Re: [cnit] CNIT Charter bashing..

[Richard Shockey <richard@shockey.us>]

On 6/12/15, 10:07 AM, "Henning Schulzrinne" <Henning.Schulzrinne@fcc.gov>
wrote:

>There seem to be three levels:
>
>(1) Make existing SIP display name information survive NNI and
>VoIP-to-TDM translation. The ATIS-SIPForum effort seems to be an
>appropriate venue for that as it involves no new SIP headers or SIP
>behavior.


RS> Correct. That is definitely on the agenda for Phase 2 of the NNI.


>
>(2) Allow for (but not mandate) signing the display name. We need to
>determine whether this is just another STIR special case or not. This
>applies to the (common) case where the signer of the SIP request is also
>in a position to validate the caller name, using whatever internal
>policies they may have. (In some cases, this is simply whatever the
>subscriber typed into a web form, so this isn't perfect, but since the
>number signing will provide traceability, the FBI and IRS along with HSBC
>and Microsoft know whom to talk to if a customer of Joe's VoIP Service &
>Salvage asserts those identities. Trademark law and civil fraud statutes
>seem to cover that case; the main practical difficulty today is that
>finding the source of the information is impossible.)


RS> Correct. My initial use case is a relatively simple voluntary
extension of the existing SP to SP system where additional information is
passed in the signaling.  The issue is where does that information sit in
the headers (existing or new <gag>) and how does the CUA display it.
Beyond that it becomes more complicated and I think that given the general
public policy concerns, developing incremental solutions can work within
existing framework and after all right now the vast majority of existing
SIP interconnection for voice in NA is directly interconnected and may not
use BGP routing at all.

Mandated solutions for data validation and signing are needed but given
the complexity of the infrastructure necessary to deploy such solutions
mandating signing in the CNIT charter would unacceptably delay progress.


>
>(3) Better caller name information that allows parties other than the
>carrier to assert additional information.

RS>  Yes.  But ptionally. But right now the originating carrier has the
principal business relationship with the calling party that can be
leveraged.  There are several ideas being kicked around for that including
RFC 7095.

>
>Does that cover the options?
>
>Henning
>
>
>________________________________________
>From: Richard Shockey [richard@shockey.us]
>Sent: Friday, June 12, 2015 9:36 AM
>To: Henning Schulzrinne; philippe.fouquart@orange.com; cnit@ietf.org
>Subject: Re: [cnit] CNIT Charter bashing..
>
>
>
>RS> Well intra enterprise certainly.  There it tends to get pulled from
>Active Directory but until we can get the NNI interface deployed its not
>working at all for inter enterprise.  We are certainly looking at that for
>Phase 2 of the NNI TF.
>
>My goal is some what more modest for a first phase.  Certainly you want
>signed extended versions of the display name but one should not create
>artificial barriers to non signed data exchanges between service providers
>where the security comes from the big yellow wire at Layer 1.  Plus I
>still want a straight answer if this proposal is going to have a
>requirement for a new SIP header and all the IETF ART pain and suffering
>that goes with that. I want the AD¹s to make that demand ( if it is to be
>imposed) explicit now.