Re: [stir] OOB for Service Providers
Jonathan Rosenberg <jdrosen@jdrosen.net> Sat, 14 March 2020 18:36 UTC
Return-Path: <jdrosen@jdrosen.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4B923A0970 for <stir@ietfa.amsl.com>; Sat, 14 Mar 2020 11:36:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.696
X-Spam-Level:
X-Spam-Status: No, score=-1.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=jdrosen.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r4hEK_KtPvHo for <stir@ietfa.amsl.com>; Sat, 14 Mar 2020 11:36:56 -0700 (PDT)
Received: from se6c-iad1.servconfig.com (se6c-iad1.servconfig.com [173.231.241.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 370033A0973 for <stir@ietf.org>; Sat, 14 Mar 2020 11:36:56 -0700 (PDT)
Received: from ecbiz261.inmotionhosting.com ([173.231.209.30]) by se6-iad1.servconfig.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jdrosen@jdrosen.net>) id 1jDBeV-0008Mr-Nv for stir@ietf.org; Sat, 14 Mar 2020 14:36:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=jdrosen.net ; s=default; h=Content-Type:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=0fw4NCf4TiiWjOVLp7xZ25eEFD+YiW5Eol6z8rQXVng=; b=KdnYiVlCIhd2NWXGda5o2xza48 zOZsz8A/tgHk2w3m+pgbGRrKUkKGoEYhylgY0lfjZ8mKuIm/hmuLPn+nFgQ5FrK5Vm4DnR5bOiAnm mBUCZ6EUjeH68QjbQ1+ogDscHNnBctJVwNdFYRKfriSUc9leQOYZY8xiOceSyR5EaZzXMB8jiowv3 iU8+/w+4p66yx28FR4P4+nSl2QVorCJFIzlQ+o1m2nVk1Vqf00BQn9Pxh3qJFJOOIpo/CP+w0tSa5 vR7UOPo6UJbCcRQKpN1HAlsYuyU5G3tskPrZDyoO+AW6dyc47z/1GICwaOq8P2iEM1zDpqEwX8wSt p/US9Ysg==;
Received: from mail-il1-f177.google.com ([209.85.166.177]:43208) by ecbiz261.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <jdrosen@jdrosen.net>) id 1jDBeQ-006zII-2f for stir@ietf.org; Sat, 14 Mar 2020 14:36:51 -0400
Received: by mail-il1-f177.google.com with SMTP id d14so11811179ilq.10 for <stir@ietf.org>; Sat, 14 Mar 2020 11:36:45 -0700 (PDT)
X-Gm-Message-State: ANhLgQ1PsuiGVikPae2Mh6a34biGHidmbrx9YpkGJo7XMeAAxPBfRT3+ b0WlPOmyM2JMy722wxHejF1vh/aL9/mBPHzp04o=
X-Google-Smtp-Source: ADFU+vs8+FGOBGXYenkyQGjk8wKnLekVel9hHqEoFGMTyuO9Xn5MLnxY/RJVpTBrhQGufbl7sT/qN7ZjoeXXYJDEwG4=
X-Received: by 2002:a92:8901:: with SMTP id n1mr21119624ild.176.1584211005115; Sat, 14 Mar 2020 11:36:45 -0700 (PDT)
MIME-Version: 1.0
References: <9B2AD795-CC46-44E4-A19D-2F708D217F2B@team.neustar>
In-Reply-To: <9B2AD795-CC46-44E4-A19D-2F708D217F2B@team.neustar>
From: Jonathan Rosenberg <jdrosen@jdrosen.net>
Date: Sat, 14 Mar 2020 14:36:32 -0400
X-Gmail-Original-Message-ID: <CA+23+fGutMD9QPCnbHVqsuShYgK9GxGV0PJ_GERuoNzAXM9XuQ@mail.gmail.com>
Message-ID: <CA+23+fGutMD9QPCnbHVqsuShYgK9GxGV0PJ_GERuoNzAXM9XuQ@mail.gmail.com>
To: "Peterson, Jon" <jon.peterson=40team.neustar@dmarc.ietf.org>
Cc: "stir@ietf.org" <stir@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000035919e05a0d4def1"
X-OutGoing-Spam-Status: No, score=-1.0
X-Get-Message-Sender-Via: ecbiz261.inmotionhosting.com: authenticated_id: jdrosen+jdrosen.net/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: ecbiz261.inmotionhosting.com: jdrosen@jdrosen.net
X-Originating-IP: 173.231.209.30
X-SpamExperts-Domain: ecbiz261.inmotionhosting.com
X-SpamExperts-Username: 173.231.209.30
Authentication-Results: servconfig.com; auth=pass smtp.auth=173.231.209.30@ecbiz261.inmotionhosting.com
X-SpamExperts-Outgoing-Class: ham
X-SpamExperts-Outgoing-Evidence: Combined (0.15)
X-Recommended-Action: accept
