Re: [stir] SHAKEN but not STIRred means 666 can cause collateral damage

Paul Kyzivat <> Thu, 17 November 2016 16:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 41F7D1295E3 for <>; Thu, 17 Nov 2016 08:20:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FN8C5q5aurmQ for <>; Thu, 17 Nov 2016 08:20:04 -0800 (PST)
Received: from ( [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C8C3212949D for <>; Thu, 17 Nov 2016 08:20:03 -0800 (PST)
Received: from ([]) by with SMTP id 7PPZcAoPolHMY7PPucpnRj; Thu, 17 Nov 2016 16:20:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=q20140121; t=1479399602; bh=UUeXQplpczRKLVwzDCx6FJeS70ndrg22A0Sqg6QmWaY=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=OtWqISpNWg2FYimhlJyXSCU1m41F6QjRrDEQxYa8GEZ+bXJwMPQZVHdqKdPYgdULS G4WqTeGG9IVkhjbe3gcnVWVM4gIcqQdGMLTwXNXuhHCoExpsyymz4CDVg2nf4wjK8v ziELEls7CCtxlVsZzzD7+rfcS9nTpki10HqJAmiX/39Q+W9e0Ibp4wc2j+upTk49/i t30pcBSkLF1dYafSOiHTuK4cQp8u3tRVGNoA6Lsu7lJGIDpV3rYidi3Awb/2GU8Dut 146HUmOM9+FQmRLW2VEtjpfw2a+wVG2DB1ElpPJUR+TXP+JiQtuVTaGH55HzR8MTlc CrRYME6P1towQ==
Received: from [] ([]) by with SMTP id 7PPtc8VYcmPUL7PPtc3SE6; Thu, 17 Nov 2016 16:20:02 +0000
References: <>
From: Paul Kyzivat <>
Message-ID: <>
Date: Thu, 17 Nov 2016 11:20:01 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfDrIE8/DgVx3gHUzETIJvM17CIEU9A3RsQLaucDlSD5qY2m53QNU8+uHMLrtpYiMaNk0f7hA9JIOH6fNyw4lGcjg02kRHssDJteR7+df7S80+SReyaEQ edCZawVV4PqNWp+kLuRXrilZ9rJZvM4fAJlJh5EtYiuvvAyCIDNHjhOe
Archived-At: <>
Subject: Re: [stir] SHAKEN but not STIRred means 666 can cause collateral damage
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 17 Nov 2016 16:20:06 -0000

On 11/16/16 8:14 PM, Brian Rosen wrote:
> I’ve sent this to stir, even though it has not been decided where the 666 draft will land, and SHAKEN is not even in the IETF.
> The original idea of stir is that the credential used to sign is granted as a result of delegation of the telephone number.  When used as envisioned, a valid signature will (mostly) guarantee that the calling party number has not been spoofed.  If we then implement 666, which is a mechanism to create a black list, then numbers reported as spam come from the actual TN they were placed with, or the signature wouldn’t be valid and we get what we want.
> SHAKEN doesn’t do that.  It doesn’t check the TN, it only states that the service provider who signed it is willing to say something about the call.  It has a very desirable capability to lead authorities to the source of spoofed calls.  It will very clearly help us cut down on spoofed calls.
> However, when used with 666, SHAKEN has the problem that spoofing is still allowed - it’s just that we can better trace it to its source.  But if a user reports SPAM with a SHAKEN signed claim, the spoofed TN is marked as a spam source.  That means the legitimate owner of the TN may have trouble placing calls.  666 creates collateral damage.

This is an example of the point I have been trying to make, about the 
*meaning* of the code.

The meaning of a code used by STIR is different from the meaning of a 
code used with a cert that is actually tied to the calling number.

And this can mean that a button used to the user to signal spam may vary.

All this needs to be carefully aligned.