IETF Logo Mail Archive

Re: [stir] Not just "called party" - Re: current draft charter

Dan York <york@isoc.org> Mon, 17 June 2013 20:30 UTC

Return-Path: <york@isoc.org>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0149021F9702 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 13:30:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n-XIDC36EAUJ for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 13:30:37 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0206.outbound.protection.outlook.com [207.46.163.206]) by ietfa.amsl.com (Postfix) with ESMTP id ADF0921F96EB for <stir@ietf.org>; Mon, 17 Jun 2013 13:30:36 -0700 (PDT)
Received: from BN1PR06MB072.namprd06.prod.outlook.com (10.242.211.17) by BN1PR06MB069.namprd06.prod.outlook.com (10.242.211.11) with Microsoft SMTP Server (TLS) id 15.0.702.21; Mon, 17 Jun 2013 20:30:29 +0000
Received: from BN1PR06MB072.namprd06.prod.outlook.com ([169.254.5.133]) by BN1PR06MB072.namprd06.prod.outlook.com ([169.254.5.155]) with mapi id 15.00.0702.005; Mon, 17 Jun 2013 20:30:29 +0000
From: Dan York <york@isoc.org>
To: Hadriel Kaplan <hadriel.kaplan@oracle.com>
Thread-Topic: [stir] Not just "called party" - Re: current draft charter
Thread-Index: AQHOa42aQgZvEdck+kOC1OHCyL3cgpk6GNgA
Date: Mon, 17 Jun 2013 20:30:29 +0000
Message-ID: <CDE4E27D.E4D5%york@isoc.org>
In-Reply-To: <453B19AF-088C-4859-8BEB-D5437B32456B@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.255.101.4]
x-forefront-antispam-report: SFV:SKI; SFS:; DIR:OUT; SFP:; SCL:-1; SRVR:BN1PR06MB069; H:BN1PR06MB072.namprd06.prod.outlook.com; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <D34A73573CD3544E945FDFDFCC987059@namprd06.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
Cc: "stir@ietf.org" <stir@ietf.org>, Michael Hammer <michael.hammer@yaanatech.com>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>, "jon.peterson@neustar.biz" <jon.peterson@neustar.biz>, "hgs@cs.columbia.edu" <hgs@cs.columbia.edu>
Subject: Re: [stir] Not just "called party" - Re: current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 20:30:46 -0000

Hadriel,


On 6/17/13 3:04 PM, "Hadriel Kaplan" <hadriel.kaplan@oracle.com> wrote:

>For sake of focus and having a prayer of getting this done before we all
>retire, 

Ack!  We need something deployable - and sooner rather than later.  I
definitely agree with that.

>I think we should focus exclusively on caller-id reputability.  No bank
>would ever trust this type of thing for called-party identity anyway,
>because it only identifies phone numbers not humans - i.e., at best it
>identifies a phone, not the person on the other end.  Thus they'll have
>to ask you a bunch of identifying questions anyway.

Yes, using a bank as an example was a poor choice on my part because they
do have many other processes for identifying the person they are calling.

In this era of call automation, though, being able to have better
confidence in the identifier of the number being called would be
advantageous and could feed application calling logic.  If an outbound
application called a number and received as the secure identifier the
number/identifier it had on file, the application could deliver whatever
message it had.  If there was a mismatch, the app could deliver a
different message ("please call us back") or transfer the call to a
waiting agent to perform an additional identification test of the person
being called.  

I agree that for the sake of getting a secure identifier out we should
focus on the called party identifying the caller, but as we look at
architectural choices it would be good if whatever we choose does not rule
out the usage by the calling party.

Dan


>On Jun 17, 2013, at 1:38 PM, Dan York <york@isoc.org> wrote:
>
>> I would not necessarily restrict it to the "called party".  This is the
>> dominant use case we've been discussing, I.e that I receive a call and
>> want to be as certain as possible about the identity of the endpoint
>> calling me.
>> 
>> However, I could be calling out to my customers or clients and as the
>> "calling party" would like to be as certain as possible that I am
>>reaching
>> the correct endpoint.  Consider a bank wanting to reach a customer about
>> issues with the customer's account - or to verify a recent transaction.
>>Or
>> a doctor's office want to relay results to a patient and wanting to be
>> sure they are reaching the patient's number.
>> 
>> My understanding is that we are aiming to solve the "secure origin
>> identification" challenge - and that could apply to either or both ends
>>of
>> the conversation.
>> 
>> Dan
>> 
>> _______________________________________________
>> stir mailing list
>> stir@ietf.org
>> https://www.ietf.org/mailman/listinfo/stir
>

v2.23.0 | Report a Bug | By Email