Re: [dispatch] VIPR - proposed charter version 3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Richard Shockey wrote:
Paul of course I've read them, though the PVP document is uniquely dense and
gave me a headache. Security by ID Obscurity.
My assertion still stands. In the absence of any linkage in the PVP to the
E164 numbering authorities and or databases any assertion about verification
and validation of a E.164 is in essence self validation. The charter does
NOT state that. My point is the proposed charter is badly written and
implies a trust model that does not exist.

You make a phone call if it answers and you hopefully get a caller ID that
hasn't been spoofed then maybe you are OK and maybe you hope the TTL is set
to some interval that doesn't cause number hijacking. But gee what happens
when the number is disconnected from the PSTN? Hummmm

The use of the term validation and or verification here implies
authentication and my assertion is that any authentication of the
responsible domain for a E.164 number outside of the PSTN service provider
or national numbering authority is not possible under the current regulatory
circumstances.  Consequently the charter implies an ability to develop a
solution which we all know is impossible.

Perhaps better terms can be found and used.

But the end effect is that the destination you reach using ViPR has the same assuredness of being who you thought it would be as an actual PSTN call has.

For the most part, that is a level of assurance that many people are comfortable with, even if we know that is not as reliable as most people think it is. And regardless of whether it is as good as people would like, it is as good as can be had in most cases with the current state of the art.

	Thanks,
	Paul
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]