IETF Logo Mail Archive

Re: [stir] current draft charter

Michael Hammer <michael.hammer@yaanatech.com> Mon, 17 June 2013 17:31 UTC

Return-Path: <michael.hammer@yaanatech.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1C6E21F998A for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 10:31:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level:
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CbKoBEbUMxKt for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 10:31:55 -0700 (PDT)
Received: from email1.corp.yaanatech.com (email1.corp.yaanatech.com [205.140.198.134]) by ietfa.amsl.com (Postfix) with ESMTP id 256A321F8825 for <stir@ietf.org>; Mon, 17 Jun 2013 10:31:47 -0700 (PDT)
Received: from EX2K10MB2.corp.yaanatech.com ([fe80::5d11:66a1:e508:6871]) by ex2k10hub1.corp.yaanatech.com ([::1]) with mapi id 14.01.0218.012; Mon, 17 Jun 2013 10:31:46 -0700
From: Michael Hammer <michael.hammer@yaanatech.com>
To: "richard@shockey.us" <richard@shockey.us>, "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] current draft charter
Thread-Index: AQHOZwiVGT8OWD09JUqSfli80C7Gm5kxxKUAgAAL0QCAAIQGAIAAcu6AgAADDoCAABCAAIAAJmCAgAAQaYCAAADrAIAABUwAgABko4CAAOCpgIAAU3yAgAA76wCABBp2gIAAEOyAgABhfICAAHK0AIAAY22A///AmdCAAIsegP//l1vA
Date: Mon, 17 Jun 2013 17:31:45 +0000
Message-ID: <00C069FD01E0324C9FFCADF539701DB3A03DD6BF@ex2k10mb2.corp.yaanatech.com>
References: <CDE38BC3.20F76%jon.peterson@neustar.biz> <6BAABF96-8892-4C50-BB30-5F1FC05BDFD8@oracle.com> <F5C27090-FF39-4FBC-BC7E-F2ACFA5A4E6F@cs.columbia.edu> <00C069FD01E0324C9FFCADF539701DB3A03DD0D4@ex2k10mb2.corp.yaanatech.com> <013f01ce6b7a$0e555aa0$2b000fe0$@shockey.us>
In-Reply-To: <013f01ce6b7a$0e555aa0$2b000fe0$@shockey.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.17.100.180]
Content-Type: multipart/signed; micalg="SHA1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0288_01CE6B5F.028FB280"
MIME-Version: 1.0
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 17:32:00 -0000

My point was that the mere fact of being in DNS did not convey any
trustability.

So, not objecting to DNS being used to find authoritative servers, just that
it itself is not authoritative.

Mike


-----Original Message-----
From: Richard Shockey [mailto:richard@shockey.us] 
Sent: Monday, June 17, 2013 12:45 PM
To: Michael Hammer; stir@ietf.org
Subject: RE: [stir] current draft charter



-----Original Message-----
From: stir-bounces@ietf.org [mailto:stir-bounces@ietf.org] On Behalf Of
Michael Hammer
Sent: Monday, June 17, 2013 12:04 PM
To: hgs@cs.columbia.edu; hadriel.kaplan@oracle.com
Cc: stir@ietf.org; dcrocker@bbiw.net; jon.peterson@neustar.biz
Subject: Re: [stir] current draft charter

All,

I am following the thread and trying to grasp the heart of the matter.

First point:  This is about E.164 number delegation and proof of ownership.

So, I find much of the discussion that seems to rely on DNS structure or
Domain name structuring to be a distraction.
How you prove proof of ownership of a domain is a separate, albeit twin
problem.
But, I think that is out of scope.  I do not believe the answer here is to
ask my evil twin if he owns the E.164.

Second point:  The delegation of E.164 numbers down the tree inextricable
defines who owns the number, so any collection of certs into an
authoritative repository MUST follow the same path back up, or you lose
sight of that ownership.
E.164 is already the hierarchy, so no second hierarchy is needed.
The recipient of a number block or an individual number may need to receive
the private key, else the carrier signs and inserts the signature on the
path out from that user.
(Note, still need to determine how many bytes constitute the signature such
that it fits into an existing SS7 parameter.
Perhaps the answer is to include an indicator in SS7 that the gateway to SIP
must perform the signature outbound.
But, that may limit this to a single hop, else need to trust follow-on SS7
networks to sign properly, but that may be acceptable.)

Third point:  The called party needs to unequivocally know how to validate
an assertion and who to go to for the inputs to perform that validation.
The how should be defined by the RFC, but the who ultimately depends on the
root of each E.164 country code (see point 2).
If the DNS is involved, I think that there is an IAB draft/RFC that says the
DNS should not be used for all things.

[RS> ]  I was waiting for that little subject to come up. :-)   Personally I
detest this draft since it was clearly designed as an anti 6116 statement.
Ive never liked it and personally I hope it is never published. 

