IETF Logo Mail Archive

Re: [stir] Questions about stir-certificates

Richard Shockey <richard@shockey.us> Fri, 20 October 2017 21:54 UTC

Return-Path: <richard@shockey.us>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4165A12ECEC for <stir@ietfa.amsl.com>; Fri, 20 Oct 2017 14:54:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.48
X-Spam-Level:
X-Spam-Status: No, score=0.48 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_SORBS_SPAM=0.5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (768-bit key) header.d=shockey.us
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HsnUYgoEVWDH for <stir@ietfa.amsl.com>; Fri, 20 Oct 2017 14:54:41 -0700 (PDT)
Received: from qproxy4-pub.mail.unifiedlayer.com (qproxy4-pub.mail.unifiedlayer.com [66.147.248.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A14851321B6 for <stir@ietf.org>; Fri, 20 Oct 2017 14:54:40 -0700 (PDT)
Received: from CMOut01 (unknown [10.0.90.82]) by qproxy4.mail.unifiedlayer.com (Postfix) with ESMTP id 01075A05F3 for <stir@ietf.org>; Fri, 20 Oct 2017 15:54:36 -0600 (MDT)
Received: from box462.bluehost.com ([74.220.219.62]) by CMOut01 with id PxpZ1w00P1MNPNq01xpcFx; Fri, 20 Oct 2017 15:49:36 -0600
X-Authority-Analysis: v=2.2 cv=K4VSJ2eI c=1 sm=1 tr=0 a=jTEj1adHphCQ5SwrTAOQMg==:117 a=jTEj1adHphCQ5SwrTAOQMg==:17 a=IkcTkHD0fZMA:10 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=02M-m0pO-4AA:10 a=jqBRFv0mrdUA:10 a=ZZnuYtJkoWoA:10 a=doUQZJtgAAAA:8 a=B1YM9MSLliE3j9iLS2kA:9 a=FzcBc_LnQQbSAsLy:21 a=DKLKu4tCyPFFXSib:21 a=QEXdDO2ut3YA:10 a=d0-0EwFVFT64L02gzcZV:22
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=shockey.us; s=default; h=Content-transfer-encoding:Content-type:Mime-version:In-Reply-To :References:Message-ID:To:From:Subject:Date:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OUH+Rkpnhgsfx2nCc2GWyXFRy37YCx0uwbXBDf2vPLM=; b=EZ9qw+leyekYa+E9ODMIM+0gPm Qm74jdFjHJ3OBlofsrN04wRbdCgPjdUFisPHGVEm7rjbSo5YYyrv/JcLE9iYzuMtmQgBh++QLniOP qW/huyxNzXwX5URn8R+G07jkp;
Received: from pool-100-36-44-145.washdc.fios.verizon.net ([100.36.44.145]:60948 helo=[192.168.1.152]) by box462.bluehost.com with esmtpa (Exim 4.87) (envelope-from <richard@shockey.us>) id 1e5fAb-001pEZ-8J; Fri, 20 Oct 2017 15:49:33 -0600
User-Agent: Microsoft-MacOutlook/f.27.0.171010
Date: Fri, 20 Oct 2017 17:49:31 -0400
From: Richard Shockey <richard@shockey.us>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, stir@ietf.org
Message-ID: <C5EDD3A6-CB0D-47A5-AA2F-847BD4123409@shockey.us>
Thread-Topic: [stir] Questions about stir-certificates
References: <D60E0087.1EEE44%jon.peterson@neustar.biz> <CABkgnnV41djmwJ2A8WkLv1Qu_zxAKPb8EJnuoFS1Zeog3momyQ@mail.gmail.com> <6432f01322c74b1196075c4549f18a12@plswe13m04.ad.sprint.com> <4bbb6330-96e7-6317-cbae-07991075e776@alum.mit.edu>
In-Reply-To: <4bbb6330-96e7-6317-cbae-07991075e776@alum.mit.edu>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - box462.bluehost.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - shockey.us
X-BWhitelist: no
X-Source-IP: 100.36.44.145
X-Exim-ID: 1e5fAb-001pEZ-8J
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: pool-100-36-44-145.washdc.fios.verizon.net ([192.168.1.152]) [100.36.44.145]:60948
X-Source-Auth: richard+shockey.us
X-Email-Count: 4
X-Source-Cap: c2hvY2tleXU7c2hvY2tleXU7Ym94NDYyLmJsdWVob3N0LmNvbQ==
X-Local-Domain: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/9tnAvRPuW0fb-w54boAOqTr5HH4>
Subject: Re: [stir] Questions about stir-certificates
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2017 21:54:42 -0000

> 
    > "Partial" and "Gateway" attestations as indications of relative untrustworthiness of the calling number may be usable as filters for secret-sauce analytics and/or post-processing forensic investigation.  IMHO they are not suited for at-a-glance indications of unwanted calling attempts to subscribers.   And, I assume no user, enterprise, or originating or transit service provider will volunteer "Fraudulent" or " SPAM" attestations although they would be undeniably more usable for an at-a-glance decision about whether to accept a call.

RS> You have to remember there are multiple use cases here.  Don’t make the mistake that the Call Validation Display data is strictly directed at the consumer.  There is a strong business case advanced call analytics for inbound call centers especially for financial services utilities here. 

    
    Speaking strictly as a telephony consumer: I see value in *both* the 
    positive and negative indicators. I am inclined to use the negative one 
    when deciding whether to answer the call at all, and the positive one 
    for whether to trust the call for sensitive matters, such as with 
    government agencies and financial institutions.

RS> Agreed but that is ultimately a high policy issue the regulators are looking at now. 

https://ecfsapi.fcc.gov/file/1013653727266/Shockey%20Consulting%2017-97%20Call%20Authentication%20Trust%20Anchor%20exparte.pdf


    
    This can be coupled with per-number policy at my own end (in my address 
    book) by remembering which numbers have previously received full 
    attestation. That can raise the bar on future calls from the same number.
    
    	Thanks,
    	Paul

v2.23.0 | Report a Bug | By Email