IETF Logo Mail Archive

Re: [stir] Questions about stir-certificates

"Gorman, Pierce A [CTO]" <Pierce.Gorman@sprint.com> Mon, 23 October 2017 18:37 UTC

Return-Path: <pierce.gorman@sprint.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 84989139976 for <stir@ietfa.amsl.com>; Mon, 23 Oct 2017 11:37:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pbxkvPUCmFmL for <stir@ietfa.amsl.com>; Mon, 23 Oct 2017 11:37:24 -0700 (PDT)
Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0132.outbound.protection.outlook.com [104.47.37.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31F06138351 for <stir@ietf.org>; Mon, 23 Oct 2017 11:37:24 -0700 (PDT)
Received: from SN4PR0501CA0040.namprd05.prod.outlook.com (10.167.112.145) by MWHPR05MB3598.namprd05.prod.outlook.com (10.174.250.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.3; Mon, 23 Oct 2017 18:37:22 +0000
Received: from BN3NAM01FT020.eop-nam01.prod.protection.outlook.com (2a01:111:f400:7e41::200) by SN4PR0501CA0040.outlook.office365.com (2603:10b6:803:41::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.178.2 via Frontend Transport; Mon, 23 Oct 2017 18:37:21 +0000
Received-SPF: Pass (protection.outlook.com: domain of sprint.com designates 144.230.32.82 as permitted sender) receiver=protection.outlook.com; client-ip=144.230.32.82; helo=preapdm3.corp.sprint.com;
Received: from preapdm3.corp.sprint.com (144.230.32.82) by BN3NAM01FT020.mail.protection.outlook.com (10.152.67.227) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.20.156.4 via Frontend Transport; Mon, 23 Oct 2017 18:37:21 +0000
Received: from pps.filterd (preapdm3.corp.sprint.com [127.0.0.1]) by preapdm3.corp.sprint.com (8.16.0.21/8.16.0.21) with SMTP id v9NHStB6026700; Mon, 23 Oct 2017 14:37:21 -0400
Received: from prewe13m04.ad.sprint.com (prewe13m04.corp.sprint.com [144.226.128.23]) by preapdm3.corp.sprint.com with ESMTP id 2dr0g6tkdw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Mon, 23 Oct 2017 14:37:21 -0400
Received: from PLSWE13M04.ad.sprint.com (2002:90e5:d617::90e5:d617) by PREWE13M04.ad.sprint.com (2002:90e2:8017::90e2:8017) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Mon, 23 Oct 2017 14:37:19 -0400
Received: from PLSWE13M04.ad.sprint.com ([fe80::2c01:fcb8:e729:4a7a]) by plswe13m04.ad.sprint.com ([fe80::2c01:fcb8:e729:4a7a%24]) with mapi id 15.00.1293.002; Mon, 23 Oct 2017 13:37:19 -0500
From: "Gorman, Pierce A [CTO]" <Pierce.Gorman@sprint.com>
To: Richard Shockey <richard@shockey.us>, Paul Kyzivat <pkyzivat@alum.mit.edu>, Chris Wendt <chris-ietf@chriswendt.net>
