Re: [cnit] CNIT Charter bashing..
Richard Shockey <richard@shockey.us> Sat, 13 June 2015 01:49 UTC
Return-Path: <richard@shockey.us>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCC791A89C7 for <cnit@ietfa.amsl.com>; Fri, 12 Jun 2015 18:49:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.401
X-Spam-Level:
X-Spam-Status: No, score=-3.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_I_LETTER=-2, J_CHICKENPOX_56=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRn5jhLpiaeO for <cnit@ietfa.amsl.com>; Fri, 12 Jun 2015 18:49:53 -0700 (PDT)
Received: from qproxy4-pub.mail.unifiedlayer.com (qproxy4-pub.mail.unifiedlayer.com [66.147.248.250]) by ietfa.amsl.com (Postfix) with SMTP id 3F4DA1A89F2 for <cnit@ietf.org>; Fri, 12 Jun 2015 18:49:53 -0700 (PDT)
Received: (qmail 20927 invoked by uid 0); 13 Jun 2015 01:49:48 -0000
Received: from unknown (HELO cmgw3) (10.0.90.84) by qproxy4.mail.unifiedlayer.com with SMTP; 13 Jun 2015 01:49:48 -0000
Received: from box462.bluehost.com ([74.220.219.62]) by cmgw3 with id fjNj1q00Q1MNPNq01jNmfC; Sat, 13 Jun 2015 01:22:56 -0600
X-Authority-Analysis: v=2.1 cv=K/SxQUmI c=1 sm=1 tr=0 a=jTEj1adHphCQ5SwrTAOQMg==:117 a=jTEj1adHphCQ5SwrTAOQMg==:17 a=cNaOj0WVAAAA:8 a=f5113yIGAAAA:8 a=j1VUBDpLDLYA:10 a=8nJEP1OIZ-IA:10 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=ZZnuYtJkoWoA:10 a=8WrITzYgnNwA:10 a=-h4zUWlAkX4A:10 a=XAFQembCKUMA:10 a=ll-iCDY8AAAA:8 a=M0OflfRGAAAA:8 a=ZsyXEVtvAAAA:8 a=z9tbli-vAAAA:8 a=48vgC7mUAAAA:8 a=HLLxP2VMAAAA:8 a=-RqHiGeZdT-GHi7QhSwA:9 a=8tGa-5p59C2Tw4sx:21 a=d5IlJd9w4uSEENub:21 a=wPNLvfGTeEIA:10 a=ivbTfD_dPm4A:10 a=6fpOX-4qs7AA:10 a=BQYh4w-RC7EA:10
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default; h=Content-transfer-encoding:Content-type:Mime-version:In-Reply-To:References:Message-ID:CC:To:From:Subject:Date; bh=lIrvKle+btr31uh2rTVavoia4J6UDmrLst6oMweaFcc=; b=BRp14qG9gPnl+42U1b2tadAVZEMx8Xcxk5Ef7boAqhBbTCS07fqr4jxZdwGqARfSLFc2JkJr+LwGqWYVx1au/Tz6gxnMNmfMR6imwxgqmKcwoDFHfV/qkIUalXMDNbbv;
Received: from [108.56.131.149] (port=52340 helo=[192.168.1.11]) by box462.bluehost.com with esmtpa (Exim 4.84) (envelope-from <richard@shockey.us>) id 1Z3aGN-0007jK-9J; Fri, 12 Jun 2015 19:29:35 -0600
User-Agent: Microsoft-MacOutlook/14.5.1.150515
Date: Fri, 12 Jun 2015 21:29:29 -0400
From: Richard Shockey <richard@shockey.us>
To: Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>, "Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com>, Brian Rosen <br@brianrosen.net>
Message-ID: <D1A0FC51.26FA9%richard@shockey.us>
Thread-Topic: [cnit] CNIT Charter bashing..
