IETF Logo Mail Archive

Re: [stir] current draft charter

Brian Rosen <br@brianrosen.net> Wed, 12 June 2013 22:02 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E98E21E8128 for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 15:02:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.386
X-Spam-Level:
X-Spam-Status: No, score=-100.386 tagged_above=-999 required=5 tests=[AWL=0.051, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_NET=0.611, RDNS_NONE=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6IUr8e9waAN3 for <stir@ietfa.amsl.com>; Wed, 12 Jun 2013 15:02:38 -0700 (PDT)
Received: from mm2.idig.net (unknown [70.33.247.98]) by ietfa.amsl.com (Postfix) with ESMTP id 690E121E8135 for <stir@ietf.org>; Wed, 12 Jun 2013 15:02:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=brianrosen.net; s=default; h=To:References:Message-Id:Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version:Content-Type; bh=gpKq/+RPCKfI+RFdp9dDHk4DdLm/SLekMmF6rWfOJhc=; b=AGrtBkTomIWqvJaFCEOuSfnfmUuMAHsHym563mGDrMNNsWMaFVF0+LCEfi6+6/Ejx89dRtJXeekswhVA2vzmFVjqQqX62a+n8WxCYkuec8gwSaWoJifnx9hI8d/dNEQFbT/y0vC6VHBy4WPghZW5IyImt0As1JLsM5hm1HchpPg=;
Received: from neustargw.va.neustar.com ([209.173.53.233]:36954 helo=[10.33.193.6]) by mm2.idig.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80.1) (envelope-from <br@brianrosen.net>) id 1Umt7j-00085e-Gs; Wed, 12 Jun 2013 18:02:35 -0400
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <51B8EB34.9030803@bbiw.net>
Date: Wed, 12 Jun 2013 18:02:33 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <78385DAF-D8C1-40AC-B996-BCFA01444CD5@brianrosen.net>
References: <CDDE44D8.D939%york@isoc.org> <B6D6C44E-3FE3-4342-9BDD-4096D4B66DD7@oracle.com> <51B8EB34.9030803@bbiw.net>
To: Dave Crocker <dcrocker@bbiw.net>
X-Mailer: Apple Mail (2.1503)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - mm2.idig.net
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - brianrosen.net
X-Get-Message-Sender-Via: mm2.idig.net: authenticated_id: br@brianrosen.net
Cc: "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2013 22:02:42 -0000

1. the "global root" problem - who owns and manages e164.arpa, and what are the rules?
2. It took action by the regulator before anything happened.  Because many regulators didn't understand what this thing was, and still don't, they didn't act
3. It took a level of cooperation between service providers who owned parts of the hierarchy that could not be gained
4. Any public database that was able to show any information about a telephone number was considered a privacy issue, requiring a lot of "sign off", which never happened. 
5. Everyone objected to being able to determine what numbers were "live"
6. Carriers objected to a public database that told competitors what numbers they controlled
7. The DNS query was a poor fit for the problem - what evolved was a SIP redirect interface because no vendors liked the DNS interface
8. Delegation of numbers don't fit a tree model any more
9. URIs and other things you put in the DNS were insufficient for the problem
10. Other databases for the problems existed, and it was easier to use them, mostly because they existed.  These are non-public databases

As Rich Shockey notes, there is a fair amount of "ENUM" deployment inside carriers, although it's a SIP redirect interface.  The underlying data structures are the same as ENUM.  Actually, it's only the interfaces for provisioning that are the same.  No one ever does a DNS query.

If we want this deployed soon, it's my considered opinion you can't have a public per-TN database.

We learned in ENUM that DNS is not a good fit for a telephone number.  We understand it looks attractive, but it doesn't fit, primarily because the tree doesn't reflect the delegation model, and a complete tree out to each individual TN is not really a practical solution.  Delegations are ranges.  DNS doesn't do ranges.  Delegations have port-out issues, which DNS doesn't do unless you populate the whole tree.  It's a bad fit.

The DNS guys, at the time, kept asking us "do the limitations of DNS work for you"?  We kept believing, and saying yes.  I now understand why they kept asking the same damn question over and over.  The limitations do not work for us.

My company has built ENUM based systems.  We continuously trip over the mismatch between the DNS model and the problem.  We fix it by ignoring the DNS model, building a database that matches the actual delegation model and treating the DNS query as an awkward, but solvable interface issue.  And it still bites us on things like UDP (very bad for DDoS security) and the restrictions on what a NAPTR can do.

Brian
On Jun 12, 2013, at 5:42 PM, Dave Crocker <dcrocker@bbiw.net> wrote:

> On 6/12/2013 2:38 PM, Hadriel Kaplan wrote:
>> On Jun 12, 2013, at 4:40 PM, Dan York <york@isoc.org> wrote:
>>> ... I think this issue will get in the way right now.  As much as I would
>>> love to see this as a good example of where DANE can help, I still haven't
>>> been able to wrap my brain around how we could use DNS for telephone
>>> numbers without running into all the exact same issues that made public
>>> ENUM non-deployable.  :-(
>> 
>> That begs the question of what issues you think made Public ENUM fail, and why we won't hit the same issues in whatever model we choose.
> 
> 
> +1
> 
> 
> d/
> 
> 
> -- 
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email