CC: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: [stir] Questions about stir-certificates
Thread-Index: AQHTSTpVoMtE8aZexUWHseJtpp6pN6LtIBHggAR+xvGAAFptAP//w5ZQ
Date: Mon, 23 Oct 2017 18:37:18 +0000
Message-ID: <d4fee7e927a7483d9f2a5fd30b161348@plswe13m04.ad.sprint.com>
References: <D60E0087.1EEE44%jon.peterson@neustar.biz> <CABkgnnV41djmwJ2A8WkLv1Qu_zxAKPb8EJnuoFS1Zeog3momyQ@mail.gmail.com> <6432f01322c74b1196075c4549f18a12@plswe13m04.ad.sprint.com> <4bbb6330-96e7-6317-cbae-07991075e776@alum.mit.edu> <171f91651e9e4a2eb7873fdbe1b9fcea@plswe13m04.ad.sprint.com> <4e1c72a3-4ae0-d424-8dfd-fff1c7049cdb@alum.mit.edu> <C0F0887C-F247-4B37-99DB-BF175943914C@chriswendt.net> <20d0f1d0-f4cc-2bed-b493-7cb4bfe746d1@alum.mit.edu> <B198E322-83DB-4507-AAAD-ABA071FDBF29@shockey.us>
In-Reply-To: <B198E322-83DB-4507-AAAD-ABA071FDBF29@shockey.us>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.214.116.45]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:144.230.32.82; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(39860400002)(346002)(376002)(2980300002)(438002)(189002)(13464003)(199003)(2950100002)(6246003)(2171002)(53936002)(53546010)(106466001)(4326008)(81156014)(108616004)(316002)(8676002)(106002)(81166006)(93886005)(97736004)(7736002)(229853002)(5660300001)(356003)(149424003)(2900100001)(50986999)(54356999)(2906002)(76176999)(14454004)(24736003)(5250100002)(47776003)(33646002)(8936002)(68736007)(23676002)(102836003)(6116002)(3846002)(7696004)(478600001)(50466002)(86362001)(110136005)(305945005)(189998001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR05MB3598; H:preapdm3.corp.sprint.com; FPR:; SPF:Pass; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BN3NAM01FT020; 1:9RYtdda+KV23+Kbfx9c4HyTBxkQooNRgBzfrL7/GnmQ+Azur9zreKQuhu/Xtap9qad3msl72Cymcl/p4mgtXB3Fx+n1ohlCTkBEpq9IVVjI++JHOyBHW0Ql7q1o2CP0+
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: f7e56856-0df5-4f77-184e-08d51a451911
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(8251501002)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603229); SRVR:MWHPR05MB3598;
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3598; 3:oH+QpPKjpuWnq8m29ubdP44EE0iA5/mLDNe3FR/pQa6Ywb3TuEn4C6Lk7EkBVGK3ZDqtnHoAuW5UTfp51lNyaQ/APZfg41cEOox1KFCbk1KF20bWj1IYhPCECAGtwWsHxxdbXb/EBQfGCr4ji6mA7fI5iGlEXuHuDNs7PqRYUMXRCjiCRhyNBBGg67zvWBqQKSJKEgpT7cpwhKXOvXMIWDtof2TcL93Tem5NghMFwlJBs/ThDHStejBKmv8aRxizISWCuI44G+JM8gaLefp1ks3RFN0+NzBtz+W9ktAOODI/V4WxUPkz3KfWY/QUVMOl0yuEogI/AazB4U4wEPKsiOJo+CvLgIt0+rxMH4ymHg0=; 25:kk1OrzvGrFyQrk2GAPJK7NREX6/cgcgb4g0ld9qspbT+ZiiQ9P3x6YwMwF61ArGmlU+vvlUecuXgfwaI7ETqqatqFPl5uwB0GMB5GLvTdaBOEryKK2DeIZbphTtGM4KLwn4gtBUeA3q3Ar3s0lNX5/4Vro4bRgD92tnsEXz+Yl7a35670nHQUE4Fnt3TB3hbRdCFEkmEazBv727c9W+yflcOV9I6qdJ/uXIIxccJkHa5X4BJlz8kLSzd4tyixTfMldH23WQDw7UgUuGpFZKq1vLVeTpgDJkr+SR7h/WADl1nWv6pbbbZSx6ksoEAEOW4WTOHFjYMpcr5M9mmwtdUYw==
