On 11 Jul 2019, at 3:23 PM, Michael Thomas wrote:
>
> I used to think that email spam was a law enforcement problem too, but it's
> become very clear that law enforcement has little to no interest in solving
> geeks' problems.
Law enforcement deals with legal entities (persons, organizations)
On 7/18/19 3:15 PM, Jay R. Ashworth wrote:
- Original Message -
From: "Michael Thomas"
On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
Yes, of course we sent out calls with "spoofed" CNID.
But, even though only 2 or 3 or our 5 carriers* held *our* feet to the fire,
we held the clients'
- Original Message -
> From: "Michael Thomas"
> On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
>> Yes, of course we sent out calls with "spoofed" CNID.
>>
>> But, even though only 2 or 3 or our 5 carriers* held *our* feet to the fire,
>> we held the clients' feet to the fire, requiring them
On Tue, Jul 16, 2019 at 6:28 PM Dan Hollis wrote:
>
> On Tue, 16 Jul 2019, Michael Thomas wrote:
> > But right you are, it's ultimately the carrier who needs to care about this
> > problem at or nothing gets better.
>
> either the carrier starts dealing with it or legislation will come down to
>
On Tue, 16 Jul 2019, Michael Thomas wrote:
But right you are, it's ultimately the carrier who needs to care about this
problem at or nothing gets better.
either the carrier starts dealing with it or legislation will come down to
force the issue.
-Dan
On 7/15/19 12:07 PM, Jay R. Ashworth wrote:
- Original Message -
From: "Christopher Morrow"
On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins wrote:
Chris it would be trivial for this to be fixed, nearly overnight, by
creating some liability on the part of carriers for illicit use of
- Original Message -
> From: "Christopher Morrow"
> On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins wrote:
>>
>> Chris it would be trivial for this to be fixed, nearly overnight, by
>> creating some liability on the part of carriers for illicit use of
>> caller ID data on behalf of their
Chairman Pai issues statement at the conclusion of the SHAKEN/STIR
robocall summit.
https://docs.fcc.gov/public/attachments/DOC-358430A1.pdf
WASHINGTON, July 11, 2019—Federal Communications Commission Chairman Ajit
Pai issued the following statement on today’s SHAKEN/STIR Robocall Summit
at
Not really. For reasons already cited by Keith Medcalf in an offshoot of
the thread, and because the real world implication of that liability
transfer would be telecom carriers undertaking risk management and
looking at their products and pricing and deciding whether certain
customers should
--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a
lot about anticipated traffic volume.
On Thursday, 11 July, 2019 13:03, Peter Beckman wrote:
>On Thu, 11 Jul 2019, Keith Medcalf wrote:
>> On Thursday, 11 July, 2019 12:38, Ross Tajvar
>wrote:
>>
>>> What
On 7/11/19 12:05 PM, Christopher Morrow wrote:
On Thu, Jul 11, 2019 at 3:04 PM Peter Beckman wrote:
"with the intent to defraud, cause harm, or wrongfully obtain anything of
value"
Kind of a huge hole that, unless you record all calls which opens other
liability, is hard to prove.
I'm not
On Thu, Jul 11, 2019 at 3:04 PM Peter Beckman wrote:
>
> "with the intent to defraud, cause harm, or wrongfully obtain anything of
> value"
>
> Kind of a huge hole that, unless you record all calls which opens other
> liability, is hard to prove.
>
I'm not sure that the cited code works for this
On 7/11/19 12:03 PM, Christopher Morrow wrote:
On Thu, Jul 11, 2019 at 2:35 PM Michael Thomas wrote:
So I have a meta-question about all of this. Why in 2019 are we still
using telephone numbers as the primary identifier? It's a pretty sip-py
world these days, even on mobile phones with wifi
"with the intent to defraud, cause harm, or wrongfully obtain anything of
value"
Kind of a huge hole that, unless you record all calls which opens other
liability, is hard to prove.
Beckman
On Thu, 11 Jul 2019, Paul Timmins wrote:
Pretty simply - Sending caller ID to commit fraud. It's
On Thu, Jul 11, 2019 at 2:35 PM Michael Thomas wrote:
>
> So I have a meta-question about all of this. Why in 2019 are we still
> using telephone numbers as the primary identifier? It's a pretty sip-py
> world these days, even on mobile phones with wifi calling, I assume. It
> seems like this
On Thu, 11 Jul 2019, Keith Medcalf wrote:
On Thursday, 11 July, 2019 12:38, Ross Tajvar wrote:
What if you use different carriers for termination and origination?
How does your termination carrier validate that your origination
carrier has allocated certain numbers to you and that you're
On Thu, Jul 11, 2019 at 2:31 PM Keith Medcalf wrote:
>
>
> On Thursday, 11 July, 2019 11:18, Christopher Morrow
> wrote:
>
> >On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins wrote:
>
> >> Chris it would be trivial for this to be fixed, nearly overnight,
> >> by creating some liability on the
a Stairway to Heaven says a
lot about anticipated traffic volume.