References: <D19F23AD.26CEA%richard@shockey.us> <E42CCDDA6722744CB241677169E8365603614617@MISOUT7MSGUSRDB.ITServices.sbc.com> <9588_1434045613_5579CCAD_9588_574_1_fki5dyxdmgyv92b6hugpfuoy.1434045608655@email.android.com> <E6A16181E5FD2F46B962315BB05962D07D354C94@fcc.gov> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <D1A05A04.26E84%richard@shockey.us> <E6A16181E5FD2F46B962315BB05962D07D355543@fcc.gov> <557AE9E4.5030205@cs.tcd.ie> <D1A0761F.26EE1%richard@shockey.us> <15E9AA29-E9F1-4DA6-ADA4-E201F8F07B7A@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326B72@FHDP1LUMXC7V31.us.one.verizon.com> <53A932AB-5E5D-41C0-895F-21EC1D4B17D5@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326CB7@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D3558A5@fcc.gov>
In-Reply-To: <E6A16181E5FD2F46B962315BB05962D07D3558A5@fcc.gov>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-Identified-User: {3286:box462.bluehost.com:shockeyu:shockey.us} {sentby:smtp auth 108.56.131.149 authed with richard+shockey.us}
Archived-At: <http://mailarchive.ietf.org/arch/msg/cnit/PTPRv1iB3VjMwhddoUg2-DPrAjI>
Cc: "philippe.fouquart@orange.com" <philippe.fouquart@orange.com>, Ben Campbell <ben@nostrum.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "cnit@ietf.org" <cnit@ietf.org>
Subject: Re: [cnit] CNIT Charter bashing..
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cnit/>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2015 01:49:56 -0000
Henning the biggest issue is that any form of advanced CNAM display is not currently applicable to the the mobile access devices. Which are now finally over 50% of the NANP even if you consider BYOD in the enterprise. Yea that is another use case. Hence the issue with Apple. This is ultimately a problem with that will have to be coordinated with US GSMA or GSMA generally. Or IMHO with the the 8th floor on 12th st. It really is a jawboning use. Tom needs to call Tim Cook or Larry Page and make the ask. I do reject Brians pretense here. Given the IETF context perfection is actually the enemy of deployment. I want a charter that is simple and clear. Header and object. Period. If that is impossible then .. Its time the AD¹s decide. Richard Shockey Shockey Consulting LLC Chairman of the Board SIP Forum www.shockey.us www.sipforum.org richard<at>shockey.us Skype-Linkedin-Facebook rshockey101 PSTN +1 703-593-2683 On 6/12/15, 6:28 PM, "Henning Schulzrinne" <Henning.Schulzrinne@fcc.gov> wrote: >Today's CNAM display has three problems: > >(1) It is unclear to the recipient how the data got inserted and by whom. >There is no realistic way for the callee to find out - good luck calling >your phone company consumer support line and asking about CNAM database >dips. > >(2) The caller has no idea what will be shown to any given called party - >depending on the destination CNAM service, it could be the correct name, >nothing, just "Florida", or maybe the name of the person who had the same >number six months ago and hopefully didn't sell adult entertainment. > >(3) For some numbers, bad actors can insert any random information they >choose, again with problem #1. > >Even unsigned SIP display or Call-Info information, with some modicum of >common behavior among carriers, will address all three problems, even if >not perfectly, then most of the time. I may have no idea what validation >Verizon uses to assure that their customers are indeed John Smith, but at >least I know that I can tell who created the entry. A lawyer will know >where to address the cease&desist letter if needed. > >________________________________________ >From: Dwight, Timothy M (Tim) [timothy.dwight@verizon.com] >Sent: Friday, June 12, 2015 3:21 PM >To: Brian Rosen >Cc: Richard Shockey; philippe.fouquart@orange.com; Henning Schulzrinne; >cnit@ietf.org; Stephen Farrell >Subject: RE: [cnit] CNIT Charter bashing.. > >I guess as long as the derivation of the name (who is asserting it to be >a valid representation of the caller, and from where did they get it) is >clear to the receiving network, I guess this is OK. I still have my >doubts whether such a value will prove useful, given that its computation >is not standardized. But in some contexts, it might. > >Tim > > >-----Original Message----- >From: Brian Rosen [mailto:br@brianrosen.net] >Sent: Friday, June 12, 2015 12:51 PM >To: Dwight, Timothy M (Tim) >Cc: Richard Shockey; philippe.fouquart@orange.com; Henning Schulzrinne; >cnit@ietf.org; Stephen Farrell >Subject: Re: [cnit] CNIT Charter bashing.. > >Yes, it would be assigned by the entity that signed the name. > >It¹s not true that it would always be the highest possible value. If the >entity that provided it did that, the receiving entity might not believe >it, and choose to use an alternative name source (or at least check >another service to see what it thought). Modern systems that collect >names subject user data with verification sources that are getting very >accurate, but those services have scoring systems that don¹t result in >black/white results. Older