X-MS-TrafficTypeDiagnostic: MWHPR05MB3598:
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3598; 31:tPj9g7TO4LyUrygaoW4vvEo1cqayADH9xygutKECE0WK4uW31Kk3fvrrMPNe3//sXsAITQIRBGLWuDZK/3G9UDK+Px9xEFS6EgAINJ2cYSG08W7w3G2pfWNHzpMdXp/+lqrcfPcLDJ1EcR3Fcl53sHJ/8+t/RzNBj/3dKuOuk3sQ40WghWP/e8oo8/6NKoq6CzRXqs78WtzuodpV0xO7s6WODW1KnboRt5sELsGyG2w=; 20:V9uH/6bU/JdOtZPplzSNj6rHf+xb/Wr6p34SKb7ocX5o6fTw8VP5ljDRqDieDH2Gv4qu8tipTcJkEF5WkGoVYxZqoYBfl6EQqU8gtHuntQGdSIA9RzlahHSxfp0lk1EmCx9MiSuN19RR7W5L9AYTS4fejzazLWoqhQIbIB48XEDzrACuy/3Z1VE0bu0I7a1a0bDy6pNHeysK/0Sdq9VrBC9FLM4saWGugkvljZ0r2oCiGTam6C7dQ23AuyclHlJbR5S0TsxgfnyB2zPUUIrA+4OlinMipwhTcjp1c7a92tWThrT9ekdvu7CGgmrXTxzfP4LetUAmYWEWG0bGosoLk1fIzpeL+COiku5nLjgTNg6Dm79TMySQn0q6cxK5ukbvi1uUVgS96NMnCR7JI8BlA2oskE0rAJWm5UNFyCFrswqmS/PjTS/MPW3XRblz433XxyR9LkhxDTqHMS/oOBW4ol2DJoH+sCqJHfT6QiQjhcnQgDHhg/5Ybk+PQXrU4QwF
X-Exchange-Antispam-Report-Test: UriScan:(18430343700868);
X-Microsoft-Antispam-PRVS: <MWHPR05MB359824381C1B8FC485046E6E89460@MWHPR05MB3598.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93004095)(3231020)(3002001)(100000703101)(100105400095)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(20161123564025)(20161123560025)(20161123555025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR05MB3598; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR05MB3598;
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3598; 4:45igIoXi5DMnjd3qq7y15MiiDEaGlwqY33CyhwfEPOgtJLKQwytpRYebMKMH85xo+oXyyn0aHwMLvWkgvlGrAj4jdk6u1D278H+yCKAOncgvChPrRvoXQxTbDRtSAxVeW3pEI87diufC5XPFG9uSszXrXpukpoSxxO0EiT/wl/SzCrJYK/cEz5M64g9IU1Hhzvo7Q166NPrUzQ1OBuMxNL5F91X0Z3zx6IeGOQlL+zOoG5FPN8mZpER1IZ86wmEX3zGwRDZEeauZzC+7/6Xi/4m5Wp3miGRoEWqcPTzraxpxu371fYe1FME1Sn7fT2Yj
X-Forefront-PRVS: 046985391D
X-Microsoft-Exchange-Diagnostics: 1;MWHPR05MB3598;23:fO73JaWEKhVl27galapKykM7K6XNZWepLlyLWlJhE5pgKFWAtCPwvtzpEb9Y8Cmjl/7QF8fp23H5pju4V6PsrqmwJGoJmJtc0KQNW+mfP6Xhv0qovrBy0Pk78osB9OuDI2aIkxBJCGqkfb3y5NIHBY8czf42+tGURrpmD2XgQKLcA0smgtvEPhGxGmG23fFIMuzhlVxgZ1rvJHtNSoeyT3isSs9MwPLtNYCGT4I/Tw/pDx91PrnQvWM9PlLSpEZHbhzZWOIIkDD1YNcL0LMBBd9LdknqKp2JTOm3e+shXIBOMwFKuRAvOlUYGSkCP6cgAObs10kj5X3qJjv8bh1zaWf38MOSBwedXIxi4wvmYplw6ti00diYYz9rvwfp2xDxlqlVbBCZdAdSm8cbSl/VCaUpq0G99NZqg4vofe80XKjqw57ak6EvVcg0wdqqahQnmwfgzycp0gwZP9CrO/7eUezbM+nAHO30BWLH0dapCFiWeOqgINMguM7rWzPZvIMwsVTc0iQTTX1a52tXsxibzJ6q5KoTUY7OUyO77o29uH4rpQnzU0y125RfYE3306zn9FtzJcxbLaIJr2DTSKUQ+1ga6J3pHdyXe54yA9RAna+LMw1PUce9bQZvHSqWGr5ZR5RTvvHPydhBgRad7hZOknzjLi9WWu+0oBp1i5ZsOAChAQLhX0mzCWE13JfvdWMApLs3MTJEYuXDpjiBSJ4n9HC6s8F2mXl7sRA2xQOEVF8DsAiOgJo/7vgTD+nh2zM1soXK5AqA55GDgPKc9QNYAUt8kTfSKO+4pX9qh/2QHUG333YBkL0t0mM2vmLxEiolGrQX7xs2gUofYDrbJHNSO62zh59x+v1qjTIjL+0eoAOs5HLONVJtxglFdrj0mnLsd8nTHjYKcMj7mqvKxBUpngCGQTJ/XKd+u4cUaGY9A68BT1yN3diVS2+uLcwpzWTnyGKMFmNx/LTQRsD8r/l7bbE1MXYbmsvicoN8eXuoulg7+grXRLNnlrLk8F/5n+FELtVQI2tlSVGSqFkb1gpoITYCOIowwgd0isQJrDtx7iX5ptAtVoCxlUt08xi7g63o3LksA3gA90vX4TQcnhiFlJ2gTm7FgjyXAu3CMq/4vMA+bWqdf74lHPbKN3MqHpgBUiM0GeIx90piaWdC+Qd52ACZRd40THQUstnrSBxOWtHQI0RickGqKEFGGdmoE3Wx
X-Microsoft-Exchange-Diagnostics: 1; MWHPR05MB3598; 6:b1vY+k2P/4lFVliYoRVVrItPw9EC9hS/i38YjuNoCvfzNHKnu4fd7Q+SFWjUzVQgbPvXOV4MUTUJ03Vn6GrDkYbUrDNB+e8iOy/EcWydJVGaRGUp9XS6B3ift71wW00OMOMzw1LhJYdeL90rbnj2UWIJ3UGXJpvQFKU7XejFwFcNHf1ZE3UDlDH6leo49i2KE0CbESiBxQkR3QN6U0WT6bJIiFTa3XZMyDF/ZpRsIT3hn/cc6C0i9WKti+OWVKzROJrfKqpFxq81fsz1mnLblRkz8t2EyrtnMsWxL61U+I7PUUBoIWAzJl28EbLLhc5+8efeYUMrLIUZBKALfbdkdEAQNu2W9bpzUo3EIRWIGBI=; 5:vQLlUZ6X92N+Zzq/LIREvpipY+FxDJvYnoGfqBwufGvAx81c7yEZsYuyEauxngaNlDEELmcuqQKThSZnrDYCuCqujV09ERI5VU7X3Oe3e4NW1LxfMydipq9ok8aLQyxj0H7pUA8U5SYNVTMQgbLKD0dx/hXPdDc94LUDKaAyP7Y=; 24:Hi2A+iVJ4+MpmVYmRSdpW1FZ0Hq48jbDOwBtO4fI9SLMP67yEQDMq792TaPC2pPhcWR4t2CmCbndV4co3cqwHYB3TmivRITUpFESSY8rNXM=; 7:NjuEk5OKhld/YNO8Pxo8k+sSNTUf668+HI84mdFEhw1T1jNDFOgkYxdayo4ponQFVzsNLpCOxYaK4wlcjHMvF+geT1AgpLLbFOmivn3q9d+m6kFreE+K49mF+PyxnYfZl3xVADvAs9FMREc29L7eb2dM0/5E8syAuBo1bnpkK+ykRppg8za+843I4qqkeT3iLtX/rhC7RZNr1rawwC2lrJpix4Z5QEF8pD+ZHMcLJcM6IWcqkdMvJV66Tv7+VWv8
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: sprint.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2017 18:37:21.7628 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: f7e56856-0df5-4f77-184e-08d51a451911
X-MS-Exchange-CrossTenant-Id: 4f8bc0ac-bd78-4bf5-b55f-1b31301d9adf
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=4f8bc0ac-bd78-4bf5-b55f-1b31301d9adf; Ip=[144.230.32.82]; Helo=[preapdm3.corp.sprint.com]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR05MB3598
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/KvpdhR83W577nNgCgSG8sPGQZtE>
Subject: Re: [stir] Questions about stir-certificates
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Oct 2017 18:37:27 -0000

