Re: [stir] current draft charter
Michael Hammer <michael.hammer@yaanatech.com> Mon, 17 June 2013 16:04 UTC
Return-Path: <michael.hammer@yaanatech.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B413321F9CF5 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 09:04:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.539
X-Spam-Level:
X-Spam-Status: No, score=-2.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l9F6lsiTKnU5 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 09:04:18 -0700 (PDT)
Received: from email1.corp.yaanatech.com (email1.corp.yaanatech.com [205.140.198.134]) by ietfa.amsl.com (Postfix) with ESMTP id 0A63D21F9D5D for <stir@ietf.org>; Mon, 17 Jun 2013 09:04:14 -0700 (PDT)
Received: from EX2K10MB2.corp.yaanatech.com ([fe80::5d11:66a1:e508:6871]) by ex2k10hub1.corp.yaanatech.com ([::1]) with mapi id 14.01.0218.012; Mon, 17 Jun 2013 09:04:13 -0700
From: Michael Hammer <michael.hammer@yaanatech.com>
To: "hgs@cs.columbia.edu" <hgs@cs.columbia.edu>, "hadriel.kaplan@oracle.com" <hadriel.kaplan@oracle.com>
Thread-Topic: [stir] current draft charter
Thread-Index: AQHOZwiVGT8OWD09JUqSfli80C7Gm5kxxKUAgAAL0QCAAIQGAIAAcu6AgAADDoCAABCAAIAAJmCAgAAQaYCAAADrAIAABUwAgABko4CAAOCpgIAAU3yAgAA76wCABBp2gIAAEOyAgABhfICAAHK0AIAAY22A///AmdA=
Date: Mon, 17 Jun 2013 16:04:11 +0000
Message-ID: <00C069FD01E0324C9FFCADF539701DB3A03DD0D4@ex2k10mb2.corp.yaanatech.com>
References: <CDE38BC3.20F76%jon.peterson@neustar.biz> <6BAABF96-8892-4C50-BB30-5F1FC05BDFD8@oracle.com> <F5C27090-FF39-4FBC-BC7E-F2ACFA5A4E6F@cs.columbia.edu>
In-Reply-To: <F5C27090-FF39-4FBC-BC7E-F2ACFA5A4E6F@cs.columbia.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.17.100.180]
Content-Type: multipart/signed; micalg="SHA1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_005D_01CE6B52.C6C78D60"
MIME-Version: 1.0
Cc: "stir@ietf.org" <stir@ietf.org>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 16:04:23 -0000
All, I am following the thread and trying to grasp the heart of the matter. First point: This is about E.164 number delegation and proof of ownership. So, I find much of the discussion that seems to rely on DNS structure or Domain name structuring to be a distraction. How you prove proof of ownership of a domain is a separate, albeit twin problem. But, I think that is out of scope. I do not believe the answer here is to ask my evil twin if he owns the E.164. Second point: The delegation of E.164 numbers down the tree inextricable defines who owns the number, so any collection of certs into an authoritative repository MUST follow the same path back up, or you lose sight of that ownership. E.164 is already the hierarchy, so no second hierarchy is needed. The recipient of a number block or an individual number may need to receive the private key, else the carrier signs and inserts the signature on the path out from that user. (Note, still need to determine how many bytes constitute the signature such that it fits into an existing SS7 parameter. Perhaps the answer is to include an indicator in SS7 that the gateway to SIP must perform the signature outbound. But, that may limit this to a single hop, else need to trust follow-on SS7 networks to sign properly, but that may be acceptable.) Third point: The called party needs to unequivocally know how to validate an assertion and who to go to for the inputs to perform that validation. The how should be defined by the RFC, but the who ultimately depends on the root of each E.164 country code (see point 2). If the DNS is involved, I think that there is an IAB draft/RFC that says the DNS should not be used for all things. So, it is likely that the called party search would start with a well-known URI to the CC authority, communication to which could be secure, who could then point to one or more authoritative services, depending on how the out-sourcing is done, who have the official cert associated with the official delegation of E.164 number blocks or numbers. This seems to be a parallel to the number portability databases, except that one is now looking for a cert rather than a route to the serving carrier. I am not suggesting that the NP databases be used, as this could be orthogonal to that. Doing a search based on using the E.164 as an index should not be an issue, since in many cases a 10k block of numbers may point to a single cert. In those cases where portability occurs and single numbers have a different cert, the database could have an indicator of which 10k blocks require full E.164 search to be performed. (For international, blocks are defined by how many leading digits are used.) Fourth point: Lastly, so the called party has all the elements from the signaling with which to validate the signature, the RFC needs to specify what elements are prohibited from changing end-to-end. Given that some of the existing parameters do change in current systems, I don't know how you get around doing one of the following: - define new header that contains complete signature package that is added by whomever does the signing. - re-define existing headers to add the signature and restrict any intermediary from modifying those values. Seeing that the existing already have usage baggage, the first option seems more likely to succeed. Also, need to ensure that the SS7 network can carry elements E2E without changes. SS7 terminations may have to rely on the SIP-to-SS7 GW to perform validation. SIP terminations may have to rely on the SS7-to-SIP GW to generate signatures. SIP-SS7-SIP would be an issue given the "no change SS7" limitation. Did I miss any requirements or constraints here? Mike -----Original Message----- From: stir-bounces@ietf.org [mailto:stir-bounces@ietf.org] On Behalf Of Henning Schulzrinne Sent: Monday, June 17, 2013 8:14 AM To: Hadriel Kaplan Cc: stir@ietf.org; dcrocker@bbiw.net; Peterson, Jon Subject: Re: [stir] current draft charter I wouldn't be surprised if the large carriers cache all certs locally. For +1, I'd suggest that's less than a TB, i.e., a single disk, even if every number has their own cert, rather than number ranges. They would then subscribe to a notification service for any porting-related changes, given that such changes affect a very small fraction of the numbers (quarterly churn of mobile carriers is about 1-2%). This can all be done within the carrier network, i.e., without affecting the external public data interface. On Jun 17, 2013, at 2:18 AM, Hadriel Kaplan wrote: > > On Jun 16, 2013, at 7:27 PM, "Peterson, Jon" <jon.peterson@neustar.biz> wrote: > >> The exact amount of tolerable delay is a very interesting dimension >> of this problem space. I suspect we have a considerable amount of >> time, given all the human expectations about both post-dial delay and >> the wait for someone to pick up after altering. I think it's enough >> time to perform some non-trivial operations. > > I've been thinking about that and I'm not sure we actually have much time. I've been looking at what the CNAM guys are doing, and at least one them (used in a large mobile provider) goes so far as to sometimes skip it on the INVITE and send their CNAM info in an UPDATE or INFO afterwards due to the delay. I.e., they have us queue the INVITE while they retrieve the CNAM info for the given caller-id, but if they take too long then we send the INVITE and send their results separately afterwards in another message. Another operator that uses private ENUM for CNAM querying also sets very low timeouts on the query, and just don't provide a calling name if it times out (ie., the INVITE gets sent on without it, and nothing updates it later). > > Also, Brian at one point mentioned transit providers possibly doing > the verification check as well, and that might be difficult if it > takes non-trivial time I think, because one of the SLA measurements > they get ranked on is how fast they route their calls onward. > (Besides which they're never involved this type of stuff so I'd doubt > they'd start now anyway.) > > Anecdotally, I find that intra-nation calls get to ringing stage much faster than international calls, so people are probably ok with international caller-id verification taking longer. > > -hadriel > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir > _______________________________________________ stir mailing list stir@ietf.org https://www.ietf.org/mailman/listinfo/stir
- [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Stephen Farrell
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter philippe.fouquart
- Re: [stir] current draft charter Wilhelm Wimmreuter
- Re: [stir] current draft charter Stephen Farrell
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Henning Schulzrinne
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Dan York
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Brian Rosen
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Dan York
- Re: [stir] current draft charter Wendt, Chris
- Re: [stir] current draft charter Brian Rosen
- Re: [stir] current draft charter - ENUM and datab… Richard Shockey
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Wendt, Chris
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Brian Rosen
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Brian Rosen
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter DOLLY, MARTIN C
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter Henning Schulzrinne
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter DOLLY, MARTIN C
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter DOLLY, MARTIN C
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter - ENUM and datab… Peterson, Jon
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter Henning Schulzrinne
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Michael Hammer
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Dave Crocker
- [stir] Nature vs. nurture -- semantics vs. encodi… Dave Crocker
- Re: [stir] current draft charter Dan York
- Re: [stir] current draft charter Michael Hammer
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- [stir] Not just "called party" - Re: current draf… Dan York
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] current draft charter Michael Hammer
- Re: [stir] current draft charter Peterson, Jon
- Re: [stir] Not just "called party" - Re: current … Michael Hammer
- Re: [stir] current draft charter - ENUM and datab… Richard Shockey
- Re: [stir] current draft charter DOLLY, MARTIN C
- Re: [stir] current draft charter Michael Hammer
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] Not just "called party" - Re: current … Peterson, Jon
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Peterson, Jon
- Re: [stir] current draft charter - ENUM and datab… Michael Hammer
- Re: [stir] Not just "called party" - Re: current … Hadriel Kaplan
- Re: [stir] current draft charter Dan York
- Re: [stir] current draft charter Michael Hammer
- Re: [stir] current draft charter Paul Kyzivat
- Re: [stir] Not just "called party" - Re: current … Dan York
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Richard Shockey
- Re: [stir] current draft charter Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Peterson, Jon
- Re: [stir] Not just "called party" - Re: current … Henning Schulzrinne
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter Henning Schulzrinne
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter philippe.fouquart
- Re: [stir] current draft charter - ENUM and datab… Richard Shockey
- Re: [stir] current draft charter Richard Shockey
- Re: [stir] current draft charter Dave Crocker
- Re: [stir] current draft charter Michael Hammer
- Re: [stir] current draft charter Richard Barnes
- Re: [stir] current draft charter - ENUM and datab… Dave Crocker
- Re: [stir] current draft charter philippe.fouquart
- Re: [stir] current draft charter philippe.fouquart
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Brian Rosen
- Re: [stir] current draft charter - ENUM and datab… Wendt, Chris
- Re: [stir] current draft charter - ENUM and datab… Michael Hammer
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Peterson, Jon
- Re: [stir] current draft charter - ENUM and datab… Dave Crocker
- Re: [stir] current draft charter - ENUM and datab… Richard Shockey
- Re: [stir] current draft charter - ENUM and datab… Peterson, Jon
- Re: [stir] current draft charter - ENUM and datab… Henning Schulzrinne
- Re: [stir] current draft charter - ENUM and datab… Lee, Yiu
- Re: [stir] current draft charter - ENUM and datab… Michael Hammer
- Re: [stir] current draft charter - ENUM and datab… Dave Crocker
- Re: [stir] current draft charter - ENUM and datab… Lee, Yiu
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Lee, Yiu
- Re: [stir] current draft charter - ENUM and datab… Hadriel Kaplan
- Re: [stir] current draft charter - ENUM and datab… Wendt, Chris
- Re: [stir] current draft charter - ENUM and datab… Peterson, Jon
- Re: [stir] current draft charter - ENUM and datab… Lee, Yiu
- Re: [stir] current draft charter Wilhelm Wimmreuter