>-Original Message-
>From: Ross Tajvar [mailto:r...@tajvar.io]
>Sent: Thursday, 11 July, 2019 12:54
>To: Keith Medcalf
>Cc: Christopher Morrow; North American Network Operators' Group
>Subject: Re: SHAKEN/ST
Pretty simply - Sending caller ID to commit fraud. It's literally
already illegal. The legislature has already defined it for us, even.
47 USC 227
https://www.law.cornell.edu/uscode/text/47/227
(B)
to initiate any telephone call to any residential telephone line using
an artificial or
On Thu, 11 Jul 2019, Ross Tajvar wrote:
What if you use different carriers for termination and origination? How
does your termination carrier validate that your origination carrier has
allocated certain numbers to you and that you're therefore allowed to make
outbound calls with a caller ID set
Well yeah, people need to take responsibility, but IMO we as engineers need
to discuss the specific circumstances and methodologies that enable that to
happen. It's easy to say "they should fix it", and you're not wrong that
they should, but how? Do you have a validation framework in mind which
On Thursday, 11 July, 2019 12:38, Ross Tajvar wrote:
>What if you use different carriers for termination and origination?
>How does your termination carrier validate that your origination
>carrier has allocated certain numbers to you and that you're
>therefore allowed to make outbound calls
What if you use different carriers for termination and origination? How
does your termination carrier validate that your origination carrier has
allocated certain numbers to you and that you're therefore allowed to make
outbound calls with a caller ID set to those numbers? That doesn't sound to
me
So I have a meta-question about all of this. Why in 2019 are we still
using telephone numbers as the primary identifier? It's a pretty sip-py
world these days, even on mobile phones with wifi calling, I assume. It
seems like this problem would be more tractable if callerid was a last
resort
On Thursday, 11 July, 2019 11:18, Christopher Morrow
wrote:
>On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins wrote:
>> Chris it would be trivial for this to be fixed, nearly overnight,
>> by creating some liability on the part of carriers for illicit use of
>> caller ID data on behalf of
On Thu, Jul 11, 2019 at 12:00 PM Paul Timmins wrote:
>
> Chris it would be trivial for this to be fixed, nearly overnight, by
> creating some liability on the part of carriers for illicit use of
> caller ID data on behalf of their customers.
'illicit use of caller id' - how is caller-id being
On Thu, 2019-07-11 at 11:59 -0400, Paul Timmins wrote:
> Chris it would be trivial for this to be fixed, nearly overnight, by
> creating some liability on the part of carriers for illicit use of
> caller ID data on behalf of their customers.
This 1000%. Once legal liability is in place, the
Chris it would be trivial for this to be fixed, nearly overnight, by
creating some liability on the part of carriers for illicit use of
caller ID data on behalf of their customers.
But the carriers don't want that, so now we have to create tons of
technical half solutions to solve a problem
way to Hell but only a Stairway to Heaven says a
lot about anticipated traffic volume.
>-Original Message-
>From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Christopher
>Morrow
>Sent: Wednesday, 10 July, 2019 22:10
>To: Sean Donelan
>Cc: nanog list
>Subject: Re: S
On Wed, Jul 10, 2019 at 11:56 PM Sean Donelan wrote:
>
> On Tue, 9 Jul 2019, Sean Donelan wrote:
> > The agenda looks like lots of happy, happy talk from industry
> > representatives.
>
> In advance of the SHAKEN/STIR robocall summit, AT has issued a press
> release announcing plans to
On Tue, 9 Jul 2019, Sean Donelan wrote:
The agenda looks like lots of happy, happy talk from industry
representatives.
In advance of the SHAKEN/STIR robocall summit, AT has issued a press
release announcing plans to automatically block robocalls for its
customers.
On Mon, 8 Jul 2019, Keith Medcalf wrote:
The solution is to disallow spoofing. If the "pretty overlay
information" does not equal the "billing information" then do not permit
the call to be made. Easy Peasy.
This assumes that all calls from a phone number originate from the carrier
of
On Mon, Jul 08, 2019 at 06:54:51PM -0600, Keith Medcalf wrote:
> This is because DKIM was a solution to a problem that did not exist.
This is correct. We have always known the IP address of the connecting
MTA, therefore we have always known the network it resides in, therefore
we have always
The agenda for the SHAKEN/STIR robocall summit was published today.
Date: Thursday, July 11, 2019
Time: 9:30 a.m. to 3:30 p.m.
Location: Commission Meeting Room at FCC Headquarters
It will also be live-streamed on the FCC web site.
back on track to stir/shaken
would a service provider also need to implement this? or its for the big
carriers to do ?
On Mon, Jul 8, 2019 at 11:17 PM Michael Thomas wrote:
>
> On 7/8/19 7:11 PM, Christopher Morrow wrote:
> > when do we get back to stir/shaken?
