IETF Logo Mail Archive

Re: [stir] current draft charter - ENUM and databases

Henning Schulzrinne <hgs@cs.columbia.edu> Fri, 14 June 2013 01:13 UTC

Return-Path: <hgs@cs.columbia.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4624021F9AB4 for <stir@ietfa.amsl.com>; Thu, 13 Jun 2013 18:13:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.439
X-Spam-Level:
X-Spam-Status: No, score=-6.439 tagged_above=-999 required=5 tests=[AWL=0.160, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sDDlMO3Q0nby for <stir@ietfa.amsl.com>; Thu, 13 Jun 2013 18:12:55 -0700 (PDT)
Received: from salak.cc.columbia.edu (salak.cc.columbia.edu [128.59.29.6]) by ietfa.amsl.com (Postfix) with ESMTP id 4BB5621F9A76 for <stir@ietf.org>; Thu, 13 Jun 2013 18:12:55 -0700 (PDT)
Received: from [10.0.1.2] (c-98-204-176-168.hsd1.va.comcast.net [98.204.176.168]) (user=hgs10 mech=PLAIN bits=0) by salak.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id r5E1CmcK028173 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 13 Jun 2013 21:12:54 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Henning Schulzrinne <hgs@cs.columbia.edu>
In-Reply-To: <CDDE44D8.D939%york@isoc.org>
Date: Thu, 13 Jun 2013 21:12:48 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <4758E6F6-EDA5-4A11-9E94-42C97C03118E@cs.columbia.edu>
References: <CDDE44D8.D939%york@isoc.org>
To: Dan York <york@isoc.org>
X-Mailer: Apple Mail (2.1283)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.6
Cc: stir@ietf.org
Subject: Re: [stir] current draft charter - ENUM and databases
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2013 01:13:01 -0000

Instead of looking at this as an ENUM-like problem, another angle is to consider this somewhat similar to the whois issue.

Also, I suspect there would be fewer concerns if the DNS-like database mainly referred to other databases, which can then be access-controlled as needed, and can evolve. This model might also allow for combining the CDS-like approach with the PKI approach for the same number, and allow for multiple operators for both models. The DNS (or similar) public database would only indicate which methods the number supports and redirect to the rendezvous or PKI service. I'm not sure that qualifies as DANE-like.

My general gut feeling is that we don't guess well on how public infrastructure evolves (or doesn't), so allowing for multiple outcomes and abstracting it, as well as allowing for functionality that gets better over time, might be more productive, as this allows for partial success, rather than just "exactly as planned" or "complete failure".

Also, keeping scale in mind helps: In our case, the scale for "number-holding service providers" is currently a few thousand, not millions, so management solutions that don't scale to millions are acceptable to get started. The backend process today is pretty manual (faxes, web pages and proprietary APIs), so expectations are fairly low.

Henning

On Jun 12, 2013, at 4:40 PM, Dan York wrote:

> On 6/12/13 2:22 PM, "Peterson, Jon" <jon.peterson@neustar.biz> wrote:
> 
> 
>> Agreed. Though I do think that even for the domain model, we could get
>> some value from looking at DANE to improve the way that credentials are
>> managed. Whether we put the keys in the DNS or just point to the approved
>> cert by reference, we should probably have some means for the successor to
>> RFC4474 Identity-Info to tip off relying parties to DANE.
> 
> Agreed (as you would expect me to say). I've been thinking about how DANE
> could help here, but...
> 
>> But yes, for the telephone model it seems unlikely that casting these as
>> domain names will get us very far.
> 
> ... I think this issue will get in the way right now.  As much as I would
> love to see this as a good example of where DANE can help, I still haven't
> been able to wrap my brain around how we could use DNS for telephone
> numbers without running into all the exact same issues that made public
> ENUM non-deployable.  :-(
> 
> I agree, though, that it would be helpful to have some way for a header to
> alert relying parties to DANE in the event that there is a way it can work.
> 
> Dan
> 
>

v2.23.0 | Report a Bug | By Email