IETF Logo Mail Archive

Re: [cnit] CNIT Charter bashing..

"Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com> Sat, 13 June 2015 23:13 UTC

Return-Path: <timothy.dwight@verizon.com>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4CA11B319F for <cnit@ietfa.amsl.com>; Sat, 13 Jun 2015 16:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8U8ELRiB6PfM for <cnit@ietfa.amsl.com>; Sat, 13 Jun 2015 16:13:30 -0700 (PDT)
Received: from fldsmtpe03.verizon.com (fldsmtpe03.verizon.com [140.108.26.142]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43CB41A92B3 for <cnit@ietf.org>; Sat, 13 Jun 2015 16:13:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1434237210; x=1465773210; h=from:to:date:subject:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=uxAKrvnbOBJC/SGW3CoaNmmnfXXIS8gLcsFYqJuNKQY=; b=O00URPisP+LSc0uFZQmSWMYAX1Hv290TN2elqgx8TXyDJWA72OSnAPtY /5MfpMCq3KmREnf/0iEQ5yGTTUU0tL7CX4/6FN8ddC+0C8wmxK1X12Aw+ 5k/tblL6ZGHf5VSiPbqseQpKtbI0cW0vnsJlj1NEpu09jnlP4h1Xy1RDX U=;
X-IronPort-Anti-Spam-Filtered: false
Received: from unknown (HELO fldsmtpi01.verizon.com) ([166.68.71.143]) by fldsmtpe03.verizon.com with ESMTP; 13 Jun 2015 23:13:28 +0000
From: "Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com>
X-IronPort-AV: E=Sophos;i="5.13,610,1427760000"; d="scan'208";a="35395668"
Received: from fhdp1lumxc7hb03.verizon.com (HELO FHDP1LUMXC7HB03.us.one.verizon.com) ([166.68.59.190]) by fldsmtpi01.verizon.com with ESMTP; 13 Jun 2015 23:13:28 +0000
Received: from FHDP1LUMXC7V31.us.one.verizon.com ([166.68.125.32]) by FHDP1LUMXC7HB03.us.one.verizon.com ([166.68.59.190]) with mapi; Sat, 13 Jun 2015 19:13:28 -0400
To: Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>, "cnit@ietf.org" <cnit@ietf.org>
Date: Sat, 13 Jun 2015 19:09:33 -0400
Thread-Topic: [cnit] CNIT Charter bashing..
Thread-Index: AQHQpF27t1IjTQnD9Ee6If5FuC7/752nvtOAgAAcbYD//73Z54ABUaEAgAA9LQD//8LlU4AARHQAgAAZ6QCAABA5AIAAH5PPgAGUY3A=
Message-ID: <2B0F677F0B95454297753F58D4A07FA30279326E8E@FHDP1LUMXC7V31.us.one.verizon.com>
References: <D19F23AD.26CEA%richard@shockey.us> <E42CCDDA6722744CB241677169E8365603614617@MISOUT7MSGUSRDB.ITServices.sbc.com> <9588_1434045613_5579CCAD_9588_574_1_fki5dyxdmgyv92b6hugpfuoy.1434045608655@email.android.com> <E6A16181E5FD2F46B962315BB05962D07D354C94@fcc.gov> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <D1A05A04.26E84%richard@shockey.us> <E6A16181E5FD2F46B962315BB05962D07D355543@fcc.gov> <557AE9E4.5030205@cs.tcd.ie> <D1A0761F.26EE1%richard@shockey.us>, <2B0F677F0B95454297753F58D4A07FA30279326B59@FHDP1LUMXC7V31.us.one.verizon.com> <E6A16181E5FD2F46B962315BB05962D07D355940@fcc.gov>
In-Reply-To: <E6A16181E5FD2F46B962315BB05962D07D355940@fcc.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cnit/gHsXvqlbhNNs4CBC5aaNHhmdCS4>
Subject: Re: [cnit] CNIT Charter bashing..
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cnit/>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2015 23:13:33 -0000

Henning,

As you may know, there are controls over disclosure of calling name data that mirror those which govern disclosure of calling number.  In the conventional CNAM model these are attributes in the LIDB.  These need either to be explicitly changed (e.g., if consumers no longer need these protections) or replicated into whatever alternative model this group develops.  Since it's not up to the IETF to determine public policy, I guess we're best off trying to replicate the existing functionality.

