[stir] SHAKEN but not STIRred means 666 can cause collateral damage

Brian Rosen <br@brianrosen.net> Thu, 17 November 2016 01:15 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 24750129604 for <stir@ietfa.amsl.com>; Wed, 16 Nov 2016 17:15:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id P2xKw8O4CfXu for <stir@ietfa.amsl.com>; Wed, 16 Nov 2016 17:15:00 -0800 (PST)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CAB81295FB for <stir@ietf.org>; Wed, 16 Nov 2016 17:14:53 -0800 (PST)
Received: by mail-qk0-x233.google.com with SMTP id q130so199656608qke.1 for <stir@ietf.org>; Wed, 16 Nov 2016 17:14:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:subject:message-id:date:to :mime-version; bh=yb5bGdAWEGLDPptGL/pofXIrRQxifhXBH6gwtOvsXfc=; b=qBNPFWV172ZU5yYIwnqBXjsb91TSzSx5TzGKAOA2cRO7JZGGYt1uy9/iuQOFw1TGea C48nk9EdMTb4plhQROgZIo0tEhUZxiFn98nV7yjlnEq3tBgI6rV7fNYwtBFidgh2xQrB 9Wzdsr8zmxAXyh8OiiBssGDyBtzv/Lin3TipyAIBlFZv62Ugauexk/J8WvLg21cjriJp PVZ09Rgd05qrWf4GdyTTBh+Yx48sVDZGzlCR3sTH5ZpbrWqwNPpDbGLsIjxcvmg0D82N G+5plikxXJyJFJWBS7EJTRG751roYoJKLic4HXS40sJSK05MjjkAgqN6NDzwgw1YwDFg 1fBQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:content-transfer-encoding:subject :message-id:date:to:mime-version; bh=yb5bGdAWEGLDPptGL/pofXIrRQxifhXBH6gwtOvsXfc=; b=HNsQLG6gjFdAyJn6/8jWQMbTaPNRCbbB7vS4Pgo6a1no4e2H0vzVHbVFlpx9v3gjXR kdkhHkruNj/HnivNxPx11tv1WZcinelAkeQPXC588IzborjpV2teH17DtLBpbZG5HGBh z2HiiBZ3ZE12vzkA+aOwDFwNdx4L5pRYB52UXR5OFp+ZXo2k5N/PDe38kxpu8MwFSSfr wTi/mCUBh8kMeWlBoovTKzHhMM2EGVrUIT0hdxfMQf6ZPXABxEjtyGFDSjeJr2wEgYlP 1fbJ/TYP32vp5Yg7TumPAbhL0x07/+tJtI+4LmaY4/8IeL4rsJvtwhxeDSBtoJo5IXrZ 3k5A==
X-Gm-Message-State: AKaTC03OtCJg1W3lbkkgcH94EIJa5hb8X/9xD/Hpx74D1yb0yPa1g7l4YG0kZ7e3d+iQWQ==
X-Received: by with SMTP id p64mr614768qka.11.1479345291851; Wed, 16 Nov 2016 17:14:51 -0800 (PST)
Received: from [] ([]) by smtp.gmail.com with ESMTPSA id a141sm269601qkg.49.2016. for <stir@ietf.org> (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 16 Nov 2016 17:14:50 -0800 (PST)
From: Brian Rosen <br@brianrosen.net>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <AE9EB3D9-1F5C-4CA4-8F8C-66D4993D2318@brianrosen.net>
Date: Thu, 17 Nov 2016 10:14:46 +0900
To: IETF STIR Mail List <stir@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/PiUJu2_Hen15CSXO6AXsLeZqioo>
Subject: [stir] SHAKEN but not STIRred means 666 can cause collateral damage
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2016 01:15:02 -0000

I’ve sent this to stir, even though it has not been decided where the 666 draft will land, and SHAKEN is not even in the IETF.

The original idea of stir is that the credential used to sign is granted as a result of delegation of the telephone number.  When used as envisioned, a valid signature will (mostly) guarantee that the calling party number has not been spoofed.  If we then implement 666, which is a mechanism to create a black list, then numbers reported as spam come from the actual TN they were placed with, or the signature wouldn’t be valid and we get what we want.

SHAKEN doesn’t do that.  It doesn’t check the TN, it only states that the service provider who signed it is willing to say something about the call.  It has a very desirable capability to lead authorities to the source of spoofed calls.  It will very clearly help us cut down on spoofed calls.

However, when used with 666, SHAKEN has the problem that spoofing is still allowed - it’s just that we can better trace it to its source.  But if a user reports SPAM with a SHAKEN signed claim, the spoofed TN is marked as a spam source.  That means the legitimate owner of the TN may have trouble placing calls.  666 creates collateral damage.