Title           : Architectural Considerations on Application Features in
the DNS
	Author(s)       : Jon Peterson
                          Olaf Kolkman
                          Hannes Tschofenig
                          Bernard Aboba
	Filename        : draft-iab-dns-applications-07.txt
	Pages           : 37
	Date            : 2013-02-25

Abstract:
   A number of Internet applications rely on the Domain Name System
   (DNS) to support their operations.  Many applications use the DNS to
   locate services for a domain; some for example transform identifiers
   other than domain names into formats that the DNS can process, and
   then fetch application data or service location data from the DNS.
   Proposals incorporating sophisticated application behavior using DNS
   as a substrate have raised questions about the role of the DNS as an
   application platform.  This document explores the architectural
   consequences of using the DNS to implement certain application
   features, and provides guidance to future application designers as to
   the limitations of the DNS as a substrate and the situations in which
   alternative designs should be considered.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-iab-dns-applications

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-iab-dns-applications-07

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-iab-dns-applications-07



So, it is likely that the called party search would start with a well-known
URI to the CC authority, communication to which could be secure, who could
then point to one or more authoritative services, depending on how the
out-sourcing is done, who have the official cert associated with the
official delegation of E.164 number blocks or numbers.

This seems to be a parallel to the number portability databases, except that
one is now looking for a cert rather than a route to the serving carrier.
I am not suggesting that the NP databases be used, as this could be
orthogonal to that.

Doing a search based on using the E.164 as an index should not be an issue,
since in many cases a 10k block of numbers may point to a single cert.


RS> I wish to point out that reliance on 10K block delegations in most 
RS> cases
is essentially a nonstarter for endless reasons in the US and is irrelevant
in other national jurisdictions.  



In those cases where portability occurs and single numbers have a different
cert, the database could have an indicator of which 10k blocks require full
E.164 search to be performed. 
(For international, blocks are defined by how many leading digits are used.)

Fourth point:  Lastly, so the called party has all the elements from the
signaling with which to validate the signature, the RFC needs to specify
what elements are prohibited from changing end-to-end.
Given that some of the existing parameters do change in current systems, I
don't know how you get around doing one of the following:
- define new header that contains complete signature package that is added
by whomever does the signing.
- re-define existing headers to add the signature and restrict any
intermediary from modifying those values.
Seeing that the existing already have usage baggage, the first option seems
more likely to succeed.

Also, need to ensure that the SS7 network can carry elements E2E without
changes.
SS7 terminations may have to rely on the SIP-to-SS7 GW to perform
validation.
SIP terminations may have to rely on the SS7-to-SIP GW to generate
signatures.
SIP-SS7-SIP would be an issue given the "no change SS7" limitation.

Did I miss any requirements or constraints here?

Mike


-----Original Message-----
From: stir-bounces@ietf.org [mailto:stir-bounces@ietf.org] On Behalf Of
Henning Schulzrinne
Sent: Monday, June 17, 2013 8:14 AM
To: Hadriel Kaplan
Cc: stir@ietf.org; dcrocker@bbiw.net; Peterson, Jon
Subject: Re: [stir] current draft charter

I wouldn't be surprised if the large carriers cache all certs locally. For
+1, I'd suggest that's less than a TB, i.e., a single disk, even if 
+every
number has their own cert, rather than number ranges. They would then
subscribe to a notification service for any porting-related changes, given
that such changes affect a very small fraction of the numbers (quarterly
churn of mobile carriers is about 1-2%). This can all be done within the
carrier network, i.e., without affecting the external public data interface.

On Jun 17, 2013, at 2:18 AM, Hadriel Kaplan wrote:

> 
> On Jun 16, 2013, at 7:27 PM, "Peterson, Jon" 
> <jon.peterson@neustar.biz>
wrote:
> 
>> The exact amount of tolerable delay is a very interesting dimension 
>> of this problem space. I suspect we have a considerable amount of 
>> time, given all the human expectations about both post-dial delay and 
>> the wait for someone to pick up after altering. I think it's enough 
>> time to perform some non-trivial operations.
> 
> I've been thinking about that and I'm not sure we actually have much time.
I've been looking at what the CNAM guys are doing, and at least one them
(used in a large mobile provider) goes so far as to sometimes skip it on the
INVITE and send their CNAM info in an UPDATE or INFO afterwards due to the
delay.  I.e., they have us queue the INVITE while they retrieve the CNAM
info for the given caller-id, but if they take too long then we send the
INVITE and send their results separately afterwards in another message.
Another operator that uses private ENUM for CNAM querying also sets very low
timeouts on the query, and just don't provide a calling name if it times out
(ie., the INVITE gets sent on without it, and nothing updates it later).
> 
> Also, Brian at one point mentioned transit providers possibly doing 
> the verification check as well, and that might be difficult if it 
> takes non-trivial time I think, because one of the SLA measurements 
> they get ranked on is how fast they route their calls onward.
> (Besides which they're never involved this type of stuff so I'd doubt 
> they'd start now anyway.)
> 
> Anecdotally, I find that intra-nation calls get to ringing stage much
faster than international calls, so people are probably ok with
international caller-id verification taking longer.
> 
> -hadriel
> 
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
> 

_______________________________________________
stir mailing list
stir@ietf.org
https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email