IETF Logo Mail Archive

Re: [cnit] Who says I am me? I say it is me. I have no reason to trust you.

"Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com> Tue, 16 June 2015 15:52 UTC

Return-Path: <timothy.dwight@verizon.com>
X-Original-To: cnit@ietfa.amsl.com
Delivered-To: cnit@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B8A61B3AC9 for <cnit@ietfa.amsl.com>; Tue, 16 Jun 2015 08:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 3.404
X-Spam-Level: ***
X-Spam-Status: No, score=3.404 tagged_above=-999 required=5 tests=[BAD_CREDIT=2.415, BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, GB_PHARMACY=1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XNwUbYLvvR6L for <cnit@ietfa.amsl.com>; Tue, 16 Jun 2015 08:52:48 -0700 (PDT)
Received: from fldsmtpe03.verizon.com (fldsmtpe03.verizon.com [140.108.26.142]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73ED11B3B07 for <cnit@ietf.org>; Tue, 16 Jun 2015 08:52:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verizon.com; i=@verizon.com; q=dns/txt; s=corp; t=1434469956; x=1466005956; h=from:to:date:subject:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=giVp2EWStYKsrBOA6JX6z7HwDuVKgkrqtDCHiRqSqdE=; b=JdAgMqxEGcAWbMEofAv6lLi3SnQJ0iQ5qQXwKsMEHzVWX6FyPeGtsQ+J XHP5Cp3rzrHZR9X5ULi1ofDS/5rASEDqKrgQ4W9EymosAUJ/zPFDzWGuh h9Y+K5HTXHPNoZ+Pc1Y3sUbQ/rjvOFx/rE2sKtvQQE2eYGNUAhnInDBVi E=;
X-IronPort-Anti-Spam-Filtered: false
Received: from unknown (HELO fldsmtpi03.verizon.com) ([166.68.71.145]) by fldsmtpe03.verizon.com with ESMTP; 16 Jun 2015 15:52:35 +0000
From: "Dwight, Timothy M (Tim)" <timothy.dwight@verizon.com>
X-IronPort-AV: E=Sophos;i="5.13,627,1427760000"; d="scan'208";a="29175460"
Received: from fhdp1lumxc7hb04.verizon.com (HELO FHDP1LUMXC7HB04.us.one.verizon.com) ([166.68.59.191]) by fldsmtpi03.verizon.com with ESMTP; 16 Jun 2015 15:52:34 +0000
Received: from FHDP1LUMXC7V31.us.one.verizon.com ([166.68.125.32]) by FHDP1LUMXC7HB04.us.one.verizon.com ([166.68.59.191]) with mapi; Tue, 16 Jun 2015 11:52:33 -0400
To: Henning Schulzrinne <Henning.Schulzrinne@fcc.gov>, Eric Burger <eburger@standardstrack.com>, "cnit@ietf.org" <cnit@ietf.org>
Date: Tue, 16 Jun 2015 11:52:32 -0400
Thread-Topic: [cnit] Who says I am me? I say it is me. I have no reason to trust you.
Thread-Index: AQHQptHgjGJJjViUs0yXviD2b11ltJ2uE5LsgAEYf9A=
Message-ID: <2B0F677F0B95454297753F58D4A07FA30279408FAF@FHDP1LUMXC7V31.us.one.verizon.com>
References: <D19F23AD.26CEA%richard@shockey.us> <E42CCDDA6722744CB241677169E8365603614617@MISOUT7MSGUSRDB.ITServices.sbc.com> <9588_1434045613_5579CCAD_9588_574_1_fki5dyxdmgyv92b6hugpfuoy.1434045608655@email.android.com> <E6A16181E5FD2F46B962315BB05962D07D354C94@fcc.gov> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <D1A05A04.26E84%richard@shockey.us> <E6A16181E5FD2F46B962315BB05962D07D355543@fcc.gov> <557AE9E4.5030205@cs.tcd.ie> <D1A0761F.26EE1%richard@shockey.us> <15E9AA29-E9F1-4DA6-ADA4-E201F8F07B7A@brianrosen.net> <2B0F677F0B95454297753F58D4A07FA30279326B72@FHDP1LUMXC7V31.us.one.verizon.com> <53A932AB-5E5D-41C0-895F-21EC1D4B17D5@brianrosen.net> <E6A16181E5FD2F46B962315BB05962D07D3558F5@fcc.gov> <31D54523-375B-42D6-A621-28A009E2DF20@brianrosen.net> <E6A16181E5FD2F46B962315BB05962D07D35C2D5@fcc.gov>, <1B18AE2F-C2C7-4B0B-A3FA-08F7BD90BD38@standardstrack.com> <E6A16181E5FD2F46B962315BB05962D07D35E747@fcc.gov>
In-Reply-To: <E6A16181E5FD2F46B962315BB05962D07D35E747@fcc.gov>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/cnit/hqeJJJSNYLqc5JUADdLdDN45BXU>
Subject: Re: [cnit] Who says I am me? I say it is me. I have no reason to trust you.
X-BeenThere: cnit@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <cnit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cnit>, <mailto:cnit-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/cnit/>
List-Post: <mailto:cnit@ietf.org>
List-Help: <mailto:cnit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cnit>, <mailto:cnit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jun 2015 15:52:50 -0000

Henning,

What you describe sounds like it would facilitate robocalls - appending to a call from a random pharmacy, an advertisement on behalf of the caller.  I'm sure that's not what you intend.

