IETF Logo Mail Archive

Re: [stir] Not just "called party" - Re: current draft charter

Henning Schulzrinne <hgs@cs.columbia.edu> Tue, 18 June 2013 01:47 UTC

Return-Path: <hgs@cs.columbia.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9E1621F9BB3 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 18:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.472
X-Spam-Level:
X-Spam-Status: No, score=-6.472 tagged_above=-999 required=5 tests=[AWL=0.127, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGk1oHyQ939Q for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 18:47:16 -0700 (PDT)
Received: from rambutan.cc.columbia.edu (rambutan.cc.columbia.edu [128.59.29.5]) by ietfa.amsl.com (Postfix) with ESMTP id B767721F9BBA for <stir@ietf.org>; Mon, 17 Jun 2013 18:47:16 -0700 (PDT)
Received: from [10.0.1.2] (c-98-204-176-168.hsd1.va.comcast.net [98.204.176.168]) (user=hgs10 mech=PLAIN bits=0) by rambutan.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id r5I1l729013928 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 17 Jun 2013 21:47:08 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Henning Schulzrinne <hgs@cs.columbia.edu>
In-Reply-To: <453B19AF-088C-4859-8BEB-D5437B32456B@oracle.com>
Date: Mon, 17 Jun 2013 21:47:06 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <F6D6DE22-E8BD-4E1A-99CC-DC2208BA82B0@cs.columbia.edu>
References: <CDE4BF54.E456%york@isoc.org> <453B19AF-088C-4859-8BEB-D5437B32456B@oracle.com>
To: Hadriel Kaplan <hadriel.kaplan@oracle.com>
X-Mailer: Apple Mail (2.1283)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.5
Cc: Michael Hammer <michael.hammer@yaanatech.com>, Dan York <york@isoc.org>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>, "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Not just "called party" - Re: current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 01:47:22 -0000

I tend to agree (particularly given that we just had a house-sitter watching our home, and I most definitely don't want the bank to take his identity for ours).

It would, e.g., for two-factor authentication, be useful to be able to tell if a number has been redirected. I don't see much hope there, however - if you have a malicious app on your phone that redirects the call to the impostor, the phone is dutifully going to respond that the call has indeed reached the right number.

On Jun 17, 2013, at 3:04 PM, Hadriel Kaplan wrote:

> 
> For sake of focus and having a prayer of getting this done before we all retire, I think we should focus exclusively on caller-id reputability.  No bank would ever trust this type of thing for called-party identity anyway, because it only identifies phone numbers not humans - i.e., at best it identifies a phone, not the person on the other end.  Thus they'll have to ask you a bunch of identifying questions anyway.
> 
> -hadriel
>

v2.23.0 | Report a Bug | By Email