[stir] Validating TN authority together with number portability
Julio Martinez-Minguito <julio.martinez-minguito@ericsson.com> Wed, 16 August 2017 09:21 UTC
Return-Path: <julio.martinez-minguito@ericsson.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 353D7132025 for <stir@ietfa.amsl.com>; Wed, 16 Aug 2017 02:21:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xCMzzoFHP99c for <stir@ietfa.amsl.com>; Wed, 16 Aug 2017 02:21:54 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F231200B9 for <stir@ietf.org>; Wed, 16 Aug 2017 02:21:54 -0700 (PDT)
X-AuditID: c1b4fb2d-4e93a9c0000057a4-40-59940eb056ca
Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.183.63]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 35.53.22436.0BE04995; Wed, 16 Aug 2017 11:21:52 +0200 (CEST)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (153.88.183.145) by oa.msg.ericsson.com (153.88.183.63) with Microsoft SMTP Server (TLS) id 14.3.352.0; Wed, 16 Aug 2017 11:21:29 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.onmicrosoft.com; s=selector1-ericsson-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=vFeVb/Rv2EaAjsc05009raJaWz9lwWXSop+uHGGvdeg=; b=fz5QBeLWkhaAuUEevTC7e7J2DDaotQHQFQrMGI9tKzkCrf6kNfglnuZ+SONGtJ0CuK3PEWBnWZhBO509XNDb0mtNnx0xUpp/nqUQ4++RF4ayxPaXXwLs1fQWS332mvt3QOg0Y9AvRm8X7D5A8s1lA+A3l/p5BJ/2Pd0NPTjAizc=
Received: from DB5PR07MB1127.eurprd07.prod.outlook.com (10.163.103.157) by DB5PR07MB0887.eurprd07.prod.outlook.com (10.161.196.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1362.12; Wed, 16 Aug 2017 09:21:28 +0000
Received: from DB5PR07MB1127.eurprd07.prod.outlook.com ([fe80::9090:5fed:5bcf:1aff]) by DB5PR07MB1127.eurprd07.prod.outlook.com ([fe80::9090:5fed:5bcf:1aff%14]) with mapi id 15.01.1362.018; Wed, 16 Aug 2017 09:21:28 +0000
From: Julio Martinez-Minguito <julio.martinez-minguito@ericsson.com>
To: "stir@ietf.org" <stir@ietf.org>
Thread-Topic: Validating TN authority together with number portability
Thread-Index: AdMWbZ5Gal6PDfc1QQq1QCbE62ZgWA==
Date: Wed, 16 Aug 2017 09:21:28 +0000
Message-ID: <DB5PR07MB1127A3D6068F833DC04C9A06C7820@DB5PR07MB1127.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=julio.martinez-minguito@ericsson.com;
x-originating-ip: [192.176.1.93]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB5PR07MB0887; 6:n9RhdJBZiCtMrHYttHjVN9sFFIA96fipZTiC+BhPCRB9UDrHG04PtRAkoAsffdaytwkgBZptRw3suh1W0hhO+Fw0033SySFUAdB4Ym0NlTdii39+Gki643zd0X+OGQEY2qBkQPkGl+7O3fk5MOFOQvA/Ad6aiANPl3TrfTmmVj6c+OPnVkL5uMTK1byTGmlISNx/lJgsXkOhlsBLmTOhv0tw4fcOMlIhjvBTxquJsO+RBh/1cXQwLFRmkw7a/WMwlj+dqqmK8Xdf57LpZLYrZI5vG7bz1iUeCkedPE9hg2Hk730A5tk8FSa85xNhg461p76/lZrfYYlXqeGFbhQKRw==; 5:FzCFolM6AsrtGc4rySxkhaQQp4mHgQ7iqDKtUEqK3ppNp5WxKDf/1FF/5Bm641rX58av3tKdvwDK8wwexG+rpXVIFbRKxuFvhfY8Chr75DEYy8aCAdv2CFRLPhGvvuL80m2RKLE8KLFsnja0muQvXA==; 24:lQKe28XOcNYuou2ytO/dLl8LvqFo04L40pWmo2gzjPI18D5qYEeANBa9OjM/E1SvnbNIr7DtxjHFYDV7vcEulEhB3t/zkyv25UB1e2/9e4M=; 7:yAPc2u5ovPG4Tw/4jEpOt4VCCgRwckyGXL2eJcEeugvcg6E3AwNZPl8giTmzo/+jXh8AgztLO3yEJq+nF1eUHtaiopVVU2Q2l7XmvDsi1DshniLV8apMo8c+vugyTT+w8XYI/tZ9XFFDuwt6d3oO8oeDmL0Cu/L7Se5pEd70L07PiNCGoz/cnT5djdRa9hU2nFUfTrcG1TbJk9FpW/DFiSe2wyMzYVIbqsv8kaLMFvk=
x-ms-office365-filtering-correlation-id: 1b37ec83-86a7-4f4c-ca2e-08d4e4882cfe
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(300000503095)(300135400095)(2017052603031)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:DB5PR07MB0887;
x-ms-traffictypediagnostic: DB5PR07MB0887:
x-exchange-antispam-report-test: UriScan:(158342451672863)(21748063052155)(21532816269658);
x-microsoft-antispam-prvs: <DB5PR07MB08871175421B58CE38D3292FC7820@DB5PR07MB0887.eurprd07.prod.outlook.com>
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(93006095)(93001095)(100000703101)(100105400095)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DB5PR07MB0887; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DB5PR07MB0887;
x-forefront-prvs: 0401647B7F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(199003)(189002)(6436002)(81166006)(105586002)(8676002)(81156014)(106356001)(1730700003)(2351001)(2501003)(5250100002)(6506006)(66066001)(2906002)(3660700001)(6116002)(790700001)(19609705001)(3280700002)(8936002)(3846002)(102836003)(110136004)(86362001)(74316002)(189998001)(2900100001)(5660300001)(25786009)(53936002)(9686003)(54896002)(6306002)(7736002)(5640700003)(55016002)(99286003)(478600001)(68736007)(14454004)(9326002)(6916009)(5630700001)(54356999)(7696004)(33656002)(50986999)(97736004)(101416001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB5PR07MB0887; H:DB5PR07MB1127.eurprd07.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_DB5PR07MB1127A3D6068F833DC04C9A06C7820DB5PR07MB1127eurp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Aug 2017 09:21:28.6256 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR07MB0887
