IETF Logo Mail Archive

[stir] Re: [art] Re: For those of you who follow this kind of stuff.

Roman Shpount <roman@telurix.com> Wed, 08 October 2025 05:18 UTC

Return-Path: <roman@telurix.com>
X-Original-To: stir@mail2.ietf.org
Delivered-To: stir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B74AC6F25228 for <stir@mail2.ietf.org>; Tue, 7 Oct 2025 22:18:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=telurix.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DyOcZJQmSjzv for <stir@mail2.ietf.org>; Tue, 7 Oct 2025 22:18:28 -0700 (PDT)
Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 13FB16F2520E for <stir@ietf.org>; Tue, 7 Oct 2025 22:18:28 -0700 (PDT)
Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-5848a2b3c8aso1070409e87.0 for <stir@ietf.org>; Tue, 07 Oct 2025 22:18:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix.com; s=google; t=1759900707; x=1760505507; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VwVKzS8me6HMprvE1BcfjwYlmveMPR9FNazW0eMYN74=; b=rL+gib5xYW2dCHYA7cKLFKzAjzNrPgx3z3kkrp7TttTgQ/AZJFAUNkRQXtuF1fQCPK 2oyPXy0RQUNbfd79EgpKwh5P+4A7IZoi1r6gNsUtVxsn9p1Xwif2duIS2FN8EvSHbpLW Zk9AKo2jFak8f07FLbaIH1lxnhnaOpVtLA0gY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1759900707; x=1760505507; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VwVKzS8me6HMprvE1BcfjwYlmveMPR9FNazW0eMYN74=; b=H7Yy8J675b6jumERf9HTdiM0z8DL9MfDcasossVgGsP3zEJHw55a/TfC+4wWC7lIr5 0KQ33YGnAhYwpRWNNNSZoJbjp5KyX2vfChWC2m8y9wGR8SPke596p3M/f7CrUgdKBlDs qR2UrnYJfskd+vShXFmybTRjOfgbBt+ZrZ10DAKV4yCAVZjQHiSHLgpVkjMz2QmdBC3v XdTlqNrnsNw5y+g8ieWU/Kf4K+kzGOrmkPXAMXhijIn5Lp+sK7QOSC2lYeJGO70ro2ql /n6GZMYnDP03DKUB7s82DxtyJ4ppdCKsRINQK+kmt07mto8gXEKTgXndj4e4V2/cmBQ6 n3qw==
X-Forwarded-Encrypted: i=1; AJvYcCVlbbtiyC0gg5O8uASE7Uz94tO8+9lUNXYDq9MS1TDuZ5JAavN4bfahTVlTjRGK31L9T5nN@ietf.org
X-Gm-Message-State: AOJu0Yw34XG5EgHuqS/oRHkCqXerMPzhUW+Z36TBAWkNcFWU4XuDYY33 yVqxjrCxKyzcxZW0P2XCAzqLSINiWlj9S1Q4M+pqXIaOYFAPhInYtOSrQpXU/xYwn2oPsS3Pawn meYzm
X-Gm-Gg: ASbGncuICiVbDWIMx9mvZ4mh1q1cdp/0StKqToUNdrJNoYzSn/91ysG9W8v12JmGu3g kwQr5P7BB16uWyhR5YMu8RPTHsZ/34fCYLq+lcUSSW9eVu8kHcP+m/qYT32zs15fa+mom/ySkhN nsD2YtCxzYBffS8k7UAq6NEPK/4DR5znZFiN5ewjcCJ25pFkzoWcqJhgGSneUqeOgVFRSMt76xd 0jp6cpuyO9pBMtu9MwDQwABoNljHYfx5UoIXKcbPImGYUud9ErZ5PBYnB6AJTGPRUS7ZVeF3Kb5 aKB3Q5fTTSk3jtmZrKlMKwDWKLHbq0+lBXY04awNIwaOTgesk9wXcp9Ujm68oNT3KaCYTS397mO kXv0oVcThJOobzSSpDpDCsMXBNSKZ6GdLxaA7U3RMjMhtwyRlfmVpZ7z8Js6hus+p+lCw7T1f/j HnOJJBzcsQNvvMWr8=
X-Google-Smtp-Source: AGHT+IH3JfBQ+3/0RTMQApE62ZD99ZqDhVvGIFI0iNuQoSATJOty8KnUQoLu1YGQuI7gUecRt/jWXg==
X-Received: by 2002:a05:6512:b84:b0:590:6150:ddf8 with SMTP id 2adb3069b0e04-5906dafcd3emr287657e87.9.1759900706477; Tue, 07 Oct 2025 22:18:26 -0700 (PDT)
Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com. [209.85.167.46]) by smtp.gmail.com with ESMTPSA id 2adb3069b0e04-58b011ab25asm6802028e87.119.2025.10.07.22.18.25 for <stir@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 07 Oct 2025 22:18:25 -0700 (PDT)
Received: by mail-lf1-f46.google.com with SMTP id 2adb3069b0e04-57f1b88354eso7010895e87.1 for <stir@ietf.org>; Tue, 07 Oct 2025 22:18:25 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCVaqr2A1vzUvhXlqp4lQDo27g8RSNuKv/K9QHPtN38fdsMnLIwBVzDLuPk+FLVWBa8uFaLS@ietf.org
X-Received: by 2002:a05:6512:3e11:b0:57c:6376:b42d with SMTP id 2adb3069b0e04-5906dae6b86mr441636e87.29.1759900705225; Tue, 07 Oct 2025 22:18:25 -0700 (PDT)
MIME-Version: 1.0
References: <BDE3EA55-E1F7-4575-9251-874BD0CEFD37@shockey.us> <CAD5OKxsXX-+QcJCN_ymdO1XC_jEtbUcZq81oiPo7+DOnV2R+VA@mail.gmail.com> <49BE4C2A-DC24-4445-A296-A8E26689DA2A@shockey.us> <CAD5OKxvVwVyeF1AYY72rCEhFNkYuxB=D8EOt+1iDSB5LyMLwLQ@mail.gmail.com> <DM6PR13MB406762742DB674A370055AAB9AE1A@DM6PR13MB4067.namprd13.prod.outlook.com>
In-Reply-To: <DM6PR13MB406762742DB674A370055AAB9AE1A@DM6PR13MB4067.namprd13.prod.outlook.com>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 08 Oct 2025 01:18:11 -0400
X-Gmail-Original-Message-ID: <CAD5OKxsCDRA_TWfqBNQjpoACntFfqOS98cVHL8aWNR8YKvjR+Q@mail.gmail.com>
X-Gm-Features: AS18NWCTOO2YnwzwcVZTj53STr1lhwV38Pe-k8SPdJ2zyUtEtMRPdlxCCK25Z1I
Message-ID: <CAD5OKxsCDRA_TWfqBNQjpoACntFfqOS98cVHL8aWNR8YKvjR+Q@mail.gmail.com>
To: Brett Nemeroff <Brett.Nemeroff@numeracle.com>
Content-Type: multipart/related; boundary="000000000000601d4a06409ed06c"
Message-ID-Hash: K6IFFAH4DBA7T7VS26MZJ7UJK7O2V2I5
X-Message-ID-Hash: K6IFFAH4DBA7T7VS26MZJ7UJK7O2V2I5
X-MailFrom: roman@telurix.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-stir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Richard Shockey <richard@shockey.us>, IETF STIR Mail List <stir@ietf.org>, "art@ietf.org" <art@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [stir] Re: [art] Re: For those of you who follow this kind of stuff.
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/T9bQCuKiiLFyYzM-dhKu7MbnVaI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Owner: <mailto:stir-owner@ietf.org>
List-Post: <mailto:stir@ietf.org>
List-Subscribe: <mailto:stir-join@ietf.org>
List-Unsubscribe: <mailto:stir-leave@ietf.org>

