Musing on SIP and SPAM
Michael Thomas <mike@mtcc.com> Fri, 24 April 2020 22:07 UTC
Return-Path: <mike@fresheez.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E7483A0DBB for <ietf@ietfa.amsl.com>; Fri, 24 Apr 2020 15:07:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.649
X-Spam-Level:
X-Spam-Status: No, score=-1.649 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=mtcc-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uc9Xf7wu3wqO for <ietf@ietfa.amsl.com>; Fri, 24 Apr 2020 15:07:44 -0700 (PDT)
Received: from mail-pj1-x102b.google.com (mail-pj1-x102b.google.com [IPv6:2607:f8b0:4864:20::102b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98E7A3A0DB9 for <ietf@ietf.org>; Fri, 24 Apr 2020 15:07:44 -0700 (PDT)
Received: by mail-pj1-x102b.google.com with SMTP id a7so4453341pju.2 for <ietf@ietf.org>; Fri, 24 Apr 2020 15:07:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mtcc-com.20150623.gappssmtp.com; s=20150623; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=9bHad1lnUzwI6WpUaG2KlV/y/Qkd6CCS1VavBvtyQMU=; b=zybJosN/3hchI4vCEeXG8/PIXAIZiXWXJo/t91P2h3QPaakDzT+amcON7QUEKcAaX5 3aQMHcmVcrpZvDOnYKLdYwWsjfpc0xgOpB4VTLfKd8+EwfDyzqpUQFrx0ajqDSoA/0I6 j26OZOB23ZJh3u8rASD4wqHsOOU77UQmSR+lcDHj7s+aGFjCpWFDmV6c4dcC+pOrWaoZ 3sboO26l0I5t+lwIyOTpcw6nPFdsPgYz+LAxlG4P9D2q182oGoSN9/I34dWhhbsPskyD h2acivGxpIlri2AeT4h8k0dIVP2YxpLf0J1RqoFnuFjQRkx01OatFF1ihE/UNvkfuv3v uuIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=9bHad1lnUzwI6WpUaG2KlV/y/Qkd6CCS1VavBvtyQMU=; b=JZ0sjFLjP7B2yMkQi1jsOcd7qQmPvLVsQbDFCiDRIhgpXuijPmtW04WFILRuGWO9Hr /7s42e9QdfHRaNZkBtKzdoK/AYMrQS+pOJCE+J8OQ6Xhih1OY39ZeZ4CA5r056ZgxFg8 QYo4Z0fmH3Ago1N1Fdn2JLZmG8H1Xhz+q8OZILFDh5M9Hz9e69fI6bs14HyzthTDOQi/ P9RySW+niUH3WyPnezWRMCuXRDLYQw04C+Ypw7jxENs1oteI70pOtQBH45k00AVK5Gah TM4Kg1VIyVX3OnPKaQVpJbjP48zxfGE8gu6XkrWY/NXY9uyMsYeg5j3/ZOLtdi+4aKbJ 0fYw==
X-Gm-Message-State: AGi0PuZWhfQdRozCzbVtD/6Njgc/t6EFaRGW+QqqE4o/tISrNht6hGbJ gD8FsCBbME0GYQZF98Wb/KjdW/0cAy8=
X-Google-Smtp-Source: APiQypJ1HhguwwKM+4rTMljfNEF4hEKuyRCaPLy49QtZRbQY0+XeRXlhlS+IDxhvCC081D89EiC4xA==
X-Received: by 2002:a17:90a:2ac2:: with SMTP id i2mr8757494pjg.91.1587766063268; Fri, 24 Apr 2020 15:07:43 -0700 (PDT)
Received: from mike-mac.lan ([170.75.129.86]) by smtp.gmail.com with ESMTPSA id r189sm5770507pgr.31.2020.04.24.15.07.41 for <ietf@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 24 Apr 2020 15:07:42 -0700 (PDT)
To: ietf@ietf.org
From: Michael Thomas <mike@mtcc.com>
Subject: Musing on SIP and SPAM
Message-ID: <c2f3a1c8-e95b-6115-9585-26ae4c795575@mtcc.com>
Date: Fri, 24 Apr 2020 15:07:41 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/F75KndtRTdSRSCt9QiIFAtshpDA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Apr 2020 22:07:47 -0000
Ok, into the fray. I've written a couple of blog posts on the subject which go into more detail of what I've been thinking. Basically, after much searching through the STIR/SHAKEN stuff I finally figured out that sip:mike@mtcc.com was out of scope. And I mean, it took me a *long* time figure that out reading problem statements, requirements, etc. What my blog post wonders about is whether STIR/SHAKEN is solving the wrong problem. That is, it's trying to solve the e.164 spoofing problem via tel: uri and sip: uri's with embedded telephone numbers. This is an incredibly complex and fraught problem, so i have to ask whether it's even worth it? Telephony is pretty much all SIP these days, even to mobile phones with