On Fri, Dec 20, 2019 at 1:40 PM Michael Thomas <mike@mtcc.com> wrote:
On 12/19/19 9:14 PM, Christopher Morrow wrote:
Plus if it didn't work well/too cumbersome/etc with email, it probably won't be any better with voice. We have lots of experience with what doesn't work for email. I sort of figured that the shaken/stir model that ( i happened to propose in their first meeting) of: "get the originator (handset, ebony phone, call-warehouse) to digitally sign the call initiation, propagate that through the network to the receiver (so they could associate the md5/sha256/cert-signature/etc with an identity, and let the receivers decide: 'Not in my known callers list, no answer'"
was a great plan... that the folk in the room basically didn't understand (or even want me to voice, actually)... It's a shame that something like this wasn't created instead of shaken/stir. You could check the signature at any of the hops, start failing calls earlier as rates of completion didn't stay at some standard level. All sorts of options would be available, and really the callers could be identified (at least by endpoint) more quickly.
oh well. glad we got shaken / stir though? :)
SHAKEN is trying to solve e.164 problem which inherently hard and subject to a lot of cases where it fails. Their problem statement is worth the read if you're interested.
I'll have to go read, I didn't pay attention much to stir/etc after the first meeting when it was made very clear that they really didn't want opionions from outside their group (at that time) or thoughts/ideas that came from outside the bell-shaped-head space. is fine, I had many other problems to solve.
But the reality is that it's a pretty SIP-y world these days, and the proper identity for SIP is the From: address, not the e.164 address. Since From: addresses contain domain names, you can tie identity to the domain itself, instead of trying to make sense of telephone number delegations. It would be trivial to attach a signature to the SIP INVITE's -- we've been doing that for 15 years with email, and then you at least know that the INVITE came from the domain it purports to be from. It works even for PSTN last legs because the PSTN headend can place the From: address in the caller id. Armed with that knowledge, you can filter to your heart's content.
this is sort of what I was imagining, except that the caller's handset (or copper receiver at the end of my ebony phone (in the CO)) could stamp my call with the correct signature for 'me'. Ideally 'number' or 'person face' or 'video dancing hamster' makes no difference here. Oh my handset I see a picture of your smiling face (or randys or even seans...) and I (if I agree that's whom I'm talking to) I click the 'verified' button and now only that sent 'certificate' can pretend to be the person I'm talking to. Setup some call screening system at the telco, people that last can get 'verified' by the reciever.. bob's yer auntie and robo callers go away.
And since we've been told that 5G is a magic elixir that will wash our clothes and dress our dogs, our new phones can just be SIP UA's instead of going through the PSTN nonsense at all.
the think is.. SIP doesnt' matter here.. not really. or I don't care about the carriage, as long as I can say: 'the think I'm talking at on the 'far end' is whom they say they are... verified... no one else can pretend to be that thing/person/etc"
STIR/SHAKEN seems like a solution to a problem whose time is way overdue to be retired.
maybe.