Brett,

FCC was very deliberate in not specifying the KYC requirements. This being
said, all carriers introducing traffic to the US phone network should have
a KYC policy described in the RMD database. Carriers that did not provide
an adequate policy have been removed from the RMD database and are no
longer permitted to originate traffic. Additionally, if, as a carrier, I
can set the A-level attestation for the call based on my KYC policy, I
should be able to specify the Rich Call Data accordingly, especially if
this is required when A-level attestation is provided.

I have a strong feeling that certain providers care more about creating new
sources of revenue for themselves through regulatory arbitrage than about
creating a healthy infrastructure to prevent robocalls. A glaring example
is iConnectiv providing SPC tokens, but not the signing certificates, which
artificially creates business for specialized certificate authorities.
Ironically, this business opportunity is so small and labour-intensive that
no one actually wants to do it, trying to shepherd carriers towards the
hosted signing solution.

To summarize, if, as a carrier, I am entrusted with an SPC token, I should
be trusted to provide the Rich Call Data. If I am not trusted to provide
Rich Call Data into the network, I should not be introducing any traffic
into it. If the FCC mandates Rich Call Data, it should mandate that
carriers accept it without creating walled gardens, with each carrier
charging a fee to actually accept the data.

Finally, if we intend to mandate the transmission of personally
identifiable data with every call, we need to update SIP with a scalable
and secure transport protocol. Most current carrier SIP implementations
still use UDP. SIP-over-TLS suffers from head-of-the-line congestion
issues. SIP is in dire need of a secure datagram-based protocol, such as
QUIC. I am surprised that no one from the STIR group brought this to the
SIPCore, so that a more scalable and secure protocol capable of carrying
Rich Call Data could be standardized.

