Re: [stir] [art] Thursday lunch discussion on new techniques for stopping robocalling

Jonathan Rosenberg <jdrosen@jdrosen.net> Sat, 17 March 2018 19:27 UTC

Return-Path: <jdrosen@jdrosen.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 146E712D7EA; Sat, 17 Mar 2018 12:27:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.788
X-Spam-Level:
X-Spam-Status: No, score=-1.788 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, T_DKIM_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=jdrosen.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8tOOrst9TXWR; Sat, 17 Mar 2018 12:27:17 -0700 (PDT)
Received: from ecbiz193.inmotionhosting.com (ecbiz193.inmotionhosting.com [69.174.52.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81A3A127876; Sat, 17 Mar 2018 12:27:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jdrosen.net ; s=default; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:References: In-Reply-To:MIME-Version:Sender:Reply-To:Content-Transfer-Encoding:Content-ID :Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To: Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe :List-Post:List-Owner:List-Archive; bh=p9Ihxe6dqUG6iodGatJzKOqfTT/gtetRwr5iw2Iq3gc=; b=Q2RIpqPiKoJhp7edU+9j+FATeC T0Tqpw5repoxMAB1KeqcF9uK4p8pQjIF5hfEYLAaqVdR9J/YQO4Jn1rhvBjqQ464QvOy2oPNHmpk9 nVMvFE1PhsZ/KbTl0Tzex3gl1HnSwNcxpC2np3tgvEk7XkL18GrHa4ZL5RFxw8iydZlCP5qcO+9sc hDX+KSYYhvnW7LbyGLiiYXQo80DvIgRg9w5xXtqE+htFwCQbHceEU4Wq1tv4fTLKCHHhIBQZQ3bVc gdZGfb5zZGO8lRrptAK6ZbyUSsZSl69deD5iVc+LG7jqHAtUYojOAlWjaIEMhwoQXewfruvT0fmBH K/+OHlsA==;
Received: from mail-ot0-f172.google.com ([74.125.82.172]:37045) by ecbiz193.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89_1) (envelope-from <jdrosen@jdrosen.net>) id 1exHTq-001pLU-Ov; Sat, 17 Mar 2018 15:27:16 -0400
Received: by mail-ot0-f172.google.com with SMTP id t2-v6so4385622otj.4; Sat, 17 Mar 2018 12:27:02 -0700 (PDT)
X-Gm-Message-State: AElRT7FF8Yo9hIMSrdz+JrLkdHdBTAFfLb024Ir4yM3hbkFpK4hq4Exe NCXiHQQF/aF4ItX1YpttIK3YEe0Fg/3HpxuwNL8=
X-Google-Smtp-Source: AG47ELutrb1lvs395MktD1QepTtDUxpJ9jJFx4PnCXy/ND3sd1TXR6fplxMmamGp+3NNHCFd/2uQYznPIwn32Cn+//w=
X-Received: by 2002:a9d:2f04:: with SMTP id h4-v6mr4355453otb.279.1521314822467; Sat, 17 Mar 2018 12:27:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.74.190.6 with HTTP; Sat, 17 Mar 2018 12:27:02 -0700 (PDT)
In-Reply-To: <CA+9kkMDtEhti-HTsY3K_KMU0r3ReNh5M0Xnt9XMMk9AXPfMWew@mail.gmail.com>
References: <CA+23+fFxLXt8v-TF=vyn-AptHHMJfJC14jh315z3CJF-AYGf_Q@mail.gmail.com> <CA+9kkMDtEhti-HTsY3K_KMU0r3ReNh5M0Xnt9XMMk9AXPfMWew@mail.gmail.com>
From: Jonathan Rosenberg <jdrosen@jdrosen.net>
Date: Sat, 17 Mar 2018 15:27:02 -0400
X-Gmail-Original-Message-ID: <CA+23+fGSBWiQ=XjdD2-D7DXO=WApqq8rHqAxt+cHWGrRCfsFdQ@mail.gmail.com>
Message-ID: <CA+23+fGSBWiQ=XjdD2-D7DXO=WApqq8rHqAxt+cHWGrRCfsFdQ@mail.gmail.com>
To: Ted Hardie <ted.ietf@gmail.com>
Cc: Jonathan Rosenberg <jdrosen@jdrosen.net>, Applications and Real-Time Area Discussion <art@ietf.org>, stir@ietf.org, Jennings Cullen <fluffy@cisco.com>
Content-Type: multipart/alternative; boundary="00000000000095b8c40567a0b5a2"
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ecbiz193.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jdrosen.net
X-Get-Message-Sender-Via: ecbiz193.inmotionhosting.com: authenticated_id: jdrosen+jdrosen.net/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: ecbiz193.inmotionhosting.com: jdrosen@jdrosen.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/gRoFuOhvvlN2yQnRQtTlLxvfvF8>
Subject: Re: [stir] [art] Thursday lunch discussion on new techniques for stopping robocalling
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2018 19:27:19 -0000