systems blithely accept whatever the customer >says, and those are not accurate. Some services have something simpler, >like the name has to match a credit card name, but we know those are >pretty spoofable these days. Real systems use external verification >services that provide scores for this kind of thing. > >I¹m simply proposing that we allow an optional confidence, in the range >of 0-100, and that it be part of the data signed by the data provider. >No one has to send it, no one has to look at it. But it represents what >is state of the art these days on asserting names and I think it¹s >valuable. > >Brian >> On Jun 12, 2015, at 9:56 AM, Dwight, Timothy M (Tim) >><timothy.dwight@verizon.com> wrote: >> >> Who would assign the confidence value? If it's assigned by the entity >>that operates the calling name database, why would it ever be less than >>the highest possible value? If it's set by some other entity, on what >>basis do they determine the value they assign? It seems like we're >>going to stumble over business issues. >> >> Tim >> >> >> -----Original Message----- >> From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Brian Rosen >> Sent: Friday, June 12, 2015 11:28 AM >> To: Richard Shockey >> Cc: philippe.fouquart@orange.com; Henning Schulzrinne; cnit@ietf.org; >> Stephen Farrell >> Subject: Re: [cnit] CNIT Charter bashing.. >> >> One possible extra bit is that we need to know WHO signed. That could >>be easy (identity in a cert for the signature), but it¹s a requirement. >> >> I still want an optional confidence value, because the source is often >>not authoritative. >> >> If we¹re thinking we¹re using the existing display name, and coming up >>with a way to sign it, then, like stir, the termination side can decide >>what it wants to do if it gets a display name but no signature. The >>sender has the option to provide the name or not, and provide the >>signature or not. >> >> We COULD consider a new header that would contain the name encrypted >>for a destination TN (To:). That would afford privacy to the name to >>middle boxes that we would not have today with display name. I would >>not be opposed to that. This would work like the offline stir proposal, >>where the sender obtains the public key of the recipient and encrypts >>the name for the recipient. >> >> Brian >> >>> On Jun 12, 2015, at 8:49 AM, Richard Shockey <richard@shockey.us> >>>wrote: >>> >>> >>> Henning is right. No one is forcing anything. Existing anonymous >>> calling protections still apply. >>> >>> >>> Again my point is that is a great many cases Interconnected SIP >>> between NA carriers are covered by other security mechanisms. >>> >>> Right now your Facetime session is totally in the clear. My concern >>> is we end up going down the rat hole of trying to create perfect end >>> to end security nothing will get done. >>> >>> >>> >>> On 6/12/15, 10:17 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> >>>wrote: >>> >>>> >>>> >>>> On 12/06/15 15:13, Henning Schulzrinne wrote: >>>>> In almost all cases of interest, the calling party *wants* to >>>>> disclose accurate information to the called party, so the privacy >>>>> issues don't seem to arise. They would only arise if there was >>>>> forced disclosure; I don't think anybody is proposing that. >>>> >>>> Privacy issues could also arise if a middlebox could now see >>>> sensitive information that it previously could not see. I think that >>>> is independent of whether disclosure is desired by either of the >>>> endpoints. >>>> >>>> S. >>>> >>>> _______________________________________________ >>>> cnit mailing list >>>> cnit@ietf.org >>>> https://www.ietf.org/mailman/listinfo/cnit >>> >>> >>> _______________________________________________ >>> cnit mailing list >>> cnit@ietf.org >>> https://www.ietf.org/mailman/listinfo/cnit >> >> _______________________________________________ >> cnit mailing list >> cnit@ietf.org >> https://www.ietf.org/mailman/listinfo/cnit >
- [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Eric Burger
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. DOLLY, MARTIN C
- Re: [cnit] CNIT Charter bashing.. philippe.fouquart
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. DOLLY, MARTIN C
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. philippe.fouquart
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. philippe.fouquart
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Stephen Farrell
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Brian Rosen
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- [cnit] Who says I am me? I say it is me. I have n… Eric Burger
- Re: [cnit] CNIT Charter bashing.. Dwight, Timothy M (Tim)
- Re: [cnit] Who says I am me? I say it is me. I ha… Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Richard Shockey
- Re: [cnit] Who says I am me? I say it is me. I ha… Dwight, Timothy M (Tim)
- Re: [cnit] CNIT Charter bashing.. Peterson, Jon
- Re: [cnit] CNIT Charter bashing.. Henning Schulzrinne
- Re: [cnit] CNIT Charter bashing.. Peterson, Jon