>
> that would be nice. i have a
On 7/8/19 7:11 PM, Christopher Morrow wrote:
when do we get back to stir/shaken?
that would be nice. i have a lot of questions about stir/shaken.
attacking a problem statement rfc seems rather bizarre and unhinged to
me. it outlines a lot of the objections i had to p-asserted-identity i
On 7/8/19 6:46 PM, Keith Medcalf wrote:
On Monday, 8 July, 2019 19:28, Michael Thomas wrote:
On 7/8/19 6:24 PM, Keith Medcalf wrote:
You are the only person who has mentioned reverse DNS lookups.
I'm only trying to guess what enlightens your misinformed world.
You claimed that the "root
when do we get back to stir/shaken?
On Mon, Jul 8, 2019 at 9:47 PM Keith Medcalf wrote:
>
>
> On Monday, 8 July, 2019 19:28, Michael Thomas wrote:
>
> >On 7/8/19 6:24 PM, Keith Medcalf wrote:
>
> >> You are the only person who has mentioned reverse DNS lookups.
>
> >I'm only trying to guess
On Monday, 8 July, 2019 19:28, Michael Thomas wrote:
>On 7/8/19 6:24 PM, Keith Medcalf wrote:
>> You are the only person who has mentioned reverse DNS lookups.
>I'm only trying to guess what enlightens your misinformed world.
You claimed that the "root problem" was not knowing who the
t: Monday, 8 July, 2019 19:24
>To: Valdis Klētnieks
>Cc: Keith Medcalf; nanog@nanog.org
>Subject: Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
>
>
>On 7/8/19 6:11 PM, Valdis Klētnieks wrote:
>> On Mon, 08 Jul 2019 17:58:17 -0700, Michael Thomas said:
>&g
On 7/8/19 6:24 PM, Keith Medcalf wrote:
You are the only person who has mentioned reverse DNS lookups.
I'm only trying to guess what enlightens your misinformed world.
Mike
z.com] On Behalf Of Michael
>Thomas
>Sent: Monday, 8 July, 2019 19:12
>To: Keith Medcalf; nanog@nanog.org
>Subject: Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
>
>Jon Callas, Eric Allman, the IETF security geek contingent and even
>me
>disagree with you. rfc 4871 disagr
On 7/8/19 6:11 PM, Valdis Klētnieks wrote:
On Mon, 08 Jul 2019 17:58:17 -0700, Michael Thomas said:
On 7/8/19 5:54 PM, Keith Medcalf wrote:
This is because DKIM was a solution to a problem that did not exist.
::eyeroll:: pray tell, how do you "always" know the identity of the MTA
sending
Jon Callas, Eric Allman, the IETF security geek contingent and even me
disagree with you. rfc 4871 disagrees with you. STD 76 disagrees with
you. Trillions of signed messages disagree with you. Steve Bellovin
probably disagrees with you too since you seem to be under the illusion
that a
On Mon, 08 Jul 2019 17:58:17 -0700, Michael Thomas said:
> On 7/8/19 5:54 PM, Keith Medcalf wrote:
> > This is because DKIM was a solution to a problem that did not exist.
> >
> >
> ::eyeroll:: pray tell, how do you "always" know the identity of the MTA
> sending you a message?
It's more subtle
anticipated traffic volume.
>-Original Message-
>From: Michael Thomas [mailto:m...@fresheez.com] On Behalf Of Michael
>Thomas
>Sent: Monday, 8 July, 2019 18:58
>To: Keith Medcalf; nanog@nanog.org
>Subject: Re: SHAKEN/STIR Robocall Summit - July 11 2019 at FCC
>
On 7/8/19 5:54 PM, Keith Medcalf wrote:
On Monday, 8 July, 2019 18:08, Michael Thomas wrote:
when we did DKIM back in the day, almost nobody was requiring SMTP
auth which meant the providers could say "blame me" via the DKIM
signature, >but couldn't really take much action since they didn't
On Monday, 8 July, 2019 18:08, Michael Thomas wrote:
>when we did DKIM back in the day, almost nobody was requiring SMTP
>auth which meant the providers could say "blame me" via the DKIM
>signature, >but couldn't really take much action since they didn't
>know who has doing it.
This is
when we did DKIM back in the day, almost nobody was requiring SMTP auth
which meant the providers could say "blame me" via the DKIM signature,
but couldn't really take much action since they didn't know who has
doing it. we sort of took a leap of faith that that would happen.
nowadays, almost
Summary:
SHAKEN/STIR does nothing but sign a call by a carrier that can be verified
by another carrier that they signed it. It does nothing to stem Robocalls.
Discussion:
All SHAKEN/STIR does is have the originating carrier of a call to
cryptographically attest, to some degree, that the call
- Original Message -
> From: "Sean Donelan"
> I don't think SHAKEN/STIR really addresses the root problems with
> spoofing phone numbers, anymore than any of the BGP proposals for spoofing
> IP addresses.
>
> Nevertheless, the FCC wants to be seen as doing something. So Chairman
> Pai
51 matches
Mail list logo