Re: [cnit] CNIT Charter bashing..

[Richard Shockey <richard@shockey.us>]

Tim I hope we can remember that the use cases here are not always driven
by consumer to consumer.  B2B is equally important though the rules get
tricky for B2C.



On 6/13/15, 7:09 PM, "Dwight, Timothy M (Tim)"
<timothy.dwight@verizon.com> wrote:

>Henning,
>
>As you may know, there are controls over disclosure of calling name data
>that mirror those which govern disclosure of calling number.  In the
>conventional CNAM model these are attributes in the LIDB.  These need
>either to be explicitly changed (e.g., if consumers no longer need these
>protections) or replicated into whatever alternative model this group
>develops.  Since it's not up to the IETF to determine public policy, I
>guess we're best off trying to replicate the existing functionality.

Hense my insistence on first simply looking at what headers are used here
in order to maintain some interoperability.  There are enough folks around
here in DC that can deal with the policy questions. I certainly understand
the concern about privacy issues. Its actually one of the more interesting
parts of the issue.  Who¹s privacy are we trying to protect.  The privacy
of the calling party or the privacy of the called party? Should the called
party have some rights to know who is calling?

Or are we doomed to voice mail hell for the rest of eternity or worse.
   
http://www.bloomberg.com/news/articles/2014-12-22/coca-cola-disconnects-voi
ce-mail-at-headquarters


IMHO this development is directly the result of the industry not focusing
on the underlying problem in the current service definition.  BTW I don¹t
agree with all of the conclusions here. In fact there is some anecdotal
evidence that that point to point voice communications is experiencing a
small resurgence since real time voice communications does not leave a
³paper trail² nor subject to fat thumb ³send all² buttons and voice
communications are not generally recorded except by the NSA for course.


>
>Intuitively I agree that an entity with a "public" or "semi-public"
>telephone number would probably not object to their name being displayed
>to people they call.  But that is not necessarily the case.  All I can
>say for sure is that today consumers have control over this (you can mark
>your name "public" or "private" in the LIDB;  and you can ask that name
>presentation be "tied" to number presentation - i.e., if you can ask that
>presentation of your name be blocked if presentation of your number is
>blocked, either permanently or call-by-call).
>
>Similarly I can't say for sure whether anyone would object to their name
>being visible to networks or network elements to which it is not visible
>today.  I think if we propose to increase its visibility the onus is on
>us to be sure.
>
>Tim
>
>
>-----Original Message-----
>From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Henning Schulzrinne
>Sent: Friday, June 12, 2015 5:48 PM
>To: Dwight, Timothy M (Tim); cnit@ietf.org
>Subject: Re: [cnit] CNIT Charter bashing..
>
>I suspect there could be cases where a caller objects to the disclosure
>to intermediate entities; they clearly should have the option of not
>including the name information, either on a call-by-call or global basis.
>I'm guessing that this is a rare case; for the entities most reliant on
>caller name information, namely entities that cannot count on being in
>the address book of the called party, they usually have semi-public
>telephone numbers, so that the mapping to the name is essentially public.
>As I noted, as long as roughly the same information is in-band as
>out-of-band today, every single carrier can already look up CNAM
>information if they are so inclined. Thus, I'm not quite following how
>this makes things worse. (The difference is that today, I can look up
>CNAM information for any phone number, even if the entity never called
>me. In-band delivery would obviate the need for CNAM databases, so it
>would seem to make things better, not worse.)
>
>The latter point obviously only applies to countries with CNAM; as long
>as the opt-in/opt-out nature is preserved, this seems more like a
>disclosure issue ("your name is visible to your carrier and, if the
>carrier is too lazy to implement SIP over TLS, any national intelligence
>agency that happens to be watching that fiber").
>
>________________________________________
>From: Dwight, Timothy M (Tim) [timothy.dwight@verizon.com]
>Sent: Friday, June 12, 2015 12:47 PM
>To: Richard Shockey; Stephen Farrell; Henning Schulzrinne;
>philippe.fouquart@orange.com; cnit@ietf.org
>Subject: RE: [cnit] CNIT Charter bashing..
>
>Rich,
>
>I'm probably not following this right, so bear with me.  In the current
>paradigm the calling party's name isn't sent in the call request message,
>right?  But you're proposing that it should be (or optionally could be,
>whatever).  Doesn't that open up the possibility Mr. Farrell suggested,
>that some entity that's in the path of the call request message can "see"
>something he previously could not?
>
>Note that "existing anonymous calling protections" apply to the
>presentation of information to the user, not necessarily to carriage of
>information across the network.  The FROM header may be anonymized when
>the calling user requests privacy, for example, but the
>P-Asserted-Identity header will not.  So if we were to use the display
>name in the P-A-ID to carry the calling party name asserted by the
>originating network, that name would (unless we encrypt it) be "visible"
>to any network element on the path of the INVITE.
>
>tim
>
>
>-----Original Message-----
>From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Richard Shockey
>Sent: Friday, June 12, 2015 10:50 AM
>To: Stephen Farrell; Henning Schulzrinne; philippe.fouquart@orange.com;
>cnit@ietf.org
>Subject: Re: [cnit] CNIT Charter bashing..
>
>
>Henning is right. No one is forcing anything. Existing anonymous calling
>protections still apply.
>
>
>Again my point is that is a great many cases Interconnected SIP between
>NA carriers are covered by other security mechanisms.
>
>Right now your Facetime session is totally in the clear. My concern is we
>end up going down the rat hole of trying to create perfect end to end
>security nothing will get done.
>
>
>
>On 6/12/15, 10:17 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>
>>
>>
>>On 12/06/15 15:13, Henning Schulzrinne wrote:
>>> In almost all cases of interest, the calling party *wants* to
>>> disclose accurate information to the called party, so the privacy
>>> issues don't seem to arise. They would only arise if there was forced
>>> disclosure; I don't think anybody is proposing that.
>>
>>Privacy issues could also arise if a middlebox could now see sensitive
>>information that it previously could not see. I think that is
>>independent of whether disclosure is desired by either of the
>>endpoints.
>>
>>S.
>>
>>_______________________________________________
>>cnit mailing list
>>cnit@ietf.org
>>https://www.ietf.org/mailman/listinfo/cnit
>
>
>_______________________________________________
>cnit mailing list
>cnit@ietf.org
>https://www.ietf.org/mailman/listinfo/cnit
>
>
>_______________________________________________
>cnit mailing list
>cnit@ietf.org
>https://www.ietf.org/mailman/listinfo/cnit
>
>_______________________________________________
>cnit mailing list
>cnit@ietf.org
>https://www.ietf.org/mailman/listinfo/cnit