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPKsWRmVeSWpSXmKPExsUyM2K7ve4GvimRBr37FC2Wr93G5MDosWTJ T6YAxigum5TUnMyy1CJ9uwSujNmdKxgL9jhULDzdzdzAuNa8i5GTQ0LARGLHo4NsXYxcHEIC Rxglpi9eD+WcYJQ4sOQdO4jDItDLLLH/bC9UZiaTxOR1z1lA+oUEHjNKrLnDBWKzCbhI3Dpx lxHEFhFQltiy7g47iC0s4Cixd+oTNoi4m8TczcuYIWw9iRmXn4HVsAioSsx/vxoszisQI3H7 5HSwOYwCYhLfT61hArGZBcQlbj2ZzwRxt4DEkj3nmSFsUYmXj/+xQtSnS3xvPgdkcwDFFSTu 34yCKJGVuDS/mxHkfgmBNnaJpw8WskHU+ErM2qICEX/EJNF/ei/UfC2JlZNmQ9nREseuXYay syWmbv7DBtFwmVVi4cG/UAkZiQst56A2nGGV+Hq3nxUSQqkSy9e2MkJCQkri7pVOKFtG4sWd vawTGDVmIXkOws6XWNbZzjILHBiCEidnPmGBiOtILNj9iQ3C1pZYtvA1M4x95sBjJmTxBYzs qxhFi1OLi3PTjYz1Uosyk4uL8/P08lJLNjECk83BLb91dzCufu14iFGAg1GJh/cS+5RIIdbE suLK3EOMEhzMSiK8V39MjhTiTUmsrEotyo8vKs1JLT7EKM3BoiTO67DvQoSQQHpiSWp2ampB ahFMlomDU6qB0fyz1F5ln/Wv+V25uEPc53wyqunvnhdem+fc3JDS6SeqMnOfX2pk+cWWZQp9 kxy/vUo/NnvuXwP9xH9SErLXlvgInlxxa/mdSouwR5Kv0g8FrG6OrAi9uCk0Uagp4/eGczKn rRb2Xl3bVNPTe7W7eN733n5D0fZXvk+Cl9dXd36d47MsSzJKiaU4I9FQi7moOBEAnL4vlTID AAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/NeqC9YVdpCR4Rkqms405UJP0PpU>
Subject: [stir] Validating TN authority together with number portability
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Aug 2017 09:21:57 -0000
Hi,
The current drafts for RFC4474bis and certificates describe how to validate that a telephone number is owned by the operator signing the calling Identity. A TNAuthorizationList may be included in the certificate listing the numbers the operator is authoritative for.
However, I see some issues handling this together with number portability which need to be clarified.
Subscribers will be ported in and out quite frequently, making the information in the certificates obsolete. To keep up the pace with the number portability, the operators certificates would have to be updated frequently. Should the certificates have short validity times? E.g. 1 week, or even shorter?
Instead of having the TN information in the certificate and need to update it constantly, it would be more appropriate to have a trusted server connected to the national Number Portability DB (to update the information) to which the verifiers can connect and retrieve the authority information. Each verifier could retrieve the TN lists for operators and refresh the list daily, without needing to re-issue operator certificates, so it would be updated with the latest portability.
About how to represent the TN lists, e.g. if an operator owns the range 555-xxxx, with the current definitions it will be easy to describe:
TelephoneNumberRange ::= SEQUENCE {
start TelephoneNumber = 5550000,
count INTEGER (2..MAX) = 10000
}
Now, if number 555-6789 moves to another operator we have to represent with:
({start = 5550000, count = 6789}, {start = 5556790, count = 3210})
As more numbers are moved out from the range, this representation format will get messy and difficult to manage.
To handle NP it would be easier to keep the original range, and include a list of excluded numbers which have been ported out, e.g.:
TelephoneNumberRange ::= SEQUENCE {
start TelephoneNumber,
count INTEGER (2..MAX),
excludedNumbers SEQUENCE SIZE (1..MAX) OF TNEntry
}
Is this a feasible solution? Is it too late to handle now due to the current state?
- Re: [stir] Validating TN authority together with … Julio Martinez-Minguito
- Re: [stir] Validating TN authority together with … Alex Bobotek
- Re: [stir] Validating TN authority together with … Brian Rosen
- Re: [stir] Validating TN authority together with … Chris Wendt
- Re: [stir] Validating TN authority together with … Julio Martinez-Minguito
- [stir] Validating TN authority together with numb… Julio Martinez-Minguito
- Re: [stir] Validating TN authority together with … Chris Wendt
- Re: [stir] Validating TN authority together with … Eric Burger
- Re: [stir] Validating TN authority together with … Brian Rosen
- Re: [stir] Validating TN authority together with … Chris Wendt