IETF Logo Mail Archive

Re: [stir] current draft charter - ENUM and databases

Henning Schulzrinne <hgs@cs.columbia.edu> Tue, 18 June 2013 01:57 UTC

Return-Path: <hgs@cs.columbia.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9037721E8053 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 18:57:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.48
X-Spam-Level:
X-Spam-Status: No, score=-6.48 tagged_above=-999 required=5 tests=[AWL=0.119, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edg2VS-rqAn2 for <stir@ietfa.amsl.com>; Mon, 17 Jun 2013 18:56:58 -0700 (PDT)
Received: from rambutan.cc.columbia.edu (rambutan.cc.columbia.edu [128.59.29.5]) by ietfa.amsl.com (Postfix) with ESMTP id ABE4A21E8050 for <stir@ietf.org>; Mon, 17 Jun 2013 18:56:58 -0700 (PDT)
Received: from [10.0.1.2] (c-98-204-176-168.hsd1.va.comcast.net [98.204.176.168]) (user=hgs10 mech=PLAIN bits=0) by rambutan.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id r5I1utKW015735 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Mon, 17 Jun 2013 21:56:56 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Henning Schulzrinne <hgs@cs.columbia.edu>
In-Reply-To: <CDE4A7AC.21C25%jon.peterson@neustar.biz>
Date: Mon, 17 Jun 2013 21:56:55 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <D39EAE3B-A2FE-45E7-9261-B31F7F25EDD2@cs.columbia.edu>
References: <CDE4A7AC.21C25%jon.peterson@neustar.biz>
To: "Peterson, Jon" <jon.peterson@neustar.biz>
X-Mailer: Apple Mail (2.1283)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.5
Cc: "stir@ietf.org" <stir@ietf.org>, Hadriel Kaplan <hadriel.kaplan@oracle.com>
Subject: Re: [stir] current draft charter - ENUM and databases
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2013 01:57:03 -0000

For number assignment, we currently have an industry-cooperative model (NANC, North American Numbering Council) that ensures that the system is run reasonably efficiently and for the benefit of the industry participants. Clearly, this isn't the only model, but I suspect there are existing arrangements that can be extended. (Also, since the large carriers are likely to both originate and validate a huge fraction of the legitimate calls, there are built-in incentives for reasonable behavior. For other behaviors, there is always 47 USC 201(b).)

On Jun 17, 2013, at 2:58 PM, Peterson, Jon wrote:

> 
> I agree it would be great to find a technical approach to this that
> simplified business relationships, but I don't think we can depend on
> technical standards to restrain policy. That would be like stipulating
> that intermediaries can't change RFC3261 request bodies in order to - but
> never mind. It is ingenious to turn the inability to authenticate queries
> to the DNS into a virtue in this regard, but I'm still not sure I
> understand how this model would really prevent middlemen from charging if
> they wanted to, short of recreating e164.arpa as some comparable public
> golden root. Without it, there will always be ways that nation-states
> could restrict access to queries from outside their borders, say, unless
> they go through this for-pay VPN or what have you.
> 
> Jon Peterson
> Neustar, Inc.
> 
> On 6/17/13 10:37 AM, "Hadriel Kaplan" <hadriel.kaplan@oracle.com> wrote:
> 
>> 
>> On Jun 17, 2013, at 3:07 AM, "Peterson, Jon" <jon.peterson@neustar.biz>
>> wrote:
>> 
>>> I think the advantages below, with the exception of 4, would be true of
>>> any golden root we created for whatever protocol, be it HTTP or
>>> something
>>> else. I'm sure I could define an HTTP golden root such that the
>>> verification service could synthesize the proper fetch request from the
>>> URI in the From with an Identity-Info, one that updated in real time so
>>> you never needed to worry about revocation, one for which there was only
>>> one CA, and which you could locally cache (well, okay, 5 does conflict a
>>> bit with 2).
>> 
>> Sure, there's no debate one could replicate the DNS protocol and
>> architecture to use HTTP as the accessing protocol instead of DNS
>> query/response.  I have no idea why one would want to make a simple
>> database query protocol heavier for no benefit gain, but sure it's
>> possible. :)
>> 
>> 
>>> Also, all of the (snipped) concerns you raised about access control,
>>> middlemen, charging, etc are just as likely to arise for DNS as for any
>>> other proposal.
>> 
>> No, they're not.  For the middlemen issue, middlemen are of course also
>> possible using a DNS approach (they already exist today), but the
>> protocol used for the client to access the middleman would be
>> well-specified, because it's exactly the same as that used for cases
>> where there is no middleman: DNS.
>> 
>> With regards to the access control and charging, the important point is
>> DNS would make it virtually impossible to *have* an access control and
>> charging model for queries.  The protocol's characteristics actually make
>> it practically impossible to do.  Country-A couldn't charge Country-B to
>> access the calling cert info for Country-A; and Carrier-A couldn't charge
>> Carrier-B to access the calling cert info for Carrier-A.  Instead,
>> Country-A would incur the cost for managing their own E.164 entries in
>> DNS, and likewise Country-B pays for Country-B's numbers; or Carrier-A
>> would incur the cost for their E.164 numbers, and likewise Carrier-B.
>> 
>> I know that's a controversial position.  It means deciding, up front,
>> that the only supportable pricing model for this thing in the grand scale
>> would be the same as for DNS domain names: charging only for
>> adding/managing entries in the database, not charging _other_ entities
>> per-query of the database.  I think (but don't know) that this would
>> actually make this thing easier to get adoption for.  At least in my
>> simple naive view, it might help international adoption if the decisions
>> each country makes are only technical and logistic for their own country,
>> rather than involve money between countries.
>> 
>> [Note: this doesn't mean NPAC can't be used for this database in the
>> NANP, even though NPAC is a closed model and charged for query access I
>> think.]
>> 
>> -hadriel
>> 
> 
>

v2.23.0 | Report a Bug | By Email