Re: [cnit] CNIT Charter bashing..

Henning Schulzrinne <> Sun, 14 June 2015 13:55 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E6D8C1A8753 for <>; Sun, 14 Jun 2015 06:55:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -3.712
X-Spam-Status: No, score=-3.712 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, GB_I_LETTER=-2, J_CHICKENPOX_56=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id PunBHQBeXeY0 for <>; Sun, 14 Jun 2015 06:55:31 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E829E1A874F for <>; Sun, 14 Jun 2015 06:55:30 -0700 (PDT)
Message-ID: <>
From: Henning Schulzrinne <>
To: "Dwight, Timothy M (Tim)" <>
Thread-Topic: [cnit] CNIT Charter bashing..
Date: Sun, 14 Jun 2015 13:55:28 +0000
References: <> <> <> <> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <> <> <> <> <> <> <>, <> <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [cnit] CNIT Charter bashing..
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 14 Jun 2015 13:55:33 -0000

Just to clarify: For the lawyer remark, I meant the future in-band scenario. I agree that under the current mode of operation, you'd need a private detective, not a lawyer. In the in-band case, carrier B would have no incentive to use a third-party service, so a call from a number assigned to Verizon would always have caller name from Verizon (however they created it).

The idea is that you don't need perfect validation if you can easily track down who inserted the information. If the information is maliciously wrong, it becomes feasible to use non-technical means to correct the information. 


From: Dwight, Timothy M (Tim) []
Sent: Saturday, June 13, 2015 6:47 PM
To: Henning Schulzrinne; Brian Rosen
Cc:;; Stephen Farrell; Richard Shockey
Subject: RE: [cnit] CNIT Charter bashing..


I appreciate, and mostly agree with, your comments below.  Please see additional thoughts inline.


-----Original Message-----
From: cnit [] On Behalf Of Henning Schulzrinne
Sent: Friday, June 12, 2015 5:28 PM
To: Dwight, Timothy M (Tim); Brian Rosen
Cc:;; Stephen Farrell; Richard Shockey
Subject: Re: [cnit] CNIT Charter bashing..

Today's CNAM display has three problems:

(1) It is unclear to the recipient how the data got inserted and by whom. There is no realistic way for the callee to find out - good luck calling your phone company consumer support line and asking about CNAM database dips.

[tmd] People do call their service provider's "support line" about issues with calling name, and we do help them.  Nobody will claim that that's easy though.  The information can be obtained in various ways from various sources.  The proliferation of non-authoritative calling name databases sometimes leads to disputes over "whose data is correct", which can delay resolution.

(2) The caller has no idea what will be shown to any given called party - depending on the destination CNAM service, it could be the correct name, nothing, just "Florida", or maybe the name of the person who had the same number six months ago and hopefully didn't sell adult entertainment.

[tmd] I agree that the caller generally cannot know what will be shown to any given called party.  I don't agree that this is always a function of the _destination_ CNAM service, though.  In "conventional" CNAM services (ref: GR-1188) the terminating exchange does a TCAP query to obtain calling name information from the originating network.  The result is in that case dictated by the caller's service provider, since it is they (or a 3rd party to whom they subcontract this service) who reply to the query.

(3) For some numbers, bad actors can insert any random information they choose, again with problem #1.

Even unsigned SIP display or Call-Info information, with some modicum of common behavior among carriers, will address all three problems, even if not perfectly, then most of the time. I may have no idea what validation Verizon uses to assure that their customers are indeed John Smith, but at least I know that I can tell who created the entry. A lawyer will know where to address the cease&desist letter if needed.

[tmd] That would be a clever lawyer.  As noted above, when incorrect calling name information is being displayed, it can be difficult to determine why.  I wish it were as simple as "if the caller is a Verizon customer, it must be Verizon's fault".  But it isn't.  Consider customers A and B.  A is a Verizon customer.  B is a CarrierB customer.  CarrierB uses 3rdPartyCnamLike service to obtain calling name information for incoming calls.  When A calls B, the name displayed to B doesn't come from Verizon.