba01.pphosted.com with ESMTP id 1vbe5r8bw0-1 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 30 Jun 2015 00:45:30 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.189]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.03.0158.001; Tue, 30 Jun 2015 00:45:29 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>
Thread-Topic: [cnit] CNIT Charter bashing..
Thread-Index: AQHQpF27KGEooroT50KUThK45F2vPZ2nvtOAgAAcbYCAAAFnAIABDhMAgAA9LQCAAAZIgIAAAREAgAAZ6QCAAArCAIAAB9cAgAAPTgCAABkwgIAANESAgAGXr4CAAP2pAIAAQ9wAgAHZCwCAAAXIgIAVoFeAgACiRID//7D7AA==
Date: Tue, 30 Jun 2015 04:45:29 +0000
Message-ID: <D1B76866.154C3B%jon.peterson@neustar.biz>
References: <D19F23AD.26CEA%richard@shockey.us> <E42CCDDA6722744CB241677169E8365603614617@MISOUT7MSGUSRDB.ITServices.sbc.com> <9588_1434045613_5579CCAD_9588_574_1_fki5dyxdmgyv92b6hugpfuoy.1434045608655@email.android.com> <E6A16181E5FD2F46B962315BB05962D07D354C94@fcc.gov> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <D1A05A04.26E84%richard@shockey.us> <E6A16181E5FD2F46B962315BB05962D07D355543@fcc.gov> <557AE9E4.5030205@cs.tcd.ie> <D1A0761F.26EE1%richard@shockey.us> <15E9AA29-E9F1-4DA6-ADA4-E201F8F07B7A@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326B72@FHDP1LUMXC7V31.us.one.verizon.com> <53A932AB-5E5D-41C0-895F-21EC1D4B17D5@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326CB7@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D3558A5@fcc.gov> <2B0F677F0B95454297753F58D4A07FA30279326E8D@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D35C213@fcc.gov> <2B0F677F0B95454297753F58D4A07FA30279326EC8@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D35E829@fcc.gov> <D1A4C8C9.2720D%richard@shockey.us> <D1B6E341.1549D9%jon.peterson@neustar.biz> <E6A16181E5FD2F46B962315BB05962D08544B6D1@fcc.gov>
In-Reply-To: <E6A16181E5FD2F46B962315BB05962D08544B6D1@fcc.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.9.150325
x-originating-ip: [192.168.128.52]
Content-Type: text/plain; charset="utf-8"
Content-ID: <6098E5DB168D734899E5673193277568@neustar.biz>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.14.151, 1.0.33, 0.0.0000 definitions=2015-06-30_01:2015-06-29,2015-06-30,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1506180000 definitions=main-1506300085
Archived-At: <http://mailarchive.ietf.org/arch/msg/cnit/BXvpL5ooeQZAQ93NeiooHHDUpi8>
Cc: "cnit@ietf.org" <cnit@ietf.org>
Subject: Re: [cnit] CNIT Charter bashing..
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cnit/>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 04:45:34 -0000
This is more or less how I imagine it could work. Not to get ahead of a draft I haven't submitted yet, but basically the revised rfc4474bis text creates an optional Identity-Extension header which allows future specifications to define a new field or set of fields that a signature would fall over. The main Identity signature also covers the contents of Identity-Extension, when it is present. So, if CNIT were to decide to just use the From display-name, a new Identity-Extension header signature over the display-name alone could be defined. If CNIT defines a new header, like hypothetically a CNIT-Name header, then the contents of the Identity-Extension header field could be a signature over CNIT-Name. This seemed like the way we could accommodate the broadest set of design choices for CNIT. So effectively this mechanism should allow a separate header that binds the signature over the phone number to the signature in the Identity-Extension header, which in turn would cover the name. If it turns out that a hypothetical CNIT-Name header contains its own signature from the authority attesting for the display name, separate from the rfc4474bis sig, then either that could be signed via the Identity-Extension header or not. That also covers cases where the originator of a SIP request isn't the authority for the number (like, if the request enters the SIP world through a PSTN gateway). Jon Peterson Neustar, Inc. On 6/29/15, 7:28 PM, "Henning Schulzrinne" <Henning.Schulzrinne@fcc.gov> wrote: >I was wondering if it would work to have two STIR headers, with the >second binding the phone number to the display name (and other SIP >headers, to prevent replay). Obviously, downstream validating parties >have to have a reason to trust the signing party, but that always seems >to be the case when you don't have the number signer as the implied >originating carrier computing the signature. > >________________________________________ >From: Peterson, Jon [jon.peterson@neustar.biz] >Sent: Monday, June 29, 2015 7:47 PM >To: Richard Shockey; Henning Schulzrinne; Dwight, Timothy M (Tim) >Cc: cnit@ietf.org >Subject: Re: [cnit] CNIT Charter bashing.. > >It's not clear to me that we need any STIR-like mechanisms to be in place >before embarking on CNIT. What I've basically written in to STIR is an >extension field that CNIT could use to hook into