IETF Logo Mail Archive

Re: [stir] Do we agree on the basics?

"Rosen, Brian" <Brian.Rosen@neustar.biz> Wed, 19 June 2013 14:47 UTC

Return-Path: <brian.rosen@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 934B421F9C45 for <stir@ietfa.amsl.com>; Wed, 19 Jun 2013 07:47:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.48
X-Spam-Level:
X-Spam-Status: No, score=-6.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wRWSqd5zraKx for <stir@ietfa.amsl.com>; Wed, 19 Jun 2013 07:47:53 -0700 (PDT)
Received: from neustar.com (mx1.neustar.com [156.154.17.104]) by ietfa.amsl.com (Postfix) with ESMTP id 7631021F9BC4 for <stir@ietf.org>; Wed, 19 Jun 2013 07:47:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=neustar.biz; s=neustarbiz; t=1371653445; x=1687010423; q=dns/txt; h=From:Subject:Date:Message-ID:Content-Language: Content-Type:Content-ID:Content-Transfer-Encoding; bh=c9o8gwC7zt /oBktWRWHNyVaLwekH2SniG8TLEj/HA+s=; b=LvFS/nJjGdFNxXJq62Mqk1cvIF s8QV0wEOswEjSF1hTGCvGU8Cl2CnmfJEYAwS+Kga3v54JsBVVWiv5w3DW/WQ==
Received: from ([10.31.58.71]) by stihiron2.va.neustar.com with ESMTP with TLS id J041124103.25363441; Wed, 19 Jun 2013 10:50:43 -0400
Received: from stntexmb12.cis.neustar.com ([169.254.2.76]) by stntexhc12.cis.neustar.com ([::1]) with mapi id 14.02.0342.003; Wed, 19 Jun 2013 10:47:42 -0400
From: "Rosen, Brian" <Brian.Rosen@neustar.biz>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>
Thread-Topic: [stir] Do we agree on the basics?
Thread-Index: AQHObPQxu1Sr6VHjzkyC0cy9zCtHMpk9WfWAgAAHFoA=
Date: Wed, 19 Jun 2013 14:47:42 +0000
Message-ID: <9301A30B-C390-4B99-8F5A-B9F17819575A@neustar.biz>
References: <E0968C2A-D69B-4AFF-A7DD-0C7DDA614FB9@neustar.biz> <51C1BE9B.4090807@dcrocker.net>
In-Reply-To: <51C1BE9B.4090807@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.33.193.17]
x-ems-proccessed: R64IxjzeHPwwd+efoj3ZcA==
x-ems-stamp: tAaioYsPgS7XzCw1pR1pUw==
Content-Type: text/plain; charset="us-ascii"
Content-ID: <E0492149939D0F43845052793782091F@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "stir@ietf.org" <stir@ietf.org>
Subject: Re: [stir] Do we agree on the basics?
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Jun 2013 14:47:57 -0000

Inline
On Jun 19, 2013, at 10:22 AM, Dave Crocker <dhc@dcrocker.net> wrote:

> On 6/19/2013 6:52 AM, Rosen, Brian wrote:
>> 5. We think we need two MECHANISMS, an in-band mechanism that has the
>> originating device or service provider signing information and
>> carries the signature in the signaling.  The other is some out of
>> band mechanism that involves some new database or service that gets
>> written by the originating device or service provider and checked by
>> some downstream entity.  The latter mechanism is needed to allow the
>> identity to be assured even if the information or signature from the
>> in band mechanism is lost (such as when the call goes through an SS7
>> hop).
> 
> 
> Good list.
> 
> I'd like us to explore #5 carefully.  Although it carries the usual appeal of flexibility. However beyon that intuitive appeal, it dramatically increases complexity and its viable usage is not at all obvious.  The motivating rationale in the last sentence sounds great, but that doesn't mean it's viable.
> 
> Some examples of questions that such an approach needs to answer:
> 
> 1. What does it do to overall design and operations complexity and cost?
Two mechanisms, got to be at least twice the cost

> 
> 2. What is a realistic estimate of the likelihood of major benefit; in other words, why should we believe it will help enough to warrant the added costs?
Because we want to solve the problem now, where essentially all calls go through an SS7 link.

> 
> 3. What are the added adoption barriers?
That depends on the solution.  There are several of them, for sure.

> 
> 4. What are the early-stage costs, such as when almost no one has it implemented?
> 
>   For example, the stated use is when the call request arrives without the signature information; this will look exactly the same as a call from a system that did not add the signature.  Initially the latter will be far, far more common than the former.  Almost no one will be signing.  Hence, the querying agent is going to be making unsuccessful alternative checks essentially every time.  Failure rates at that level discourage adoption.
For one thing the same is true for the in band mechanism.

Sure, there is a cost for the out of band mechanism.
It's mostly fixed cost, but there are always transaction volume related costs.  

Actually, some of us are worried that the problem of the out of band mechanism is that by the time we've deployed it, and sunk most of the cost, the problem goes away.  Others think that there will always be some barriers and the out of band mechanism has value for a very long time.

The costs are mostly the database itself, and the implementation in wherever it is done.  In EKR's idea, it's at the ends (device or services).  In the alternate idea I just described, it's in the gateways (or near them, a B2BUA could do it).

> 
> d/
> 
> -- 
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir

v2.23.0 | Report a Bug | By Email