I think it would be more useful to the called party to know that the call is from a specific pharmacy with which they are familiar.  If they're familiar with it they already know what type of entity it is.

Tim


-----Original Message-----
From: cnit [mailto:cnit-bounces@ietf.org] On Behalf Of Henning Schulzrinne
Sent: Monday, June 15, 2015 4:39 PM
To: Eric Burger; cnit@ietf.org
Subject: Re: [cnit] Who says I am me? I say it is me. I have no reason to trust you.

I've said this before, but I think in many cases, the name is less important than some verifiable property. For example, apparently some durable medical equipment fraudsters use the display name MEDCARE. From a quick trademark search, there actually is a legitimate business with that name (Medcare Discount Pharmacy), but validating the name does not always protect against user confusion. A flag that shows that this is a legitimate, licensed pharmacy would be more useful and that type of validation can be provided by any number of third-party entities. The number of such categories is very small since the number of businesses that need to be state/federally-licensed and that care about validation (your nail salon or florist may need a license but is unlikely to care about tagging their phone calls) isn't that large.

Thus, validating names is useful, but 100% accuracy validation may be very difficult to achieve (given the need for brevity and practical limitations of sources of information in the age of IRS KBA bypass.) For example, I have a credit card that uses a non-state-registered name (xyz consulting) and a billing address validation might accept this as legitimate.

As a side note, I recently used Dun&Bradstreet to access and modify my corporate (DUNS) record for a small entity I run. For their KBA, all I needed to know was the registered address, landline phone number and the last two digits of the SSN, plus some "did you ever use some-ridiculous-first-name" question. Not very confidence-inducing. Given that this small business has no credit history, this is not surprising - there just isn't much to work with that isn't listed on the certificate of incorporation.

Practically speaking, most names aren't worth faking. There seems little benefit to pretending to be Joe's Pizza or Adam Smith if you're not, except for pranks ("Did you just order 100 anchovy pizzas?"). Thus, protecting high-value names is likely more productive, such as those of government agencies, utilities/carriers or financial institutions. 

________________________________________
From: cnit [cnit-bounces@ietf.org] on behalf of Eric Burger [eburger@standardstrack.com]
Sent: Sunday, June 14, 2015 2:42 PM
To: cnit@ietf.org
Subject: [cnit] Who says I am me? I say it is me. I have no reason to trust     you.

[changing the subject to be meaningful, kind of like a CNAM...]

I fully agree with Henning here for two reasons.

Reason #1: the point of CNIT, STIR, MODERN, et al. is we are not dooming ourselves to simply do IP versions of SS7. We already have that. My expectation is for 99% of the use of CNIT, the calling name will be inserted by the end user equipment (enterprise PBX or SIP phones) or the carrier service provider (mobile, wireline replacement, broadband cable telephony, etc.).

What do we do with the 1% of calls that will come from non-service provider endpoints? E.g., what if you had an open source Foo Fone? The easy answer would be to say you are in a self-signed certificate bind. If you want your name to pop up correctly, pay for a service that will vouch for you. However, the IETF does not mandate business models. So, one could envision some sort of PGP-like web of trust. However, that is on the signing of the name, NOT on the number-to-name translation. Let us be realistic: if I cannot trust the veracity of the name, I cannot trust the veracity of the calling number, so all bets are off anyway.

I thus see zero need for or value from some third-party number-to-name translation service. This simply replicates all of the evils of the current system when the players are NOT trying to be evil, but only stupid. As an example, see Tim's emails on how CNAM does not work today at:
https://mailarchive.ietf.org/arch/msg/cnit/D7JeNaGHOjHJAaFi2jeT2Y_C1oA
Now imagine the third-party number-to-name translation service DOES want to be evil. Yuck!

Nothing in what I have seen in CNIT would *prevent* third-party number validation services or third-party number-to-name services from offering such services. They work today: at my endpoint, *I* decide to do another dip with these services. However, I see nothing in CNIT that would be sensible for such a service to be in the *signaling* path.


Reason #2: if the user or the user's service provider is in control of inserting the signed calling name, then all of the user privacy arguments evaporate. Who cares that a real calling name, THAT THE USER WANTS DISPLAYED, gets sent in the signaling path? First of all, it is up to the USER to send the information. Second, yes, this is different than today's North American SS7 configuration. SURPRISE! We are talking SIP, not SS7. We can do whatever we want. Given we have thirty years of knowing sending only the number and later asking for the name is hopelessly broken, why would we want to replicate that? Remember the mantra: "User Control is Good."

It is unquestionably true that we are making it easier for amateurs to find out the calling name by sniffing the signaling. This says they have access to unencrypted signaling (probably already a problem). Moreover, it is saying that they have access to the signaling and yet they DO NOT have any access to a number-to-name translation data base. I would offer the latter is a 0.0000000001% probability. If they have the sophistication to crack sips (OK, not too hard, but not trivial), they have access to any of the public number-to-name data bases out there.

If we do want to protect from, for example, nation-states, we could encrypt the name itself with the public key of the called party. If someone is that paranoid, they will not mind the setup penalty in the signaling. I doubt anyone would use it, but if that is what it takes to get chartered, I've got students who can write an I-D that nobody will use but will get a publication ;-)


_______________________________________________
cnit mailing list
cnit@ietf.org
https://www.ietf.org/mailman/listinfo/cnit

v2.23.0 | Report a Bug | By Email