the signature. All it >would require is that CNIT create a specification (as currently written, a >Standards Track RFC) that designates what the field(s) that will be >signed, and then the necessary procedures and so on. > >Fundamentally I agree that hooking CNIT into STIR will only provide part >of a solution. There are going to be cases when the entity that originates >(or signs) SIP signaling is not going to be the right party to attest to >the proper display name for a user. > >Architecturally, what I'd probably prefer is to think about this work as >designing a small, but somewhat extensible block of information which >someone could sign. Small enough that it could fit in a SIP message, and >be signed there by hooking into the STIR extension field. But also >something that could be carried by an external protocol for those cases >when the STIR signer might not be the authority on the display name. Maybe >the STIR signer would fetch it via that external protocol, and then pass >along the signature of the authority from whom they acquired it, in >addition to signing it themselves. Or maybe the recipient would use the >external protocol if there is no STIR hook. If we build a system with >roughly those qualities, and focus more on the info block than on how it >gets transported necessarily, I think we'll do some valuable work. > >Jon Peterson >Neustar, Inc. > >On 6/15/15, 3:32 PM, "Richard Shockey" <richard@shockey.us> wrote: > >> >>Tim Henning .. This is uniquely timely and important because the SIP >>Forum >>is at this moment attempting to revise its SIPConnect Recommendation for >>PBX / hosted to SSP interface where the data may be originated by the >>enterprise and it needs to be treated in some way by the NNI. (hopefully >>maybe not stripped if its seen in the FROM or P-AI) >> >>Its a complication but not insurmountable. It clearly shows we need to >>rethink the charter and look at some baby steps vs demanding that all the >>STIR like mechanisms be in place before there is progress. >> >> >> >>‹ >>Richard Shockey >>Shockey Consulting LLC >>Chairman of the Board SIP Forum >>www.shockey.us >>www.sipforum.org >>richard<at>shockey.us >>Skype-Linkedin-Facebook rshockey101 >>PSTN +1 703-593-2683 >> >> >> >> >> >>On 6/15/15, 6:11 PM, "Henning Schulzrinne" <Henning.Schulzrinne@fcc.gov> >>wrote: >> >>>Agreed that the terminating carrier can provide added value, e.g., by >>>linking to other information. You could imagine mapping numbers to BBB >>>information, or databases or registered charities, or Yelp... I am >>>somewhat surprised that this isn't happening already more broadly. >>> >>>________________________________________ >>>From: Dwight, Timothy M (Tim) [timothy.dwight@verizon.com] >>>Sent: Sunday, June 14, 2015 1:58 PM >>>To: Henning Schulzrinne >>>Cc: cnit@ietf.org >>>Subject: RE: [cnit] CNIT Charter bashing.. >>> >>>Henning, >>> >>>I'm not sure 'carrier B' would in the "in-band case" have no incentive >>>to >>>use a 3rd party service. It might be that the 3rd party service >>>provides >>>additional information and/or is considered more trustworthy than >>>whoever >>>provided the in-band information. We can (and I hope will) change the >>>incentives. I think it would be a reasonable objective to carry >>>whatever >>>content is deemed "necessary" to serve the public, in-band. If people >>>want to operate databases full of calling party's cat pictures, and >>>Carrier B wants to provide this to their customer (or allow their >>>customer to obtain it themselves, e.g., provide them a link to it) >>>that's >>>all OK with me. >>> >>>I agree with you about the importance of being able to know >>>unambiguously, who inserted the information. >>> >>>Tim >>> >>>_______________________________________________ >>>cnit mailing list >>>cnit@ietf.org >>>https://www.ietf.org/mailman/listinfo/cnit >> >> >>_______________________________________________ >>cnit mailing list >>cnit@ietf.org >>https://www.ietf.org/mailman/listinfo/cnit >
- [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Eric Burger
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. DOLLY, MARTIN C
- Re: [cnit] CNIT Charter bashing.. philippe.fouquart
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. DOLLY, MARTIN C
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. philippe.fouquart
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. philippe.fouquart
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Stephen Farrell
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- [cnit] Who says I am me? I say it is me. I have n… Eric Burger
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] Who says I am me? I say it is me. I ha… Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] Who says I am me? I say it is me. I ha… Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Peterson, Jon
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Peterson, Jon