Paul,

There's a letter from Janice Kopec at the Federal Trade Commission (filed as ATIS document "IPNNI-2017-00106R000.pdf") to Tom Goode, General Counsel for ATIS, where the FTC staff provided feedback and guidelines for developing SHAKEN/STIR Caller Validation Display that may provide helpful context around some of the remarks in the discussion.

A few of the FTC comments were:

* Design fallbacks (e.g., when technology fails or is not available for some users, how does the system react and what is communicated)

* Warnings need to be accurate , or else users will get habituated and ignore them

* What do full, partial, and gateway attestation translate to in plain language?

* What are carriers able to vouch for with those data points, and with what level of confidence?  Need consistent interpretation of levels of validation.

* How will carriers handle calls at each level of attestation, when calls fail attestation, and when attestation is absent?

*Clearly differentiate between information about the caller ID and information about the content of the call.  Just because a call is authenticated doesn't mean the content of the call can be trusted.

Remember that SHAKEN attestion doesn't provide anything with respect to call content and intent.  And, robocalling and spoofed caller ID are not illegal.  They're used by government agencies and charities too, not just bad actors.

Call processing systems have a large variety of information presented to them from protocols designed by committees and interpeted by commercial programmers operating under challenging timelines and with limited resources.  Creating a stable consistent experience several millions of times a day will not be a quick achievement.  IMHO, application of SHAKEN/STIR will be permissive in the early stages, and really needs to be married to outboard analytics which look at things like network calling patterns and permit/deny lists in order to be able to render more reliable judgements to the network (or a client application) with respect to relative trustworthy-ness of a call attempt.

-----Original Message-----
From: Richard Shockey [mailto:richard@shockey.us]
Sent: Monday, October 23, 2017 11:28 AM
To: Paul Kyzivat <pkyzivat@alum.mit.edu>; Chris Wendt <chris-ietf@chriswendt.net>
Cc: stir@ietf.org; Gorman, Pierce A [CTO] <Pierce.Gorman@sprint.com>
Subject: Re: [stir] Questions about stir-certificates


For suitably smart devices (e.g. mobile phones) I would hope that
    various apps and configuration options for those apps can provide the UI
    to users. Then app providers can compete on who does it better and users
    can choose. And these can evolve over time as the uptake on the signing
    increases. Maybe this is what you mean by Call Analytics apps.

    It would be bad if all of this gets locked up in the FCC regulatory regime.

RS> Paul I don’t think this is going to get locked up in a FCC/FTC OFCOM CRTC like regime but the regulators do have legitimate concerns on consistency. The regulators have actually been quite helpful here. They are willing to eventually help with consumer education if the framework for display options is simple, and I also believe there are excellent opportunities for service providers to add value.   Sometimes choice is bad and confusing the consumer with different forms of UX could cause its own problems.  Its still early.




________________________________

This e-mail may contain Sprint proprietary information intended for the sole use of the recipient(s). Any use by others is prohibited. If you are not the intended recipient, please contact the sender and delete all copies of the message.

v2.23.0 | Report a Bug | By Email