Re: [cnit] CNIT Charter bashing..

Henning Schulzrinne <> Fri, 12 June 2015 22:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E366F1A1AA2 for <>; Fri, 12 Jun 2015 15:51:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id rjz-gamxYJ3Y for <>; Fri, 12 Jun 2015 15:51:16 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 87ECD1A1A55 for <>; Fri, 12 Jun 2015 15:51:16 -0700 (PDT)
Message-ID: <>
From: Henning Schulzrinne <>
To: Brian Rosen <>
Thread-Topic: [cnit] CNIT Charter bashing..
Thread-Index: AQHQpF27t1IjTQnD9Ee6If5FuC7/752nvtOAgAAcbYD//73Z54ABUaEAgAA9LQD//8LlU4AARHQAgAAZ6QCAAArCAIAAJydF
Date: Fri, 12 Jun 2015 22:51:15 +0000
References: <> <> <> <> <9384_1434103912_557AB068_9384_7221_1_B5939C6860701C49AA39C5DA5189448B14C216E0@OPEXCLILM42.corporate.adroot.infra.ftgroup> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>, "" <>, Stephen Farrell <>
Subject: Re: [cnit] CNIT Charter bashing..
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Calling Name Identity Trust discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Jun 2015 22:51:18 -0000

Once numbers have public (STIR) keys, the sender should indeed be able to encrypt the information without creating a new infrastructure for distributing keys, and the destination carrier can decrypt. (I think I'm just amplifying slightly what you are saying, not disagreeing.)

Agreed on "who", although this may be implicit in some cases (e.g., if signed by the number-signing entity).

From: Brian Rosen []
Sent: Friday, June 12, 2015 12:28 PM
To: Richard Shockey
Cc: Stephen Farrell; Henning Schulzrinne;;
Subject: Re: [cnit] CNIT Charter bashing..

One possible extra bit is that we need to know WHO signed.  That could be easy (identity in a cert for the signature), but it’s a requirement.

I still want an optional confidence value, because the source is often not authoritative.

If we’re thinking we’re using the existing display name, and coming up with a way to sign it, then, like stir, the termination side can decide what it wants to do if it gets a display name but no signature.  The sender has the option to provide the name or not, and provide the signature or not.

We COULD consider a new header that would contain the name encrypted for a destination TN (To:).  That would afford privacy to the name to middle boxes that we would not have today with display name.  I would not be opposed to that.  This would work like the offline stir proposal, where the sender obtains the public key of the recipient and encrypts the name for the recipient.