Re: [stir] current draft charter

["Peterson, Jon" <jon.peterson@neustar.biz>]

No, I didn't mean return routability as a real-time check during call
processing a la Jabber, I meant some system of proving possession of a
number as a means of enrolling into the PKI (or whatever other key
management system there may be). ViPR's technique is one example; other
examples would be things like sending an SMS to a smartphone with a link
you could click to prove possession. In the email world, you might compare
this to S/MIME credentials you receive in return for proving you control
an email address. I don't think we need to prescribe what the possible set
of enrollment mechanisms are here, just to say that there exist
alternative ways to enroll other than top-down delegation. And I don't
mean to suggest that credentials secured for this purpose would only be
useful in the out-of-band solution, either.

Just to second Henning here, faking the calling party number is a very
different matter than forcing calls for a number to be routed to a
different endpoint. Subverting VIPR required doing the latter, not the
former. This is the difference between arbitrarily populating the From
header field of SIP with "sip:jon@example.com" to pretend to be me, and
then then making it so when someone else sends a request to
sip:jon@example.com it ends up ringing your phone. One is trivial, the
other not so much. Now that much said, there were lots of lingering
question in VIPR about what happens when you're not directly connected to
the PSTN, due to SIP trunking or what have you, and how VIPR endpoints can
be assured that PSTN routing was actually invoked. This is something we'll
need to be mindful of.

Jon Peterson
Neustar, Inc.

On 6/15/13 11:56 AM, "Hadriel Kaplan" <hadriel.kaplan@oracle.com> wrote:

>
>On Jun 12, 2013, at 7:46 PM, "Peterson, Jon" <jon.peterson@neustar.biz>
>wrote:
>
>> The proposed STIR charter outlines two ways to secure identity: an
>>in-band
>> and an out-of-band approach. Discussion so far on this list has focused
>> largely on the in-band. For the out-of-band approach, we need to be able
>> to explore credentials whose authority rests on some other means than
>> delegation from on high: perhaps, like in ViPR, from probing how numbers
>> are routed and using this to prove possession of the number.
>
>If you mean check return routability, Dan Wing had a draft on a
>return-routability check:
>http://tools.ietf.org/html/draft-wing-sip-e164-rrc-01
>
>Unfortunately, legitimate caller-ids are sourced by elements/entities
>that are not necessarily the same ones used for reaching the same number
>back.  For example the call-center scenarios, or doctor cellphone
>scenario, or even Skype-out scenario.
>
>With regard to ViPR, I was under the impression ViPR's entire foundation
>for trust authority rested on the PSTN, with the original PSTN call and
>its caller-ids being part of the shared secret for later use in ViPR peer
>discovery and authentication.  If the caller-id's in the PSTN can be
>faked, ViPR would have been in very big trouble, because it would have
>enabled incorrectly finding and authenticating a malicious peer for that
>spoofed number and making all future calls back to that malicious peer
>for the number.  No? (maybe ViPR changed after I stopped following it)
>
>-hadriel
>