X-Filter-ID: Mvzo4OR0dZXEDF/gcnlw0c21/ZGerkmA2qMAhBYlqympSDasLI4SayDByyq9LIhVUZbR67CQ7/vm /hHDJU4RXkTNWdUk1Ol2OGx3IfrIJKywOmJyM1qr8uRnWBrbSAGD+8X2eAtGOeP0Z7XEw4vpH7gN zB/4Jkrw1eDLcif59ftX7yAO5HJbtIGtvB0jn902U7Tmz6iKnkQL9gqsxD3470fA0YZc+xfvG2CI OS28wWHeCraMRz3Zpm2/+WRGLAvPncd7d6Ar9jEsdmNrs5/Gbxj2kWcgFkzwV7Nl568bmN4W2zYz ltcgI/QO165UBzUizjHMm350tqBAfs9JUvo50yurnAgqfnDGmn2ukOhFDOP7XboatnmCadTOrkIb f975kHhEyM2tiEp+XRIAUc3UzkQMF99VlWOZVo1sbhkkbsVl3+TTaFqscM0+2EG9m6t7g8oiq9mz mwrbQbTulSg7juWBOXp8nHKe0R+FkIqN7hnDD6pB70LlwpsXkY1htC/fMczzN5mQ043Do45hhrwg 0REuqNMl4E+tMKMsv/A3u4xFRxF9LSHNsZFl22lrRRn/H0knlMgOQTVp+x1fo2EPm7RRpkhz2DzV 8AC0M8MF4CC9sRHACTuZNt6O+6N43izpL6NxQ4PDJC/JHQTyMRNXZg246snhpY0AHiBL6U5bHxyX Hjy/idBqr16QNZ5QSTQwlY0VFLSbFIu/G7s944hVWtALcfLsSdDQjx3YJQ9wjpnrNu10mK3aP+o3 gGmuv7WWvtfniS8/4KPPwSGgkUdVR/vbMh99te2yAVHGkzn6RH+00eEOoN5ztMs42zuX4to82iHy BlFtRlMhMEPKXNhDPOPXdRjeeYOc4D1auWIFhSGnX5LVqRcupC/dtsVV9Bnvw6nIoDr0sXUZ7YZo Z/GZ+ok0RXCB5AzwbZ4SU5vHHMnt266BaCapkcEMMfcyb/+DDU6PNRkfow1xbM/2UJ2205F25Uiz 2aftYPu4QNsCeeBBRp9gx5laPNWqTz/BnPe8gEEc+Eql4Tj+X3YkLe5buZsVjy9XzROwHfhT0TBj IpnIsBWmQxKby4FdfisOZlTfMS+4ayUpOtEhdxekWDmK9g==
X-Report-Abuse-To: spam@se1-lax1.servconfig.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/sybri8Gdrvl0KlJ0IlY-or4QfFs>
Subject: Re: [stir] OOB for Service Providers
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Mar 2020 18:36:58 -0000
Thanks Jon - very interesting concept. In order for this to work, a call originator needs to figure out which carrier's CPS to send the passport to, for a given dialed number. The draft proposes that this info can be obtained from the TNAuthList in the carriers certificate used to sign the cps advertisement. This presumes that terminating carriers are willing to actually enumerate the set of TNs they own in a certificate, and make this available to enterprises, contact centers or other entities which are going to place calls to those numbers. I think the jury is still out on whether these certs will end up containing actual numbers and prefixes, as opposed to OCNs. Classic inbound STIR and OOB can work without number lists, whereas this draft requires the TN list in order to facilitate routing (i.e., identifying the terminating cps). So - I think the key question is whether this routing is going to be feasible in practice or not. Thx, Jonathan R. On Fri, Mar 13, 2020 at 5:04 PM Peterson, Jon <jon.peterson= 40team.neustar@dmarc.ietf.org> wrote: > So we'll all be sad not to meet in Vancouver this time, but given that > we're scheduling a virtual meeting, I did want to give a pointer to a new > draft: > > https://tools.ietf.org/html/draft-peterson-stir-servprovider-oob-00 > > This draft works toward a more concrete protocol implementation of > out-of-band STIR, for the case where a service provider (could be a > carrier, large enterprise, or an OTT service) advertises a CPS that > collects PASSporTs for calls that would terminate on its network. Because > it is tightly coupled to the terminating side of the call, this flavor of > CPS has a different security posture than a public CPS that is necessarily > decoupled from call signaling entirely. > > I know there is some talk out there about "OOB SHAKEN" these days, and to > be clear, this is not an "OOB SHAKEN" draft - this looks at general tools > that might ultimately support efforts to deliver SHAKEN out-of-band, but it > does not limit its consideration of the problem space to the way that > SHAKEN currently handles certification and signing. The plan is to deliver > a mechanism that is applicable to a variety of potential policies in that > regard. > > If folks here are interested in working on this, let's discuss it a bit, > and maybe find some agenda time for it. > > Jon Peterson > Neustar, Inc. > > _______________________________________________ > stir mailing list > stir@ietf.org > https://www.ietf.org/mailman/listinfo/stir > -- Jonathan Rosenberg, Ph.D. jdrosen@jdrosen.net http://www.jdrosen.net
- [stir] OOB for Service Providers Peterson, Jon
- Re: [stir] OOB for Service Providers Jonathan Rosenberg
- Re: [stir] OOB for Service Providers Richard Shockey
- Re: [stir] OOB for Service Providers Gorman, Pierce A [CTO]
- Re: [stir] OOB for Service Providers Peterson, Jon
- Re: [stir] OOB for Service Providers Peterson, Jon