Re: [stir] The Canadian Regulator has issued a Notice of Consultation on robocalls spoofing STIR/SHAKEN

Tony Rutkowski <tony@yaanatech.co.uk> Sat, 04 February 2017 23:39 UTC

Return-Path: <tony@yaanatech.co.uk>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1AED12957F; Sat, 4 Feb 2017 15:39:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrIHVl8pzCNv; Sat, 4 Feb 2017 15:39:36 -0800 (PST)
Received: from uk-www1.yaanatech.uk (uk-www1.yaanatech.uk [46.20.116.155]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D0054129550; Sat, 4 Feb 2017 15:39:35 -0800 (PST)
Received: from [192.168.1.51] (pool-70-106-242-209.clppva.fios.verizon.net [70.106.242.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by uk-www1.yaanatech.uk (Postfix) with ESMTPSA id C3D9F540481; Sat, 4 Feb 2017 23:39:31 +0000 (GMT)
References: <7F3DCD21-1085-4961-82D7-CE12DB308305@shockey.us> <a9417cde-33d4-3da2-ad2a-5b83bd81701f@yaanatech.co.uk> <74394dc8-5a61-cb8f-eb9d-98b499256326@dcrocker.net> <5fbc40d2-51f5-7073-f99a-488cd53f8fce@yaanatech.co.uk> <974c2333-aef5-1c93-744c-58dbaaa20ca9@dcrocker.net> <286e60eb-baa3-c4ec-6c32-43e217713310@yaanatech.co.uk> <3d4c18f8-f08c-8ce9-6e37-5498069ae5df@bbiw.net> <4B1956260CD29F4A9622F00322FE0531012CFB5151B1@BOBO1A.bobotek.net> <bee03501-accf-8bb4-b9d9-06f4cb494045@yaanatech.co.uk> <0B356151-08C2-48B6-A946-2C2200756AFD@shockey.us>
To: Richard Shockey <richard@shockey.us>, Alex Bobotek <alex@bobotek.net>, Dave Crocker <dcrocker@bbiw.net>, "stir@ietf.org" <stir@ietf.org>, "sipcore@ietf.org" <sipcore@ietf.org>
From: Tony Rutkowski <tony@yaanatech.co.uk>
Organization: Yaana Ltd
Message-ID: <d375969c-a879-f284-9223-0ca57f5e530e@yaanatech.co.uk>
Date: Sat, 4 Feb 2017 18:39:30 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.0
MIME-Version: 1.0
In-Reply-To: <0B356151-08C2-48B6-A946-2C2200756AFD@shockey.us>
Content-Type: multipart/mixed; boundary="------------2D5E846F699107DB5054DE54"
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/YiBlsMxEaO0yIbOXf30U11R_H1Y>
Subject: Re: [stir] The Canadian Regulator has issued a Notice of Consultation on robocalls spoofing STIR/SHAKEN
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: tony@yaanatech.co.uk
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Feb 2017 23:39:37 -0000

Hi Richard,

The idea is for you and others to file their comments
in the consultative proceeding rather than use mine
as a template.  :-) <please take a sigh or two>

Two things are remarkable here.

One is that the E.164 identifier system and infrastructure
exists pursuant to ITU-T standards, and that organization
has not found it necessary to adopt STIR/SHAKEN for
the PSTN infrastructure as an applicable specification.
Nor apparently has any industry operators organization
or national regulatory authority anywhere in the world
even in the face of this matter being a global problem.

The matter was, of course, raised at the 2 June 2014
workshop held at the ITU-T, and further study has been
planned for the upcoming Study Period.  See attached.
The STIR work does get included in the gap analysis
along with other competing group approaches.  It is not
clear at this point which solutions will be favoured, but
it seems very premature for any regulatory authority to be
proceeding before some stability or consensus emerges
as to appropriate solutions globally.

Two, there is nothing to prevent any provider or group of
providers today from moving ahead with STIR/SHAKEN
or anything else they choose.  Providers don't need to run
to the FCC or CRTC and get them to bless your favorite
platform that you and your colleagues have produced and
make it part of the Code of Federal Regulations or otherwise
designated as the solution in a FCC Order.

--tony

ps. Given this problem has gone on for the past two decades
a couple years more to innovate and devise better solutions
doesn't seem like a stretch - especially when it's not clear
that your favorite platform will make any significant improvement.

On 2017-02-04 4:59 PM, Richard Shockey wrote:
>
> <sigh>  I guess I need to chime in here again since I posted the 
> original message.
>