IETF Logo Mail Archive

Re: [stir] current draft charter - ENUM and databases

Hadriel Kaplan <hadriel.kaplan@oracle.com> Mon, 17 June 2013 17:37 UTC

Return-Path: <hadriel.kaplan@oracle.com>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C0C21F9A79 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 10:37:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.563
X-Spam-Level:
X-Spam-Status: No, score=-6.563 tagged_above=-999 required=5 tests=[AWL=0.036, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dyXv6dPKmb2T for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 10:37:43 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id DDE7121F9A6D for <stir@ietf.org>; Mon, 17 Jun 2013 10:37:43 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r5HHbXxd011579 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 17 Jun 2013 17:37:33 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5HHbZqI002684 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 17 Jun 2013 17:37:35 GMT
Received: from abhmt107.oracle.com (abhmt107.oracle.com [141.146.116.59]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r5HHbYLM020975; Mon, 17 Jun 2013 17:37:34 GMT
Received: from [10.1.21.23] (/10.5.21.23) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 17 Jun 2013 10:37:34 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: Hadriel Kaplan <hadriel.kaplan@oracle.com>
In-Reply-To: <CDE40112.214EA%jon.peterson@neustar.biz>
Date: Mon, 17 Jun 2013 13:37:32 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <7E81F8CD-8C7C-45B0-812A-FF8B056680A3@oracle.com>
References: <CDE40112.214EA%jon.peterson@neustar.biz>
To: "Peterson, Jon" <jon.peterson@neustar.biz>
X-Mailer: Apple Mail (2.1508)
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Cc: "stir@ietf.org" <stir@ietf.org>, Henning Schulzrinne <hgs@cs.columbia.edu>
Subject: Re: [stir] current draft charter - ENUM and databases
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Jun 2013 17:37:50 -0000

On Jun 17, 2013, at 3:07 AM, "Peterson, Jon" <jon.peterson@neustar.biz> wrote:

> I think the advantages below, with the exception of 4, would be true of
> any golden root we created for whatever protocol, be it HTTP or something
> else. I'm sure I could define an HTTP golden root such that the
> verification service could synthesize the proper fetch request from the
> URI in the From with an Identity-Info, one that updated in real time so
> you never needed to worry about revocation, one for which there was only
> one CA, and which you could locally cache (well, okay, 5 does conflict a
> bit with 2).

Sure, there's no debate one could replicate the DNS protocol and architecture to use HTTP as the accessing protocol instead of DNS query/response.  I have no idea why one would want to make a simple database query protocol heavier for no benefit gain, but sure it's possible. :)


> Also, all of the (snipped) concerns you raised about access control,
> middlemen, charging, etc are just as likely to arise for DNS as for any
> other proposal.

No, they're not.  For the middlemen issue, middlemen are of course also possible using a DNS approach (they already exist today), but the protocol used for the client to access the middleman would be well-specified, because it's exactly the same as that used for cases where there is no middleman: DNS.

With regards to the access control and charging, the important point is DNS would make it virtually impossible to *have* an access control and charging model for queries.  The protocol's characteristics actually make it practically impossible to do.  Country-A couldn't charge Country-B to access the calling cert info for Country-A; and Carrier-A couldn't charge Carrier-B to access the calling cert info for Carrier-A.  Instead, Country-A would incur the cost for managing their own E.164 entries in DNS, and likewise Country-B pays for Country-B's numbers; or Carrier-A would incur the cost for their E.164 numbers, and likewise Carrier-B.

I know that's a controversial position.  It means deciding, up front, that the only supportable pricing model for this thing in the grand scale would be the same as for DNS domain names: charging only for adding/managing entries in the database, not charging _other_ entities per-query of the database.  I think (but don't know) that this would actually make this thing easier to get adoption for.  At least in my simple naive view, it might help international adoption if the decisions each country makes are only technical and logistic for their own country, rather than involve money between countries.

[Note: this doesn't mean NPAC can't be used for this database in the NANP, even though NPAC is a closed model and charged for query access I think.]

-hadriel

v2.23.0 | Report a Bug | By Email