IETF Logo Mail Archive

Re: [stir] current draft charter

Henning Schulzrinne <hgs@cs.columbia.edu> Sun, 16 June 2013 21:54 UTC

Return-Path: <hgs@cs.columbia.edu>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8807421F9D27 for <stir@ietfa.amsl.com>; Sun, 16 Jun 2013 14:54:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.466
X-Spam-Level:
X-Spam-Status: No, score=-6.466 tagged_above=-999 required=5 tests=[AWL=0.133, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UKfRhfPtKpk2 for <stir@ietfa.amsl.com>; Sun, 16 Jun 2013 14:54:33 -0700 (PDT)
Received: from rambutan.cc.columbia.edu (rambutan.cc.columbia.edu [128.59.29.5]) by ietfa.amsl.com (Postfix) with ESMTP id 832DE21F9D1C for <stir@ietf.org>; Sun, 16 Jun 2013 14:54:32 -0700 (PDT)
Received: from [10.0.1.2] (c-98-204-176-168.hsd1.va.comcast.net [98.204.176.168]) (user=hgs10 mech=PLAIN bits=0) by rambutan.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id r5GLsUCZ002726 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Sun, 16 Jun 2013 17:54:31 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="us-ascii"
From: Henning Schulzrinne <hgs@cs.columbia.edu>
In-Reply-To: <A0BB9975-24DD-4673-B5D0-8B3C206FE231@oracle.com>
Date: Sun, 16 Jun 2013 17:54:30 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <CFF943A3-B048-4C46-BCBC-A4B2A760FC9D@cs.columbia.edu>
References: <CDDE4B77.1F6F8%jon.peterson@neustar.biz> <A0BB9975-24DD-4673-B5D0-8B3C206FE231@oracle.com>
To: Hadriel Kaplan <hadriel.kaplan@oracle.com>
X-Mailer: Apple Mail (2.1283)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.5
Cc: stir@ietf.org
Subject: Re: [stir] current draft charter
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/stir>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Jun 2013 21:54:37 -0000

While you can spoof the caller ID, you (generally) cannot spoof the calls that reach you, unless you can get the real number holder to redirect calls to you.

According to a brief discussion at the FTC robocalling workshop [http://www.ftc.gov/bcp/workshops/robocalls/], the latter is actually not too far-fetched, particularly since many such redirection settings are now just web configurations or are done via apps on a cell phone. Thus, you don't have to compromise the carrier infrastructure to redirect calls, just an end user. Probably not a major threat yet for a call center or large-business number at the moment, but possibly for an individual or small business.

> With regard to ViPR, I was under the impression ViPR's entire foundation for trust authority rested on the PSTN, with the original PSTN call and its caller-ids being part of the shared secret for later use in ViPR peer discovery and authentication.  If the caller-id's in the PSTN can be faked, ViPR would have been in very big trouble, because it would have enabled incorrectly finding and authenticating a malicious peer for that spoofed number and making all future calls back to that malicious peer for the number.  No? (maybe ViPR changed after I stopped following it)
> 
> -hadriel
> 
> _______________________________________________
> stir mailing list
> stir@ietf.org
> https://www.ietf.org/mailman/listinfo/stir
>

v2.23.0 | Report a Bug | By Email