Re: [cnit] CNIT Charter bashing..

[Richard Shockey <richard@shockey.us>]

On 6/12/15, 12:47 PM, "Dwight, Timothy M (Tim)"
<timothy.dwight@verizon.com> wrote:

>Rich,
>
>I'm probably not following this right, so bear with me.  In the current
>paradigm the calling party's name isn't sent in the call request message,
>right? 

You know how it works in SS7. If SIP is used the verbose CNAM (15
character ASCII) data can be carried in either the From field or P-A
though its my understanding that P-A is typically preferred. There is
another proposal we have seen that could carry the verbose data in
CALL-INFO as well.


> But you're proposing that it should be (or optionally could be,
>whatever). 

Could be..

> Doesn't that open up the possibility Mr. Farrell suggested, that some
>entity that's in the path of the call request message can "see" something
>he previously could not?

Possibly if normal BGP routing is done vs big yellow fiber optic cable.
There are multiple interconnection models here some use classic IP routing
others don¹t. The use case I would want to protect is the one where the
security layer is lower on the stack or the reference to A-CNAM or PII
would be by URI reference where the originating SP could apply normal
HTTPS security mechanism for retrieval etc.  This would certainly apply to
the 7095 JSON vcard object.

>
>Note that "existing anonymous calling protections" apply to the
>presentation of information to the user, not necessarily to carriage of
>information across the network.  The FROM header may be anonymized when
>the calling user requests privacy, for example, but the
>P-Asserted-Identity header will not

Yes but that is a policy issue that needs to be worked out.


>.  So if we were to use the display name in the P-A-ID to carry the
>calling party name asserted by the originating network, that name would
>(unless we encrypt it) be "visible" to any network element on the path of
>the INVITE.  

Or available by reference as the terminating SBC does the look up Šoh
between the first and second ring :-)

>
>tim
>
>
>-----Original Message-----
>From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Richard Shockey
>Sent: Friday, June 12, 2015 10:50 AM
>To: Stephen Farrell; Henning Schulzrinne; philippe.fouquart@orange.com;
>cnit@ietf.org
>Subject: Re: [cnit] CNIT Charter bashing..
>
>
>Henning is right. No one is forcing anything. Existing anonymous calling
>protections still apply.
>
>
>Again my point is that is a great many cases Interconnected SIP between
>NA carriers are covered by other security mechanisms.
>
>Right now your Facetime session is totally in the clear. My concern is we
>end up going down the rat hole of trying to create perfect end to end
>security nothing will get done.
>
>
>
>On 6/12/15, 10:17 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>
>>
>>
>>On 12/06/15 15:13, Henning Schulzrinne wrote:
>>> In almost all cases of interest, the calling party *wants* to
>>> disclose accurate information to the called party, so the privacy
>>> issues don't seem to arise. They would only arise if there was forced
>>> disclosure; I don't think anybody is proposing that.
>>
>>Privacy issues could also arise if a middlebox could now see sensitive
>>information that it previously could not see. I think that is
>>independent of whether disclosure is desired by either of the
>>endpoints.
>>
>>S.
>>
>>_______________________________________________
>>cnit mailing list
>>cnit@ietf.org
>>https://www.ietf.org/mailman/listinfo/cnit
>
>
>_______________________________________________
>cnit mailing list
>cnit@ietf.org
>https://www.ietf.org/mailman/listinfo/cnit