SIPoLTE, there's not much point to stick with e.164 addresses as identifiers if it's SIP end to end or SIP end to almost the end with POTS termination. Since STIR/SHAKEN can't do much of anything with actual PSTN onramp/offramp based spam, it makes me wonder why we are holding onto mostly dead technology's vestiges. The future seems to me that a sip:mike@mtcc.com URI would be the future, but the did not solve for that. It's not like people *like* e.164 based identity, and mostly it's hidden from you on mobile phones anyway. Being one of the authors of DKIM (rfc 4871, etc) it has always occurred to me that something DKIM-like could work for SIP and actually hacked a version of my DKIM code to prove the point on a SIP stack in about 2005. https://rip-van-webble.blogspot.com/2020/02/sip-what-about-from-header-no-love.html Now being the dutiful engineer that I am, I decided to have an argument with myself and ask whether we both (STIR/SHAKEN and SIP-DKIM) are wrong. That is, is telephony as we know it essentially dying. The Covid pandemic has really put that into focus with services like Zoom in the limelight which as far as I know doesn't use SIP. Maybe none of them have an inter-provider problem like the PSTN does. So maybe the right solution is to do nothing, or do just the STIR/SHAKEN stuff because "Something Must Be Done". https://rip-van-webble.blogspot.com/2020/04/on-second-thought-sip-security.html Mike PS: hi all, long time! missed y'all and hope you're keeping safe :)
- Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Keith Moore
- Re: Musing on SIP and SPAM Masataka Ohta
- Re: Musing on SIP and SPAM Mukund Sivaraman
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Keith Moore
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Dave Cridland
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Dave Cridland
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Christopher Morrow
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Dave Cridland
- Re: Musing on SIP and SPAM Richard Shockey
- Re: Musing on SIP and SPAM Richard Shockey
- Re: Musing on SIP and SPAM Mukund Sivaraman
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Christopher Morrow
- Re: Musing on SIP and SPAM Dave Cridland
- Re: Musing on SIP and SPAM Dave Cridland
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Adam Roach
- Re: Musing on SIP and SPAM Richard Shockey
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Adam Roach
- Re: Musing on SIP and SPAM Adam Roach
- Re: Musing on SIP and SPAM Brian Rosen
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM John Levine
- Re: Musing on SIP and SPAM Mary B
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM Richard Shockey
- Re: Musing on SIP and SPAM Richard Shockey
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM John Levine
- Re: Musing on SIP and SPAM John R Levine
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM John R Levine
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM John R Levine
- Re: Musing on SIP and SPAM Dave Cridland
- Re: Musing on SIP and SPAM John C Klensin
- Re: Musing on SIP and SPAM John R Levine
- Re: Musing on SIP and SPAM and SMTP authenticatio… John R Levine
- Re: Musing on SIP and SPAM ned+ietf
- Re: Musing on SIP and SPAM Michael Thomas
- Re: Musing on SIP and SPAM S Moonesamy
- Re: Musing on SIP and SPAM John Levine
- Re: Musing on SIP and SPAM ned+ietf
- Re: Musing on SIP and SPAM and SMTP authenticatio… Benjamin Kaduk