Hi Sylvain,

On Tue, Oct 26, 2010 at 08:59:27PM +0200, Sylvain Munaut wrote:
> > 1) Issue our own SIM cards to permit Authentication + Encryption.  This is
> >   the perfect way how we can have a A5/1 based network that people can use
> >   to play with airprobe + Kraken - without violating any laws.
> I was planning to enhance pySim to allow more batch programming and
> support for pc/sc reader (so you just have to insert, wait, remove,
> insert, wait, ...).
> I will probably do that soon, after DeepSec.

ok, great. looking forward to it.

> Should :
>  - Personal SIM with IMSI/KI/algo specified

I think the number of people who have that is very limited.  So sure, we
can do that manually if somebody wants to.

>  - Personal/official SIM with just known IMSI
> be allowed as well ?

I don't think we should do it, or at least not publicly advertise it.
It just creates extra effort, and we want to ensure we can enable many
people to test the network without creating a lot of per-user work for us.

> > 4) Consider putting all BTS in the same location area
> I didn't see the logs / analysis from last year, but :
>  - Was the 'location' feature really exploited for something ?

no, it's just nice to see and for debugging.  And you can see

>  - Was paging a limit ? (if all are in the same area, the number of
> paging request would triple I guess).

No, paging is never a limit... there are so many paging slots and so few
calls or SMSs

>  - What was the usage of sdcch/8 / TCH ?

I don't really have statistics for it, but TCH use was relatively low... I
think people are more interested in reliable SMS.

> Would TCH/H with AMR be useful ?  (i.e. was tch a limit ?)

No, TCH was no limit.

AMR/HR would be useful, but I don't want to use it as we only have it in
OsmoBSC mode so far and no code for codec negotiation in our call control
engine.  Also, AMR/HR is incompatible with dynamic PDCH allocation, which

> > 6) User registration
> >
> >   So we sell SIM cards with a pre-programmed IMSI + Ki, but how do we
> >   enable users to assign a phone number to them?  Ideally I would want
> >   them to simply register a phone number at the eventphone.de GURU
> >   web interface ahead of the event.  But how do we match the IMSI and
> >   the phone number?  Ask users to simply state the phone number they
> >   registered?  How do we get some kind of authentication?
> Well, I guess SMS is the easier.

Ah, indeed.  So we simply allow all IMSIs that we have issued on our network
but send them a SMS with some token that they can use to associate that IMSI
with their account on GURU?

> What kind of control can you have on the eventphone.de interface ?

We have to discuss it with them...  I think now we still might have time
for that.

> Each SIM has a 'default' number, and if they want to instead use a number they
> pre-registred, have them text a 'token' (long enough not to guess a
> valid one, but not too long as to be annoying).
> That token is just displayed on eventphone.de when they register a
> number as 'GSM' without an IMSI.

ok, the other way around.  The token is a unique value that they have to SMS to
OpenBSC... great idea.  I like it that way.

> Other option is IMEI. They put the IMEI on evenphone.de and when we
> get a registration we know who to link.

too cumbersome for most users from my experience.

- Harald Welte <lafo...@gnumonks.org>           http://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
                                                  (ETSI EN 300 175-7 Ch. A6)

Attachment: signature.asc
Description: Digital signature

Reply via email to