Intuitively I agree that an entity with a "public" or "semi-public" telephone number would probably not object to their name being displayed to people they call.  But that is not necessarily the case.  All I can say for sure is that today consumers have control over this (you can mark your name "public" or "private" in the LIDB;  and you can ask that name presentation be "tied" to number presentation - i.e., if you can ask that presentation of your name be blocked if presentation of your number is blocked, either permanently or call-by-call).

Similarly I can't say for sure whether anyone would object to their name being visible to networks or network elements to which it is not visible today.  I think if we propose to increase its visibility the onus is on us to be sure.

Tim


-----Original Message-----
From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Henning Schulzrinne
Sent: Friday, June 12, 2015 5:48 PM
To: Dwight, Timothy M (Tim); cnit@ietf.org
Subject: Re: [cnit] CNIT Charter bashing..

I suspect there could be cases where a caller objects to the disclosure to intermediate entities; they clearly should have the option of not including the name information, either on a call-by-call or global basis. I'm guessing that this is a rare case; for the entities most reliant on caller name information, namely entities that cannot count on being in the address book of the called party, they usually have semi-public telephone numbers, so that the mapping to the name is essentially public. As I noted, as long as roughly the same information is in-band as out-of-band today, every single carrier can already look up CNAM information if they are so inclined. Thus, I'm not quite following how this makes things worse. (The difference is that today, I can look up CNAM information for any phone number, even if the entity never called me. In-band delivery would obviate the need for CNAM databases, so it would seem to make things better, not worse.)

The latter point obviously only applies to countries with CNAM; as long as the opt-in/opt-out nature is preserved, this seems more like a disclosure issue ("your name is visible to your carrier and, if the carrier is too lazy to implement SIP over TLS, any national intelligence agency that happens to be watching that fiber").

________________________________________
From: Dwight, Timothy M (Tim) [timothy.dwight@verizon.com]
Sent: Friday, June 12, 2015 12:47 PM
To: Richard Shockey; Stephen Farrell; Henning Schulzrinne; philippe.fouquart@orange.com; cnit@ietf.org
Subject: RE: [cnit] CNIT Charter bashing..

Rich,

I'm probably not following this right, so bear with me.  In the current paradigm the calling party's name isn't sent in the call request message, right?  But you're proposing that it should be (or optionally could be, whatever).  Doesn't that open up the possibility Mr. Farrell suggested, that some entity that's in the path of the call request message can "see" something he previously could not?

Note that "existing anonymous calling protections" apply to the presentation of information to the user, not necessarily to carriage of information across the network.  The FROM header may be anonymized when the calling user requests privacy, for example, but the P-Asserted-Identity header will not.  So if we were to use the display name in the P-A-ID to carry the calling party name asserted by the originating network, that name would (unless we encrypt it) be "visible" to any network element on the path of the INVITE.

tim


-----Original Message-----
From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Richard Shockey
Sent: Friday, June 12, 2015 10:50 AM
To: Stephen Farrell; Henning Schulzrinne; philippe.fouquart@orange.com; cnit@ietf.org
Subject: Re: [cnit] CNIT Charter bashing..


Henning is right. No one is forcing anything. Existing anonymous calling protections still apply.


Again my point is that is a great many cases Interconnected SIP between NA carriers are covered by other security mechanisms.

Right now your Facetime session is totally in the clear. My concern is we end up going down the rat hole of trying to create perfect end to end security nothing will get done.



On 6/12/15, 10:17 AM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:

>
>
>On 12/06/15 15:13, Henning Schulzrinne wrote:
>> In almost all cases of interest, the calling party *wants* to 
>> disclose accurate information to the called party, so the privacy 
>> issues don't seem to arise. They would only arise if there was forced 
>> disclosure; I don't think anybody is proposing that.
>
>Privacy issues could also arise if a middlebox could now see sensitive 
>information that it previously could not see. I think that is 
>independent of whether disclosure is desired by either of the 
>endpoints.
>
>S.
>
>_______________________________________________
>cnit mailing list
>cnit@ietf.org
>https://www.ietf.org/mailman/listinfo/cnit


_______________________________________________
cnit mailing list
cnit@ietf.org
https://www.ietf.org/mailman/listinfo/cnit


_______________________________________________
cnit mailing list
cnit@ietf.org
https://www.ietf.org/mailman/listinfo/cnit

v2.23.0 | Report a Bug | By Email