Best Regards,
_____________
Roman Shpount


On Tue, Oct 7, 2025 at 8:42 PM Brett Nemeroff <Brett.Nemeroff@numeracle.com>
wrote:

> Hello Roman,
>
> In my opinion, US Carriers are unlikely to accept vanilla RCD data because
> of the lack of defined KYC.  RCD is a very good vehicle for delivering the
> RCD, but it depends upon implicit trust of the originating service
> provider. “Vanilla” RCD offered like this to terminating service providers
> gives no assurance to the terminating service provider that the originator
> performed any specific KYC.
>
> CTIA’s BCID is based on RCD but details an ecosystem with specific KYC
> requirements. Participating in this ecosystem will allow for the delivery
> and native presentation of RCD.
>
> It’s worth noting that without a defined ecosystem for RCD such as BCID,
> RCD provides little (trust)  benefit over traditional CNAM other than the
> fingerprints of the originating service provider for enforcement purposes.
>
> -Brett
>
>
>
> Brett Nemeroff
> VP of Engineering - Voice
> Brett.Nemeroff@numeracle.com <%7BE-mail%7D> | 1-512-203-3884
>
> [image: Logo.png] <https://www.numeracle.com/>
>
> Empowering Calls with
> Identity Management
> <https://www.numeracle.com/insights/entity-identity-management-to-empower-your-calls>
>
>
>
> * CONFIDENTIAL From: *Roman Shpount <roman@telurix.com>
> *Date: *Tuesday, October 7, 2025 at 7:24 PM
> *To: *Richard Shockey <richard@shockey.us>
> *Cc: *IETF STIR Mail List <stir@ietf.org>, art@ietf.org <art@ietf.org>
> *Subject: *[stir] Re: [art] Re: For those of you who follow this kind of
> stuff.
>
> You don't often get email from roman@telurix.com. Learn why this is
> important <https://aka.ms/LearnAboutSenderIdentification>
> In my day job, I see a lot of robocalls coming through the LEC local
> switches as TDM, as local re-origination with spoofed ANI.
>
> I would also love to sign Rich Call Data with my SPC token and not have
> wireless carriers discard this data. If I provide the information about my
> customer, I am unsure why I need to pay someone else to sign this
> information.
> _____________
> Roman Shpount
>
>
> On Tue, Oct 7, 2025 at 8:11 PM Richard Shockey <richard@shockey.us> wrote:
>
>
>
> It wont . You mean the legacy TDM/SS7 crap…this is the beginning of
> mandating all SIP in the US realtime US voice network as the British have
> done.
>
>
>
> I would not want to own a Tandem Access network.
>
>
>
> The US industry is pretty clear on this.  You only need to read the FCC
> 17-97 docket at the FCC ECFS website to understand where the players
> actually are.
>
>
>
> This again is my day job.
>
>
>
>
>
> Richard Shockey
>
> Shockey Consulting LLC
>
> Chairman of the Board SIP Forum
>
> www.shockey.us
>
> www.sipforum.org
>
> richard<at>shockey.us
>
> Skype-Linkedin-Facebook –Twitter  rshockey101
>
> PSTN +1 703-593-2683
>
>
>
>
>
> *From: *Roman Shpount <roman@telurix.com>
> *Date: *Tuesday, October 7, 2025 at 7:37 PM
> *To: *Richard Shockey <richard@shockey.us>
> *Cc: *IETF STIR Mail List <stir@ietf.org>, <art@ietf.org>
> *Subject: *[art] Re: [stir] For those of you who follow this kind of
> stuff.
>
>
>
> How would this work with PSTN links?
>
> _____________
> Roman Shpount
>
>
>
>
>
> On Tue, Oct 7, 2025 at 6:59 PM Richard Shockey <richard@shockey.us> wrote:
>
>
> The United States government is going to mandate Rich Call Data in the
> network.
>
> https://docs.fcc.gov/public/attachments/DOC-415059A1.pdf
>
>
> Richard Shockey
> Shockey Consulting LLC
> Chairman of the Board SIP Forum
> www.shockey.us <http://www.shockey.us>
> www.sipforum.org
>
> richard<at>shockey.us
> Skype-Linkedin-Facebook –Twitter rshockey101
> PSTN +1 703-593-2683
>
>
>
>
>
>
> _______________________________________________
> stir mailing list -- stir@ietf.org
> To unsubscribe send an email to stir-leave@ietf.org
>
> _______________________________________________ art mailing list --
> art@ietf.org To unsubscribe send an email to art-leave@ietf.org
>
>

v2.35.0 | Report a Bug | By Email | System Status