Re: [stir] SHAKEN but not STIRred means 666 can cause collateral damage
Paul Kyzivat <paul.kyzivat@comcast.net> Thu, 17 November 2016 16:20 UTC
Return-Path: <paul.kyzivat@comcast.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41F7D1295E3 for <stir@ietfa.amsl.com>; Thu, 17 Nov 2016 08:20:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.197
X-Spam-Level:
X-Spam-Status: No, score=-4.197 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=comcast.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FN8C5q5aurmQ for <stir@ietfa.amsl.com>; Thu, 17 Nov 2016 08:20:04 -0800 (PST)
Received: from resqmta-po-12v.sys.comcast.net (resqmta-po-12v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:171]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C3212949D for <stir@ietf.org>; Thu, 17 Nov 2016 08:20:03 -0800 (PST)
Received: from resomta-po-09v.sys.comcast.net ([96.114.154.233]) by resqmta-po-12v.sys.comcast.net with SMTP id 7PPZcAoPolHMY7PPucpnRj; Thu, 17 Nov 2016 16:20:02 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1479399602; bh=UUeXQplpczRKLVwzDCx6FJeS70ndrg22A0Sqg6QmWaY=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=OtWqISpNWg2FYimhlJyXSCU1m41F6QjRrDEQxYa8GEZ+bXJwMPQZVHdqKdPYgdULS G4WqTeGG9IVkhjbe3gcnVWVM4gIcqQdGMLTwXNXuhHCoExpsyymz4CDVg2nf4wjK8v ziELEls7CCtxlVsZzzD7+rfcS9nTpki10HqJAmiX/39Q+W9e0Ibp4wc2j+upTk49/i t30pcBSkLF1dYafSOiHTuK4cQp8u3tRVGNoA6Lsu7lJGIDpV3rYidi3Awb/2GU8Dut 146HUmOM9+FQmRLW2VEtjpfw2a+wVG2DB1ElpPJUR+TXP+JiQtuVTaGH55HzR8MTlc CrRYME6P1towQ==
Received: from [192.168.1.110] ([73.186.127.100]) by resomta-po-09v.sys.comcast.net with SMTP id 7PPtc8VYcmPUL7PPtc3SE6; Thu, 17 Nov 2016 16:20:02 +0000
To: stir@ietf.org
References: <AE9EB3D9-1F5C-4CA4-8F8C-66D4993D2318@brianrosen.net>
From: Paul Kyzivat <paul.kyzivat@comcast.net>
Message-ID: <d364953b-8692-9896-130c-741e0e2a604b@comcast.net>
Date: Thu, 17 Nov 2016 11:20:01 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <AE9EB3D9-1F5C-4CA4-8F8C-66D4993D2318@brianrosen.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfDrIE8/DgVx3gHUzETIJvM17CIEU9A3RsQLaucDlSD5qY2m53QNU8+uHMLrtpYiMaNk0f7hA9JIOH6fNyw4lGcjg02kRHssDJteR7+df7S80+SReyaEQ edCZawVV4PqNWp+kLuRXrilZ9rJZvM4fAJlJh5EtYiuvvAyCIDNHjhOe
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/KB7xkBlouySve18IFz7E-KlkYoA>
Subject: Re: [stir] SHAKEN but not STIRred means 666 can cause collateral damage
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 16:20:06 -0000
On 11/16/16 8:14 PM, Brian Rosen wrote: > I’ve sent this to stir, even though it has not been decided where the 666 draft will land, and SHAKEN is not even in the IETF. > > The original idea of stir is that the credential used to sign is granted as a result of delegation of the telephone number. When used as envisioned, a valid signature will (mostly) guarantee that the calling party number has not been spoofed. If we then implement 666, which is a mechanism to create a black list, then numbers reported as spam come from the actual TN they were placed with, or the signature wouldn’t be valid and we get what we want. > > SHAKEN doesn’t do that. It doesn’t check the TN, it only states that the service provider who signed it is willing to say something about the call. It has a very desirable capability to lead authorities to the source of spoofed calls. It will very clearly help us cut down on spoofed calls. > > However, when used with 666, SHAKEN has the problem that spoofing is still allowed - it’s just that we can better trace it to its source. But if a user reports SPAM with a SHAKEN signed claim, the spoofed TN is marked as a spam source. That means the legitimate owner of the TN may have trouble placing calls. 666 creates collateral damage. This is an example of the point I have been trying to make, about the *meaning* of the code. The meaning of a code used by STIR is different from the meaning of a code used with a cert that is actually tied to the calling number. And this can mean that a button used to the user to signal spam may vary. All this needs to be carefully aligned. Thanks, Paul
- [stir] SHAKEN but not STIRred means 666 can cause… Brian Rosen
- Re: [stir] SHAKEN but not STIRred means 666 can c… Brian Rosen
- Re: [stir] SHAKEN but not STIRred means 666 can c… Chris Wendt
- [stir] Discussion venue for 666 (was SHAKEN but n… Adam Roach
- [stir] Fwd: Re: [dispatch] Discussion venue for 6… Robert Sparks
- Re: [stir] SHAKEN but not STIRred means 666 can c… Paul Kyzivat