This is mostly to blame on getting the draft together last minute. Of
course we're familiar with that document ;) We'll get that fixed in the
next rev.

The SIPCoin doc makes reference to the technique even though it omits the
citation. draft-jennings-sip-hashcash is in the category of challenge-based
solutions described in Section 6 of the draft. The problem with these
approaches in general is that, any amount of compute that incurs an actual
useful cost, would take far too long to perform, and thus impact actual
call setup delays. Bad guys and larger players might get around this by
distributing the work across machines in parallel, but it punishes the
'normal guy', which is not what we want.

Thx,
Jonathan R.

On Sat, Mar 17, 2018 at 1:58 PM, Ted Hardie <ted.ietf@gmail.com> wrote:

> Hi Jonathan, Cullen,
>
> I was somewhat surprised that the draft did not have a direct reference to
> the SIP Hashcash work (especially since Cullen was the author of
> https://tools.ietf.org/html/draft-jennings-sip-hashcash-06).  From my
> perspective at least, it still looks to be a useful historical antecedent
> to consult, since it is a proof-of-work system (and one on which a bunch of
> later cryptocurrencies draw).  In particular, its view that this is about a
> demonstration of work rather than a payment to send may still be a valuable
> perspective.
>
> http://www.hashcash.org/ still appears to be up, by the way, for folks
> that want to see how its original use case tied into thwarting denial of
> service attacks.
>
> Ted
>
> On Sat, Mar 17, 2018 at 6:33 AM, Jonathan Rosenberg <jdrosen@jdrosen.net>
> wrote:
>
>> Folks -
>>
>> The problem of robocalling on the PSTN has only continued to increase
>> over the last few years. As with any battle this significant, we need
>> multiple tools on the table that can be used to fight it. Recently, Cullen
>> and I proposed some new ideas for techniques to work in concert with STIR -
>> notably https://tools.ietf.org/html/draft-rosenberg-stir-sipcoin-00 and
>> https://tools.ietf.org/html/draft-rosenberg-stir-callback-00.html . We'd
>> like to hold a lunch discussion to discuss these concepts and more
>> importantly, discuss other possible ideas people have on work the IETF can
>> do to increase the number of weapons in the arsenal.
>>
>> We've got a room booked on Thursday lunch, room Hilton Meeting Rooms 1-4.
>> Anyone who'd like to discuss is welcome to join.
>>
>> Thx,
>> Jonathan R.
>>
>>
>> --
>> Jonathan Rosenberg, Ph.D.
>> jdrosen@jdrosen.net
>> http://www.jdrosen.net
>>
>> _______________________________________________
>> art mailing list
>> art@ietf.org
>> https://www.ietf.org/mailman/listinfo/art
>>
>>
>


-- 
Jonathan Rosenberg, Ph.D.
jdrosen@jdrosen.net
http://www.jdrosen.net